Fraud 101 for Higher Education Institutions

Higher education institutions nationwide are grappling with endless challenges, including budget cuts, declining student enrollment, dissatisfied faculty and staff, and even closures. Now, institutions face a much bigger challenge: the growing risk of fraud.

Fraud in Higher Education:

Back-office business operations are vulnerable to fraud. In 2021, 71% of organizations were victims of payment fraud attacks and attempts¹. With fraudulent schemes getting more sophisticated, colleges and universities must now also consider the threat of cybersecurity attacks. The growing threat of ransomware attacks prompted the FBI and the CISA to warn that school cybersecurity attacks could worsen in September 2022². By the end of the year, 89 education organizations had been impacted by ransomware, including 44 colleges and universities³.

Why are schools a prime target for fraudsters?

The education industry ranks as the number one sector impacted by fraud⁴. Higher education AP departments are prone to fraud for many reasons, including:

• Publicly disclosed financial records
  • Colleges and universities are at risk because of the need to purchase goods and services from the right person for the best price. Solicitations, bids, and proposals are all publicly listed, making it easy for fraudsters to attack.
• Little to no segregation of duties due because of staffing shortages
• Failure to communicate or enforce policies and procedures
• No anti-fraud programs or training available for staff
• Lack of internal controls

What’s the risk?

Even as little as one fraudulent attack could severely disrupt college or university. A typical fraud case causes a loss of $8,300 per month and lasts 12 months before detection⁵. Besides immediate financial repercussions, the other negative impacts of an attack include:

• Student confidential information compromised and exploited
• Stolen banking information
• Locked systems and network, making it impossible to access data
• Operation  halts
  • If a fraud attack occurs, some are so bad that schools must close for a few days. One ransomware attack last year wiped out Napa Valley College’s webpage. It also maliciously knocked some network systems offline, disrupting email for professors and staff, delayed registration for fall classes, and temporarily blocked financial aid access⁶. Another ransomware attack on Lincoln College was so severe that it propelled the school’s closure after 157 years in operation⁷.
• Possible decline in student enrollment
• Possible decline or full end to funding
• Bad publicity and damaged reputation

What’s the best defense against fraud?

Increasingly more higher education institutions are leveraging the power of artificial intelligence and machine learning with Accounts Payable (AP) Automation to streamline accounts payable processes and enhance security. Here are 3 ways AP Automation helps organizations better mitigate their risk of fraud:

1. Eliminating paper helps you pay vendors more securely

Manual, paper-based accounting processes are costly, time-consuming, and drastically increase the potential of a fraudulent attack. Payment Automation is an effective solution in helping schools mitigate the risk of AP fraud because it eliminates paper checks and provides more secure ways to pay vendors. For example, in 2021, 66% of companies paying by check experienced real or attempted fraud, compared to only 3% when paying with single-use virtual cards⁷. Paper checks are highly susceptible to fraud as they contain vulnerable information that can be easily “washed” and forged by fraudsters.

Award-winning Payment Automation providers also provide Positive Pay for clients, giving them even more protection against an attack. Positive Pay is an automated cash-management service companies use to deter check fraud. Banks use this feature to match the checks a company issues with those presented for payment. Any check considered suspect is sent back to the issuer for examination.

2. Segregation of duties

Higher education institutions process thousands of invoices annually. Without safeguards, teams run the risk of errors and an increased risk of fraud when manually processing paper invoices. Invoice Automation creates a segregation of duties, so one person isn’t in charge of the invoice-to-pay process, and another has the chance to review all AP activity. Best-in-class invoice automation solutions make it easy to simplify workflows and implement tiered approvals for users. This means invoices are electronically routed through all required approvers, eliminating invoices getting lost in the shuffle and removing any guesswork on who an invoice is setting with.

3. Increased security and fraud mitigation

AP automation safeguards payments and helps keep bank accounts safe from fraud. The internal security teams employed by leading AP Automation providers prevent hundreds of fraud attacks against their clients, saving millions of dollars each year. These types of fraud attacks include:

• Business Email Compromise (BEC):  
  • BEC is when scam artists use emails to dupe accounting departments into transferring funds into illegitimate accounts.
• Vendor Impersonation:
  • Fraudsters send fake emails to companies asking for payment.
• Phishing:
  • Fraudsters send a fake message designed to trick a person into revealing sensitive information so the attacker can expose the victim’s device to malicious software, get their credit card information and passwords.
• Conversation Hijacking:
  • A targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts or other sources.

This short overview includes examples of these types of fraud. 

What additional steps can I take to protect my institution?

AP Automation strengthens security, but businesses must conduct quarterly trainings to educate their team on fraud prevention and provide tools to keep them safe. With threats on the rise, it’s no longer only IT’s job to protect an organization. Websites like KnowB4 provide Security Awareness Training to help you manage the IT security problems of social engineering, spear phishing and ransomware attacks. KnowB4 also provides free tools, including the Phish Alert Button, that gives users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure.

Conclusion:

While you are your organization’s first line of defense against fraud, it’s getting increasingly difficult to fight the threat alone. Implementing AP Automation and keeping up to date on security awareness and compliance training can help higher education institutions prevent fraud and add extra layers of security where it’s needed most. 

To learn more about how AP Automation can help protect your school, schedule a demo today.

Sources:

¹Association for Financial Professionals (AFP)

²Cybersecurity and Infrastructure Security Agency (CISA)

³Emsisoft

⁴Baker Hostetler 2021 Data Security and Incident Response Report

⁵Association of Certified Fraud Examiners (ACF)

⁶LegalScoops: Napa Valley College Suffers Ransomware Attack

⁷Malwarebytes Labs: College closes down after ransomware attack

⁸Association for Financial Professionals (AFP)