Essential Skills for Vendor Team Members To Combat Today’s B2B Payment Fraud

March 5, 2025

Share

48
45 min
This episode is a must-listen for AP, Procurement, and Vendor Management professionals looking to strengthen their fraud defenses.
Debra Richardson
Debra Richardson
Grace Chlosta
Grace Chlosta, Content Manager, IOFM

B2B payment fraud is more sophisticated than ever, making the Vendor Setup & Maintenance function a frontline defense for organizations. In this episode, Grace Chlosta sits down with vendor and fraud expert Debra Richardson, to break down the latest fraud tactics and the essential skills every vendor team member needs to stay ahead. You’ll learn about the latest fraud trends and why traditional red flags are disappearing, how deepfake technology, email compromise, and search engine scams are evolving, and tips for upskilling your team to meet today’s security demands.

Fraudsters aren’t just sending suspicious emails anymore – they’re infiltrating vendor inboxes, altering phone records, and more. This episode is a must-listen for AP, Procurement, and Vendor Management professionals looking to strengthen their fraud defenses.


Debra Richardson

Debra is an Accounts Payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies including Verizon, General Motors, and Aramark.

For ten years, Debra has focused on Global Vendor Maintenance, and implemented a vendor self-registration portal for 140k+ global vendors across five ERPs. In her consultancy, she focuses on authentication techniques, internal controls and best practices to prevent fraud in the vendor master file.

Debra now focuses on helping accounts payable teams protect the vendor master file from fraud. She has a weekly blog and hosts a weekly podcast: “Putting the AP in hAPpy” and is the Co-President of the Central Atlantic Region IOFM Chapter.


Grace Chlosta
Content Manager, IOFM

Grace Chlosta joined the Institute of Finance & Management (IOFM) in 2022 in a new role for the team as the Content Manager. She is responsible for the planning, organization, development, and implementation of all the content for IOFM’s digital products and (virtual and in-person) events. Grace is committed to ensuring that IOFM’s content stays timely, relevant, and actionable for all financial operations professionals, and works closely with a team of content developers, industry leaders, and subject matter experts to guarantee this happens.

Subscribe Today

Listen below and subscribe on Apple Podcasts today.

b65d517b-5d22-47a4-b892-eac317be49e6.png.small.300x300.png


Transcription

Grace Chlosta: Welcome to the IOFM podcast. This is a podcast for accounts payable and accounts receivable professionals who want to stay in the know with current AP and AR trends and ideas. We'll be interviewing professionals in this space on a wide variety of subjects, including automation, artificial intelligence, career growth, compliance, leadership, and much more.

Today, we'll be interviewing Debra Richardson. Debra is an accounts payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies, including Verizon, General Motors, and Aramark. In her consultancy, she works with vendor-onboarding teams to add authentication techniques, internal controls, best practices, and vendor validations to prevent fraud, fines, and bad vendor data. 

00:00:58

A Certified Fraud Examiner (CFE), she is the President of the Central Atlantic Region IOFM Chapter, and IOFM's "Ask the Expert" for Vendor Masterfile. She hosts a weekly podcast, "Putting the AP in hAPpy," and has a YouTube channel where she posts weekly tips on the vendor setup and maintenance process. She'll be interviewed by me, Grace Chlosta. I joined IOFM in 2022 in a new role for our team as the content manager. I'm responsible for the planning, organization, development, and implementation of all the content for IOFM's digital products, and virtual and in-person events.

I'm committed to ensuring that IOFM's content stays timely, relevant, and actionable for all financial operations professionals, and I work closely with a team of content developers, industry leaders, and subject matter experts to guarantee that this happens. 

Hi, Debra, and welcome back to the IOFM podcast. We're so happy to have you here with us today. 

00:01:50                     

Debra Richardson: Thank you, Grace, and thanks for inviting me back. I love coming on the podcast, because I love just talking about the vendor setup and maintenance process, avoiding fraud, fines, and bad vendor data.

Grace Chlosta: Yeah, absolutely. We love having you. As many of you know, Debra is our go-to expert on really all things fraud and vendor master file. If you've ever attended one of IOFM's conferences, you know that Debra is an amazing speaker and always has innovative and actionable content to present and for us to absorb. She's also one of our top experts on our "Ask the Expert" forum and hosts regular podcasts, I would say, and webinars for us, which can all be found on IOFM.com. I mean, you do a lot for us Debra. Does that about cover it?

Debra Richardson: Yes, it does. And I will tell you – you talked about the "Ask the Expert." Most of the questions I get is all about how to avoid fraud, so I'm really excited for today's topic.

00:02:50                     

Grace Chlosta: Yeah, absolutely. We're going to be talking about essential skills for vendor team members to combat today's B2B payment fraud, which is obviously very, very timely. We know why it's so crucial for vendor team members, whether they're in accounts payable, procurement, or their own department, to be vigilant against B2B payment fraud. Can you outline the current trends so that we can all kind of just get on the same page?

Debra Richardson: Yeah. I hate to just repeat it, but it's very true, but it gets repeated all the time because it is very true: Fraudsters and their fraud tactics are always evolving.

Two years ago – I like to use this analogy – a board member – and I kid you not – of a Fortune 500 company said, when they did have a fraud, "It should be obvious." That was two years ago, and it wasn't even obvious then. 

00:03:51

But there have been so many advances and evolving of the fraudsters, it's just hard to detect fraud now. So here is what the [unintelligible] team members, accounts payable team, or procurement or wherever the vendor function is housed – here's what they're up against related to business email compromise, which is what we think of when we think of B2B fraud, because it all involves updating or changing payment details. 

So here are some things that they're up against now. First of all, 15% of fraudulent emails are just getting through. You can say that's a good thing, right, 'cause your IT teams, fraud or email filters and other strategies they have enabled, that's saving 85% fraudulent emails getting through your inbox, or getting through everyone's inbox, so you don't have to deal with those. 

00:04:58

But you do still have to deal with the 15% of fraudulent emails because some are getting through, and the fraudsters are getting really good at playing tricks to get those emails through, for example. Grace, I don't know if you've ever seen anything like this, but you'll get – or the fraudsters will send an email through first to say, "Hey, I have a question. Are you at your desk?" 

Grace Chlosta: Oh, yeah, sure.

Debra Richardson: I mean, something like that so that you have to respond. Once you respond, the IT team doesn't want to be responsible for not letting that already-in-progress email exchange be the result of some bill not getting paid, so they're going to let that next email go through that may have been caught by their email filters, just because it's already an in-flight conversation.

00:06:00

Of course, when you or I or AP team, vendor team, responds to that, now they're going to send that request that maybe has that fraudulent attachment on it, so they play games like that. 

Also, the next thing is that red flags – those are just gone from email. I mean, yes, there are still lazy fraudsters out there that are going to have that extra letter in the email address, but it's not necessary today. Fraudsters are in your vendors' actual email inbox. They're sending requests. And not just your vendors' email. You know that external email indicator that we all have? And if you get an internal email or an email from an internal team member, it doesn't have an external email indicator on there, right?

00:06:52

You used to get the warm fuzzies from that. Nope, you can't do that anymore because that email that is from your "internal employee" may not be because the fraudsters have long known how to write code to remove that external email indicator from their external email, because they are impersonating your internal employee. So they know how to remove that external email indicator. And I'm not saying you don't need it; I'm just saying that you need to look at other red flags in the email, even when you don't have an internal or an external email indicator when you're getting that email from your internal employee. 

00:07:42

And then let's see, what else? Oh, when you jump on a call or a videoconferencing platform to verify or confirm a request to change vendor banking or make some type of payment, the video and audio are deepfaked. We've seen that with that $25 million call, when supposedly multiple internal team members jumped on a call with a finance employee, and it turned out all of that was deepfaked. 

And then we heard about – and actually, it was back from 2020, but we heard about that $35 million fraud, where the audio was deepfaked to a finance employee. The deepfake was of – I think it was their director or someone, but they knew the person. The finance person knew that person that was in that position, and was still fooled by the deepfake, and this was back in 2020. 

00:08:44

This is now 2025, so you've got to know the technology has improved. So it's just hard to identify when there is a deepfake. It's just getting harder to do that. 

Speaking of trying to identify and maybe put some internal controls in place, you know that confirmation call that is supposed to be the silver bullet? But if it was a silver bullet, we'd probably have no fraud. You and I wouldn't even be doing this podcast today. [chuckles] But that confirmation call is not the silver bullet at all because the fraudsters know that we make that call. They know that everybody depends on it, and so they found a way around that, too. 

So the phone number that you or someone on the vendor team or the procurement team or the AP team – they're making that phone call to verify, let's say, a change in vendor banking, but that phone number that's being used was changed by a fraudster two weeks before. 

00:09:54

What they're doing is, before they send that request to make that change, they are sending a request to change the contact information weeks before. And if you don't have technology or something that can combine or that could connect the two requests, that's hard to see. And it's made worse by fraudsters buying ads on Google to get in the top results, because I know a lot of you – and I've heard that before. A lot of the listeners are probably Googling, trying to find the right number to call, so they're not using the information in the email, which is good. You don't want to use the information in the email, because that could be fraudulent, but trying to search that information on Google or another search platform doesn't always mean that you're going to get valid information there, because the fraudsters are buying ads.

00:10:53

They get to use the SEO training that they all have and the budget that they've used from pilfering funds to get in the top results, so when you go to search, or a listener goes to search, for that vendor's information to make that confirmation call, you could be going to or getting the fraudsters information anyway. 

And another thing I learned – that was, what, a year ago, a year and a half ago. It was at one of the IOFM conferences, and I talked to one of the AP folks that I had met before, and they were saying that they can't even get AR information on their vendors, like who to call, because they're taking it off their website because they, themselves, are trying to avoid fraud. So it's getting harder, right, to make that confirmation call – not that it's not doable; it's just getting harder. In my view, you really need to surround that with other internal controls. 

00:12:00

And then lastly, I know vendor self-registration portals are good. It can help to avoid fraud [and] bad vendor data. I've implemented those in the past, too. Nothing wrong with them, but the problem, as far as fraud is concerned, is that fraudsters can access them, too, especially when you have vendors that still reuse the same username and password to access that portal that they use for other platforms that they may have been tricked into giving to the fraudsters. That's the goal of many of the phishing emails is to get that sensitive data. 

00:12:49

Nowadays, large language models, like ChatGPT that can help us – now, ChatGPT, if you ask it to give you a carefully orchestrated, very believable, error-free phishing email, it probably will not do that, although I have seen some prompts that can get around it. Fraudsters don't even need that. They have their own malicious LLMs. They've got FraudGPT, WormGPT, and then two new ones I just learned about called BadGPT – so that's in the name – and then GhostGPT is another one, which is just another whole point. That could be another whole podcast. AP and vendor teams may not have access to AI tools to help them to be more productive, but the fraudsters sure do, because now they can send that phishing email that doesn't have any of the typical red flags, like errors in grammar or errors in context. They look perfectly fine.

00:13:59

So lots of fraud strategies, again, that are always evolving, improving, that are making the job of whoever has the task of vendor setup and maintenance, just making it more difficult. I will go as far to say that this position is really no longer a low-level, get-your-foot-in-the-door position that I think it has been. Hopefully, the listeners have noticed this and maybe some of them, sometimes about it, too. I know I tried, when I was still a practitioner, and I was successful for the most part, but it was an uphill battle because that was a get-your-foot-in-the-door position. And I think with today's fraud that's just no longer sufficient.

00:14:58                     

Grace Chlosta: Yeah, I mean, it's definitely scary, obviously, to hear that they're getting smarter, and it's going to just take a bit of a different skillset. So what skills would you be looking for if you were still over in AP or procurement for that specific position?

Debra Richardson: Yeah, so I have five. Let me just say, it could definitely be more than five, right? Every company is different. I will tell you, too – so I talk about five, and I wish I could remember what the platform was, what the name of the test was, but prior to – a couple of positions before I joined a Fortune 500 company in the vendor setup and maintenance role, I was with a smaller company, and worked very closely with the HR team. They offered us the ability to identify, using whatever test they had. It wasn't the Myers-Briggs or something like that, but it was some type of personality test that you could identify what – or the HR person let all the managers identify the perfect type for their section.

00:16:15

I had all of AP at that time, so I worked with the HR professional to identify all of the different personality traits that I would need for that position. Again, I wish I could remember what it was, but I can't, so it's probably more than five, but these are the biggest five that I think are most important. The fifth one, I think, is the most important to avoid today's B2B fraud. And then also there is one that I left out that you might be surprised, but we'll talk about that after the five. 

00:16:57

All right, so the first one is communication. And you may think, well, everybody needs communication, but what I really mean by that is being able to communicate well, but also communicate with authority because – and we've all been there. I'm sure the listeners have, too, where you have these requirements, let's say, to set up a vendor. You need a W-9. You need a vendor setup form. You need banking on banking letterhead. And then all of a sudden the vendor or the internal team members – because sometimes they could be worse than the vendors – will come back and say, "Hey, you don't need a W-9. They're only going to get $599.99," even though they may not even know what the total payment for the year would be. 

00:17:50

This might be – what are we in now? February, right? So you're setting up a vendor now. You expect to only pay 'em a certain amount, but then, by the end of the year, costs have overrun [or] you needed something else. And now all of a sudden you're over that threshold that they said you didn't need to collect the W-9 for because you would be under it. 

So you need to make sure that you have someone that can not only communicate what is required and why, but you also need to have someone that can do it with authority so that, when they push back – and they absolutely will – you'll have someone that can stand the ground and won't say, "Oh, okay, well, we'll do it just this time," because that "just this time" could be a fraudulent request, even if you're getting it from internal team members, because you never know where they got that information from. That could've come from Crook.com. They could've been social engineered. 

00:18:54

So you need someone that can communicate what is required, but then also communicate that with the authority to make sure that you get what you require. 

Grace Chlosta: Got it.

Debra Richardson: Yeah, so I think that is very important. And I will just say, when I was an AP senior manager, there were quite a few times, unfortunately, that I had to reach out to internal team members or their managers or supervisors because they would not take – they did not want to follow the rules because, in their book – and they're never going to be charged with fraud if something happens – we should be able to quickly do something.

00:18:54

I always say – because I'll remember forever this one internal team member told me, "It's just a simple name change." [laughter] Nothing's a simple name change. You have to have someone communicate that with authority. 

And then the next one is problem solving, because, if something happens, you really need to be able to analyze those requests and that data to determine the root causes of that issue. And one of the things that learned early on, and I'm sure many listeners have heard this, too, is that when it comes to problems, you should not – the best thing to do is not to have anybody else tell you that it's a problem. Have a built-in way to find the problem, and then, once you find the problem, figure out how it happened. And then, lastly, put something in place to ensure it won't happen again. 

00:20:52

And so you need someone with those problem-solving abilities to go back, analyze the request, analyze the data, and determine how that really happened. That's really important now because, again, the fraudsters are always evolving. And so if you have to go back and look at where that telephone number came from, now you're going to go back and find that email request that came to change that telephone number before the subsequent email, the next email, came to change the bank account information. So we really need someone that's able to dig down deep and find those root causes, so communication and problem-solving. 

00:21:45

And then the third one is tech savvy. That's probably something that everyone has already noticed, because nowadays folks are working with multiple accounting systems and ERPs, multiple AP automation platforms. Some of them are integrated. Some of them are not. So you need that tech savvy to be able to deal with those. You also need tech savvy in supporting software, like Microsoft Excel or Google Sheets.

I will tell you, too – I love telling this story. My former boss – and of course we were at a Fortune 500 company, Fortune 15 company even, and so we had lots of third-party providers, right, always coming around, asking questions. And they would always ask her, "What ERP system are you using?" And she would always answer "Microsoft Excel" because we were always exporting all this data, all these queries, out of the ERPs and then turning them into something that we wanted or we needed to report on or to work with. 

00:22:59

And so you do need to have that type of techy savvy. The good news is, though, nowadays Microsoft Excel, Google Sheets, you have some AI tools that you would put in or that you can use within those spreadsheets so that you can just make it a little bit easier to work with them, so that part's good. So, again, tech savvy is needed for that, too. 

And then, of course, implementing a portal (or other tools) to manage requests, to make sure that everything is organized. I will tell you, I learn a lot from AP teams, vendor teams, especially when I meet 'em in person at conferences, or when they ask questions on webinars. It's really great. 

00:23:51

One of the things that I learned is that some teams are implementing tools like smart sheets. It's like an Excel spreadsheet on steroids to manage vendor setup and maintenance requests so that they can track them. It could be done in other tools as well, but if you do not have a vendor self-registration portal, if you're getting all of your requests via email, it may be great to have some type of a different tool so that you can manage service requests. Having someone that is tech savvy that can go and find different options to review and then determine a final option that you're going to implement, that can be important. And so tech savvy is definitely one of the skills that I think is needed for anyone in the vendor setup and maintenance space. 

00:24:54

And then two more. So the fourth one is continuous learner, right, because you have to keep up with fraud trends. They are always expanding. Not only that, but regulations, like IRS regulations, are always changing. So you need someone that is going to seek out those trends and those changes that are always happening, and just keeping up-to-date with those. What's the best way now to do this? What's the best way now to do that? How is someone else doing it? Even though you might not be able to transfer it and use that exact process, there may be things in what they're doing that might help what the team or what their team is experiencing now. 

00:25:47

So you do need someone that is that continuous learner. And Grace, IOFM has certifications out there, and continuous learning is important for that because you have to keep up. You have to earn CEUs every year in order to keep that up, because, again, AP trends, vendor setup and maintenance trends, fraud trends, IRS regulations, state-level regulations, they are always changing, and you need to be able to keep up with that. 

Grace Chlosta: Absolutely.

Debra Richardson: All right, so that's the fourth one. Now, the fifth and most important one that I think anyone that works in the vendor setup and maintenance space – and probably AP, too – is that they are process driven. They are good at creating and/or following a process from end to end. The reason that I say that it's most important is because that's how you're going to catch fraud.

00:26:52

Since fraudsters are evolving, that fraudulent email may not be recognized as fraud, right? So it's going to get through. The only thing that is going to stop it is that you have a process in place that, at some point, is going to recognize that request as a fraudulent request, and so you're going to need to have that process. 

Not only that, you're going to need someone – the same way that I talked about. They need to communicate well and with authority. They need to make sure that they are following that process and not straying from the process because they were asked. If they get that email from their "CEO" that says, "Hey, can you make this change?" Or, "Hey, can you pay this vendor?" the answer is going to be, "No. You have to follow that process." 

00:27:56

I know that's a hard thing to say because our cognitive behavior – if we get an email from someone that we consider an authority, our first reaction is that we want to please them. We want to show them a great experience. But you have to have someone that's going to say, "Hey, we need to make sure that we follow that process." 

Grace, I don't know if you heard about this one fraud that was thwarted. A finance worker at Ferrari  –

Grace Chlosta: I don't think so.

Debra Richardson: Yeah, so I love telling this one because the finance worker – and I always say "finance worker" because I can never remember anybody's actual role [laughter] because everybody's different.

00:28:45

But the gist of it is that this finance worker got a call from their CEO, I believe it was, of Ferrari, and was asked to make a change to a payment, or send a payment to this vendor. It was a call on the phone. What this finance worker said saved them – what he said was, "Sorry, Benedito," I think that was his name, "but I have to identify you." 

Even though that was a high-level position that called, or supposedly that was on the phone, the process was that when you are speaking with someone on the phone, you have to identify them. The same way that your bank asks you identifying questions [to] make sure you are who you say you are, you might have to do that (or you should do that) with your vendors, and also with your internal team members if they're calling you outside of a company platform. 

00:29:59

So if they're calling on their cellphone or you can't recognize, or you just can't recognize where they're calling from, or you just think that something is suspicious, ask them some identifying questions. 

Now, in that case, it was very interesting because they knew each other. Weeks before, they had talked about – they were in person somewhere and one had recommended a book to read to the other. And so the identifying question was asking about that book. The good news is that the whole goal of all these fraud things you're putting in place – internal controls, best practices, vendor validations, authentication techniques – is to make that fraudster go away. 

00:30:52

I bet that you can imagine how fast that fraudster hung up the phone when they didn't know the book that had been recommended. I think that's a great example for, number one, being process driven, and also having a great communicator that had the authority, that did not succumb to the cognitive behavior when an authority figure contacted them. They stood their ground. They followed the process, so I really liked that. 

One of the two things that kind of fall under this, that I learned from a recent business email compromise scam – it was the normal scam where a fraudster got actually into the vendor's actual email, sent a request to make a bank change to all of the vendor's buyers that owed them payments. And then, of course, the payment was made and it went to the fraudulent account. 

00:32:06

What's funny about that is the vendor sued the buyer because they didn't get paid, and then the buyer turned around and sued the vendor because they had already made the payment and they claimed that the vendor didn't safeguard their systems, which caused them to make that fraudulent payment. 

One of the two thing is learned is that it could've gone either way. In that case, the judge did side for the vendor, and the buyer had to make, in this case, a couple payment: once to the fraudulent account and once to the real vendor. 

00:32:57

I learned that it could've gone either way, that the buyers, you do need to follow your process. That was one of the things that the judge said and one of the reasons why the decision was on behalf of the vendors: because they didn't follow their process. So you do need someone that can follow the process that's put into place. 

And then the other thing I learned from that is, again, it could've gone the other way because the judge did indicate that the vendor needed to make sure they safeguarded their systems. 

So, good things to know from a recent business email compromise scam that actually went to court. It could've went either way, but, in this case, because the buyer didn't follow their own process, it was against the buyer. 

00:33:52

So those are the five things. And I am sure there are other things that the listeners – and maybe you, too, Grace – might see that could be important, might be unique to your company industry, might be, "Debra, duh. You forgot this." But those are the things that immediately come to my mind, to make sure that you are avoiding B2B payment fraud. 

Grace Chlosta: Yeah. I think that's really comprehensive. That's a great list. I think that really kind of encompasses everything that you should be looking for, absolutely.

Debra Richardson: And I know I've got some people going, "Hey, you didn't say this one thing" that I intentionally kept out. That was attention to detail. And let me just tell you that I took that off my résumé a long time ago, I actually took it off too late. I waited too late to take it off because, again, attention to detail…

00:34:54

But I will tell you that it's much easier – instead of waiting for someone to have that eagle eye, or expecting someone to have that eagle eye, to find that fraud in an email, that may not even be there because of today's tools. It's just much easier to build into your process multiple reviews, those things that are going to catch the fraud that's outside of relying on someone to always, 100% of the time spot that fraudulent email, because it's just not going to happen, right? Especially in accounts payable and vendor setup and maintenance, procurement, we all get so many emails on a daily basis that that 15% actually turns out to be quite a bit. 

00:35:51

If you just multiple the number of emails that you get on a daily basis, a weekly basis, a monthly basis, by 15%, that is a lot to be able to spot. Yes, you're going to spot the ones with the lazy fraudsters that have the spoofed email or that have some grammar issues, but many fraudsters, with today's tools, that may not even be a part of what is still a fraudulent email. 

The best part is to… It's great to have attention to detail, but don't rely on it; put processes in place that will find that fraud event before it turns into a fraudulent payment. 

Grace Chlosta: I think that's great advice. I think that a lot of people also probably have teams that are already in place, or maybe folks that have been in this role for a long time that may be hearing this now and realizing that maybe their current team members may need some upskilling to get to this level that you're talking about. What would you say to those folks? What tips would you give them to kind of help their current employees who may be in these roles, who need some help in that department?

00:37:04                     

Debra Richardson: Yeah. Again, none of these skills are low-level skills. I would argue that these positions were never get-your-foot-in-the-door, low-level positions. But for those that are in that function now, how to get that upskilling to make sure that you're process driven, that continuous learner, tech savvy, problem solving, communication to make sure you're honing those skills. I'd say, start now and start with certifications and training because they will typically have the most up-to-date of what we know today of how to avoid fraud, how to keep that vendor master file clean, what the current IRS regulations are for this year or for this week.

00:37:59

It's great to make sure you're keeping up with – you're getting those certifications and then getting that incremental training, because you're going to need it anyway to keep your certifications up-to-date, to get that in. 

The other thing, too, is I think everyone just needs to review their whole process. Again, I get a lot of questions in about how to avoid fraud, and everyone wants that one magic bullet that's going to avoid fraud, whether that's that confirmation call or bank account ownership validation. That could be a whole other podcast about why that's not the silver bullet. It's still good. The confirmation call is still good. But neither one of those are the silver bullet, so you need a process of internal controls, best practices, authentication techniques, vendor validations, to surround it so that if it does work, that fraudulent request will be identified before it turns into a fraudulent payment. 

00:39:10

I think reviewing the whole process is sometimes underrated because everyone wants that one thing that's going to help them, and it's never that one thing. Getting your team members, upskilling them with certifications and training will help them to review the whole process and then fill in gaps with what they learned during the certification process and the training. 

I will say, too, you may have some current team members that are performing these duties that – we all have those team members that just want to come in, get their work done, and then go home. There's nothing wrong with that. Sometimes we work in volume. Things are in volume and you do need those folks to prepare for that, or to work in those areas. 

00:40:11

In the vendor setup and maintenance space, when you're dealing with vendor adds and changes, it might be that you may need to move some of your team members to more appropriate work. 

Grace, I had a team member that I just absolutely loved. The person worked well with everyone. They were very pleasant to be on the team. They came to work every day. They got their regular time off and they took it and everything was fine. There wasn't any attendance problems – just great. 

00:40:52

But, as we all tend to have, there are those helpful team members that just want to be so helpful to everyone, so when someone – at the time, I don't remember what platform we used. It wasn't Slack. It was something else. But someone IM'd this person and asked for a change of vendor banking – and they were very helpful and they changed it. 

Very helpful, very kind, very nice person, but that's not the type of process following that is needed. Luckily, it was a big department and we could find another, more appropriate role. So you may need to do things like that, or work on upskilling your team member. 

00:41:58

And then, lastly, I would say, when you're done with all of that, ask to move your team up. And what I mean by that is we talked before about how I don't think they're lower-level employees. I never thought they were. And so when I was a practitioner, I worked with my finance director and VP and HR person to reflect the new responsibilities, the new skills, essential skills that were now required for that position, and I was able to eliminate that lower-level designation or lower-level position from the vendor setup and maintenance team. Everyone that was in that position, I was able to move them up to the next level. So that was something that it took a while to do, but if any of the listeners have that issue, look at what is required to move your team up, to move the positions up, because I will tell you, if you're avoiding fraud now, you may have some that have these skills, and they need to be recognized. 

00:43:14

You definitely don't want them to take those skills somewhere else, where it's not a get-your-foot-in-the-door position. You want to make sure that they know that the work that they are doing is higher level, and you want to reflect that. So I think that's something that was important that I did, and that is also something that you may be able to do, or the listeners may be able to do at their company as well. 

Grace Chlosta: Yeah, I think that's great advice. Just kind of to finish this off here, what would you want to leave listeners with on this topic, any last comments or advice that you can give?

00:43:57                     

Debra Richardson: Yeah, so I think the vendor setup and maintenance function, no matter where it is – whether it's in accounts payable, whether it's with procurement, whether it's with its own group – is just critical to avoiding B2B payment fraud, right, because you can't change remittance details, redirecting legitimate vendor payments, without this team. So I think it's very crucial to find the right team members with the essential skills, or upskilling to those essential skills that your company needs to combat B2B payment fraud.

Grace Chlosta: Amazing. Thank you so much, Debra. It's always such a pleasure to have you on the podcast, and just to chat with you. We will talk to you again shortly, I'm sure. Thank you so much for being on today.

00:44:45                     

Debra Richardson: All right, Grace. Thanks for having me again. Love coming on.

Grace Chlosta: We'll talk to you soon. Thank you. Bye.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

AP CertificationPP-OC_seal_APP_outline.FNLReceive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

AP CertificationPP-OC_seal_APP_outline.FNLReceive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.

Subscribe to our Monthly Insider

You may unsubscribe from our mailing list at any time. Diversified Communications | 121 Free Street, Portland, ME 04101 | +1 207-842-5500