When it comes to paying suppliers, caution is everything. Fraudsters are becoming increasingly sophisticated, and a single oversight can lead to massive financial losses.
This is a cautionary tale of how a university nearly lost $200,000 to a supplier scam—and how a simple verification system saved them from paying the invoice twice.
A Routine Payment Gone Wrong
Geoff Patching – CFO On-Call, working with a large organization, saw first-hand how easily businesses can fall victim to fraud. The accounts payable team was responsible for ensuring payments were made correctly—to the right entity and the correct bank account. However, fraudsters had other plans.
One of their suppliers had been hacked. The attackers gained access to the supplier’s system and began sending fraudulent emails from within the company’s legitimate email account. The emails looked completely authentic, and they contained new bank account details for future payments.
Had the accounts team simply processed the invoice without questioning it, they would have unknowingly sent funds straight into the hands of criminals.
A Convincing Scam
To add another layer of deception, when the university requested verification, the hackers provided a fake bank statement. The document looked legitimate, even showing transactions that appeared to prove the bank account was active and in the supplier’s name.
At first glance, everything seemed normal. But this is where a crucial system saved them from disaster.
How EFTSure Prevented a $200K Loss
Thankfully, Geoff had recently implemented EFTSure for the organisation, a third-party verification service for supplier payments.
When the new bank details were submitted, EFTSure flagged them as potentially fraudulent. This prompted the accounts team to take a closer look.
At that moment, a major red flag appeared—the supplier had already reached out saying they hadn’t received their previous payment. That meant the initial transaction had already gone to the wrong account.
And worse—the next payment was for $200,000.
Because of EFTSure’s warning, the university was able to halt the transaction in time. If they had sent the second payment without verifying, they would have been responsible for paying the invoice again—doubling their loss.
The Importance of Third-Party Verification
This situation highlights a critical lesson for any business: never blindly trust payment requests, even if they appear to come from a legitimate source.
EFTSure plays a crucial role by:
✅ Verifying supplier bank account changes – When a supplier updates their banking details, EFTSure requires proof and makes direct contact with them to confirm the change.
✅ Crowdsourced verification – If another EFTSure customer has already verified the supplier’s details, the system recognizes this and speeds up the process.
✅ Preventing fraud before it happens – Had this system not been in place, the university would have suffered a six-figure loss.
Final Thoughts: Why Every Business Needs a Payment Verification System
This organization had only been using EFTSure for three or four months when this incident occurred—but that short period was enough to save them from a devastating financial loss.
With fraudsters constantly refining their tactics, businesses must implement robust verification processes. Whether through internal checks or third-party services like EFTSure, taking proactive measures can mean the difference between financial security and a costly mistake.
The takeaway? Always verify before you pay. Because once the money is gone, getting it back is often impossible.
Thanks Geoff for sharing this cautionary tale.
