Safeguard yourself against e-invoice fraud

In E Invoicing by Anandkumar S Nair


Government of India announced the adoption of electronic invoicing (e-invoicing) from January 2020. Initially, this will on trial, and voluntary, but will in due course be a mandatory requirement for all B2B (Business To Business) invoices.

Though the primary aim of the government is to improve tax compliance, adoption of e-invoicing can bring numerous benefits to both the seller and the buyer. These include reduced payment cycles, quicker input tax credits, better compliance, and lesser clerical errors.

But one benefit of e-invoicing that has not been sufficiently appreciated is that this can prevent fraud and loss to companies due to this.

The first thing to understand is the difference between Invoices send in an electronic format and e-invoicing.

Electronic Fraud and Electronic Invoicing

Over the past several decades, email has become the most adopted channel through which Invoices are sent by sellers to buyers. Invoices are prepared in the electronic format such as PDF, Word, Excel or else scanned as an electronic image and these sent as attachments with mail to the buyer for release of payment. These invoices, though submitted in electronic format, are not electronic invoices (e-invoices).

On the other hand, what distinguishes e-invoices is the standard format as specified by the government. Thus e-invoices are required to be submitted in JSON format conforming to a specified schema. These are then submitted to Invoice Registration Portal using the APIs that have already been published by them for the purpose. This of course means that specially developed software is needed to submit e-invoices for registration by the IRP.

There are several way where companies have got defrauded while processing electronically Invoices as received through email. These include:-

a) Phishing attack: In this case, the buyer company may end up processing an invoice sent by a fraudster. Here the email id of the sender and the invoice format is made to look as if this is from the regular sender. Alternatively, where the genuine invoice has already been sent, the a phishing email is sent by the fraudster, as in as follow-up, asking the buyer to pay the invoice to a different account than normal. When such tricks are overlooked, the buyer company may end up transferring money to the fraudster’s bank account.

b) Email interception: Here the fraudster would intercept the genuine mail sent by the seller, alter bank details, and then forward the mail to the buyer. Though most buyers may check the bank details, a few may end up transferring money to the wrong bank account.

To avoid such frauds companies that used to send a receive invoices through email had to incur additional expense for encryption and security.

Share this Post

About the Author

Anandkumar S Nair

Advisory Consultant (Digital Products & Services). Anand S Nair comes with extensive hands-on experience in the software industry. He has proven track record in SAP & Non-SAP platforms. He has gained technology expertise with Oracle & other client-server technologies too. Anand supports & leads IVL, as the Advisory Consultant for Digital Products & Services.