Safeguard yourself against e-invoice fraud

Government of India announced the adoption of electronic invoicing (e-invoicing) from January 2020. Initially, this will on trial, and voluntary, but will in due course be a mandatory requirement for all B2B (Business To Business) invoices.

Though the primary aim of the government is to improve tax compliance, adoption of e-invoicing can bring numerous benefits to both the seller and the buyer. These include reduced payment cycles, quicker input tax credits, better compliance, and lesser clerical errors.

But one benefit of e-invoicing that has not been sufficiently appreciated is that this can prevent fraud and loss to companies due to this.

The first thing to understand is the difference between Invoices send in an electronic format and e-invoicing.

Over the past several decades, email has become the most adopted channel through which Invoices are sent by sellers to buyers. Invoices are prepared in the electronic format such as PDF, Word, Excel or else scanned as an electronic image and these sent as attachments with mail to the buyer for release of payment. These invoices, though submitted in electronic format, are not electronic invoices (e-invoices).

On the other hand, what distinguishes e-invoices is the standard format as specified by the government. Thus e-invoices are required to be submitted in JSON format conforming to a specified schema. These are then submitted to Invoice Registration Portal using the APIs that have already been published by them for the purpose. This, of course, means that specially developed software is needed to submit e-invoices for registration by the IRP.

There are several way where companies have got defrauded while processing electronically Invoices as received through email. These include:-

a) Phishing attack: In this case, the buyer company may end up processing an invoice sent by a fraudster. Here the email id of the sender and the invoice format is made to look as if this is from the regular sender. Alternatively, where the genuine invoice has already been sent, the a phishing email is sent by the fraudster, as in as follow-up, asking the buyer to pay the invoice to a different account than normal. When such tricks are overlooked, the buyer company may end up transferring money to the fraudster’s bank account.

b) Email interception: Here the fraudster would intercept the genuine mail sent by the seller, alter bank details, and then forward the mail to the buyer. Though most buyers may check the bank details, a few may end up transferring money to the wrong bank account.