TT Talk - Mandate Fraud

Essentially the diversion of a payment, mandate fraud is a long standing practice, the existence of which has been exposed in recent years due to a number of high profile cases as well as the proliferation of the use of the internet to facilitate payments.

Whether it be buying stock, payments for freight charges or purchasing operational commodities, such as fuel, the close management of your suppliers is vital. Failure to perform due diligence throughout each such transaction could give rise to significant financial loss, as fraudsters wait in the shadows for the opportunity to strike.

In addition to the direct financial risks associated with mandate fraud, for the freight forwarder such criminal activity can give rise to far more complex situations through the purchase of the carried cargo. The consignee may unwittingly pay funds for cargo into a fraudulent account, which the shipper never receives. In circumstances where the goods are then released against confirmation of a fraudulent wire transfer, liabilities can arise for the freight forwarder. In essence, the cargo has been released without payment.

'Mandate fraud' is where a criminal is able to convince an individual or organisation to amend a direct debit, standing order or bank transfer mandate, by purporting to be a legitimate organisation with whom you trade. The practice affects individuals as well as businesses; since the cost and risk to the criminal is minimal, it cannot be assumed that only large payments are targeted.

"since the cost and risk to the criminal is minimal, it cannot be assumed that only large payments are targeted"


For the majority of businesses the fact that much correspondence is now conducted over the internet, and in particular by email, exposes victims to criminal activity. The method witnessed recently is that the email account of a business is hacked; there is no obvious sign of this being done, so there is no awareness of the vulnerability. The fraudster will then monitor inbound and outbound email content, waiting for a payment request to be made.

Once a payment has been requested the fraudster can intervene. With surprising ease and speed the fraudster will create a new email account which will be an almost exact copy of the source email from the legitimate company requesting payment. In doing so the fraudster may omit only a dot or dash from the original email address; to the unsuspecting eye, the fraudulent email appears to come from a known, trusted source.

The fraudster then provides a spurious reason why the existing bank account may not be used and duly requests that the payment be made to an alternative bank account. In many cases, the slight change in email address is not noticed and the details of the request, appearing to come from a trusted source, are not questioned. The payment is made to the fraudulent account.

The criminal organisations behind such activity employ sophisticated mechanisms and software programmes to distribute the received funds across numerous accounts in a number of jurisdictions almost instantly. The funds are divided into relatively small denominations which afford them a degree of comfort insofar that in any one jurisdiction the authorities are unlikely to dedicate a large resource to trace the funds.

To add to the complexity of identifying such activity and recovering the funds, it is likely that the fraud will not come to your attention until your supplier queries the missing payment. Credit terms may allow a period of up to 90 days, providing a significant window for any fraudster to launder the funds.

Criminals recognise the opportunity presented by particularly busy periods and times when a reduced number of staff maybe in place, such as the approaching holiday season. During such periods, it is reasoned fewer questions are likely to be raised in relation to what could otherwise be considered unusual requests.

Mandate mitigation

Mitigating the risk of mandate fraud is linked directly to both general house-keeping and continuous vigilant due diligence. TT Club recommends that all operators:

• Ensure awareness of the risk exposure throughout your organisation.

• Avoid leaving invoices, credit or debit notes lying around in uncontrolled areas where somebody may be able to record details.

• Always verify changes in financial arrangements with organisations directly through transparent and secure communications channels. Where it is not possible to check verbally (due to distance or time zone), seek to 'triangulate' through other contacts.

• Be prepared to delay payment until you can confirm a revised instruction.

• If you are concerned about the source of an incoming phone call, hang up and call back (potentially from another phone) through the recognised channels to verify the request.

• Check bank statements regularly and report any unusual or potentially fraudulent activity to the relevant authority. Notify your bank immediately if you suspect or become aware of fraudulent activity.

"complacency may be your biggest risk"

While such requests may seem to be rare, complacency may be your biggest risk. Being constantly alert to such requests is important. Taking additional actions - including delaying payment - may, with appropriate and transparent communication, be more acceptable and cost effective than succumbing to fraud. It is all about effective counterparty management.

We hope that you have found the above interesting. If you would like further information, or have any comments, please email us, or take this opportunity to forward to any colleagues who you may feel would be interested.

We look forward to hearing from you.

Peregrine Storrs-Fox

Risk Management Director, TT Club

Staff Author

TT Club