Bill Pay Fraud
Overview
With Ramp’s Bill Pay feature, we make drafting, approving, and paying bills easier than ever. Unfortunately, this convenience can also attract fraudsters to attempt to steal information or money. Understanding the types of fraud associated with bill payments can help you recognize potential threats and take steps to secure your payments.
How Ramp flags potential fraud
Automated fraud detection
- Ramp scans every draft and bill to detect potential fraud before you make payments.
- Our AI-powered system analyzes dozens of risk factors including vendor authenticity, payment details, invoice patterns, and unusual activity to identify suspicious invoices that could be fraudulent.
- When potential fraud is detected, you'll see clear alerts on the bill highlighting specific concerns — such as new or changed bank account details, unusual invoice amounts, or vendors that haven't been verified across our network.
- When generated, these alerts will be colored yellow (medium severity) or red (high severity). This aligns with the score of our model , where red alerts are associated with a higher likelihood of fraud than yellow.
Fraud alert resolution & audit trails
- If an alert is triggered, we recommend you double-check with your vendor through a separate communication channel before proceeding with payment, to help you avoid fraud losses from social engineering attacks and business email compromise schemes.
- Read more below: How to protect yourself
- If you determine that the invoice is:
- Fraudulent: you can delete the draft, or reject / archive the bill depending on which stage of the bill lifecycle the alert is triggered.
- Not fraudulent: when you proceed with creating or approving the bill, we'll prompt customers to add a reason for dismissing the alert for high severity (red) alerts, and this reason will be added to the bill's activity tab.
- For both types of alerts (yellow and red), we create an audit log to indicate an alert trigger and the user who "dismissed" the alert and moved forward with draft creation, bill approval, or payment release.
How to protect yourself
1. Verify payment instructions
- Always confirm payment instructions directly with vendors or suppliers using a verified phone number, especially if account details change.
- Ensure employees have verified the source of the invoice before clicking on links or downloading attachments.
- Use a different channel than the one from which instructions were received (don’t reply to the same email or call back the same number).
- Be wary of urgent payment requests or unusual changes in standard payment practices
2. Educate employees
- Train staff to recognize phishing emails, spoofed domains, and social engineering tactics.
- Emphasize the importance of verifying invoices and double-checking payment details.
3. Secure communication channels
- Use encrypted email or secure portals to share sensitive information.
- Limit who can access financial systems and payment platforms.
4. Implement multi-factor authentication (MFA)
- Require MFA for all financial accounts, payment systems, and email to add an extra layer of security.
5. Configure an approval policy
- Direct payments through multiple lines of approval to enhance security. See Bill Pay approvals for setup instructions.
6. Utilize the Ramp Vendor Portal
- The Ramp Vendor Portal streamlines payment management for vendors by providing a central platform to track payment progress, manage receivables, update company details, and maintain bank account information for Ramp Bill Pay transactions.
- This can ensure you are dealing with a proven legitimate vendor, but use secure communications channels, as mentioned above, to be certain you are inviting a true vendor.
Types of fraud
1. Vendor business email compromise (BEC)
Learn more about BEC from the FBI's common fraud guide.
BEC is one of the most common and damaging types of fraud impacting businesses.
- How it works:
- Fraudsters gain access to the email of a trusted contact, either through phishing or malware.
- It could be the email of your vendor/supplier or your colleague/boss.
- They can:
- Intercept real invoices and modify the bank account details before forwarding the message to the payer.
- Request via email that payment instructions be updated.
- Create fake invoices.
- Payments intended for legitimate vendors are rerouted to the fraudster’s account.
- Fraudsters gain access to the email of a trusted contact, either through phishing or malware.
2. Social engineering and phishing
Learn more from the FBI's phishing and spoofing guide.
Phishing schemes are common in Bill Pay fraud. Fraudsters trick users into revealing sign-in credentials or other sensitive information.
- How it works:
- Fraudsters send emails or texts that appear to be from legitimate financial institutions or payment platforms.
- These messages direct users to fake websites designed to capture sign-in credentials or payment information.
- With this information, fraudsters can access accounts and initiate unauthorized transactions or send fraudulent payment requests.
3. Vendor spoofing
Learn more from the FBI's phishing and spoofing guide.
Bad actors can impersonate vendors or colleagues and then create, intercept, or manipulate payment instructions to redirect funds to their own accounts.
- How it works:
- The fraudster sends an email from what appears to be a legitimate source, like from a vendor or colleague, but uses a slightly altered email address (e.g., @vend0r.com instead of @vendor.com ).
- They request urgent payment (for example, for an unpaid membership renewal) or provide new account details for future invoices.
- These emails often use official-looking logos and professional language to avoid suspicion.
- These emails can even contain fake responses from another trusted source instructing or approving the payment.
- These can also look like a combination of BEC and Spoofing if the bad actor creates a similar email, such as [email protected] instead of [email protected] .
Act quickly if compromised
Notify Ramp Support immediately if you suspect you have sent funds to a fraudulent account. File a complaint with the FBI’s Internet Crime Complaint Center for all confirmed cases.