Introducing Bectran Intelligence Lab — AI tools for credit, risk, and collections.
Explore the toolkit →%20copy%201.svg)
Evaluating a new business customer usually focuses on one practical question: does this company have the financial stability to pay its invoices on time? Credit teams spend hours reviewing financial statements, checking trade references, and analyzing payment histories to answer it.
There is now a second question that's harder to answer: is this applicant actually who they say they are?
B2B credit risk is no longer limited to late payments, bankruptcy, or cash flow issues. Bad actors are actively targeting B2B suppliers, exploiting net-30 term structures to acquire high-value goods without paying. They do this by impersonating established, reputable organizations—universities, hospitals, large corporations—knowing these entities are typically granted credit quickly and with minimal friction.
Relying solely on historical financial data is not enough when the entity on the application is legitimate, but the person submitting it is not.
Impersonation fraud works by exploiting the trust suppliers have in well-known institutions. When an application arrives from a recognizable university or a large regional hospital, the instinct is to approve it quickly. These organizations have strong credit histories and low default rates.
Fraudsters understand this dynamic. They create email domains that closely mimic the target institution, use the correct tax identification numbers, list real corporate addresses, and reference the names of actual procurement officers. The application looks standard until the moment the product ships.
Consider a scenario that plays out more often than most credit teams would like to admit: a sophisticated actor submits a credit application using all the right identifiers for a major university. The credit review passes because the institution's financial standing is unquestionable. The equipment ships—only to a residential address. By the time anyone notices, the goods are gone. A $48,000 loss, unrecoverable.
The failure here was not in evaluating the university's ability to pay. The failure was in verifying that the applicant actually represented the university—and in catching a delivery address that had no business receiving commercial equipment.
This dynamic creates a real operational tension. Sales teams want new customers onboarded immediately to close deals and hit revenue targets. Credit teams, meanwhile, are fielding an increasing volume of fraudulent applications and need time to verify identities. Balancing speed with security is the defining challenge of modern onboarding.
These scams succeed not because of advanced hacking techniques, but because of internal process gaps. Understanding where those gaps exist is the first step toward closing them.
Broken handoffs between departments. In many organizations, credit and fulfillment operate in silos. The credit team reviews the application, verifies the corporate entity, and approves the credit limit. Once the account is open, the sales or order entry team processes the purchase order. Fraudsters exploit this handoff by listing the legitimate corporate address on the credit application to secure approval, then specifying a different ship-to address on the actual purchase order—a residential home, a temporary warehouse, or a freight forwarding hub. If the ERP system doesn't flag the discrepancy, the goods leave the facility and are gone.
Manual workflows and visual fatigue. Credit analysts process dozens, sometimes hundreds, of applications a week. A fraudster might register a domain like @stanford-edu.com instead of @stanford.edu. When scanning applications quickly, that difference is easy to miss. Manual workflows that rely on the human eye to catch domain spoofing or slightly altered letterheads are consistently vulnerable to basic deception.
Data inconsistencies in ERP systems. Many legacy ERP systems are built to manage accounting ledgers, not detect fraud. They often allow multiple customer accounts to be created with the same tax identification number and lack functionality to lock a shipping address so it can't be changed without secondary approval from the credit department. When the ERP system is too flexible, it creates room for manipulation after approval.
The pressure for speed. Sales departments are incentivized to move products. When a large order arrives from what appears to be a major institution, the pressure to approve immediately is high. Fraudsters intentionally create urgency—requesting rushed shipping to meet a fake deadline. This pressure causes teams to skip standard verification steps and rely on the name of the institution rather than verifying the specific contact.
Preventing impersonation requires a structured approach to identity verification that confirms the applicant is actually authorized to act on behalf of the business entity they claim to represent.
The first step is confirming the applicant's digital footprint.
Always verify the email domain on the application—but don't rely on visual inspection. Use IT tools or digital credit platforms to confirm when the domain was registered. If an application comes from a 100-year-old university but the email domain was registered 14 days ago, treat it as fraudulent until proven otherwise.
Also check the IP address of the device used to submit the application. If the applicant claims to be a hospital in Ohio but the IP address originates from another country or is masked by a VPN, pause the application for manual review.
Address verification is the most critical defense against the scenario described above. Every new account review should confirm three addresses: the corporate address registered with state or federal tax authorities, the billing address where invoices are sent, and the shipping address where goods are physically delivered.
In a standard B2B transaction, these addresses align logically. When the shipping address is a residential zone, a self-storage facility, or a known freight forwarding hub, stop the order. Validate the shipping address against commercial property databases before anything is loaded onto a truck. This single step, consistently applied, is the most reliable way to block goods from reaching a fraudster.
Credit teams cannot fight fraud alone. Order entry and logistics need to be part of the defense.
Once credit approves an account based on a specific set of addresses, the ERP system should restrict changes to the ship-to field. If a customer requests a change of delivery address after approval, it should automatically trigger an alert back to the credit department for re-verification before the shipment moves.
Phone verification is equally important—and often overlooked. Don't call the phone number listed on the credit application or purchase order. Instead, independently look up the main number for the institution and ask to be transferred to the procurement officer named on the application. If that person doesn't exist or doesn't recognize the order, you've caught the fraud before it cost you anything.
Historically, credit teams asked for a standard bank reference letter. Today, PDFs are easily forged. Move away from relying on vendor-provided documents. Use secure methods to verify bank account ownership directly—confirming that the bank account associated with the business actually belongs to the corporate entity listed on the application.
Implementing a strict identity verification framework has direct benefits beyond the credit department.
Risk reduction and capital protection. Fraud losses in B2B are particularly damaging because they involve high-value goods. A $48,000 loss is not just a missing payment—it's a total loss of cost of goods sold, shipping expenses, and transaction labor. To recover the margin lost on a theft of that size, a company may need to generate hundreds of thousands of dollars in new legitimate sales. Preventing these events directly protects working capital.
Operational efficiency. Adding rigorous verification steps can actually speed up onboarding for legitimate customers. By setting clear rules—IP matching, domain validation, address confirmation—teams can quickly approve applications that pass all checks. This reduces time spent manually reviewing every application and lets credit focus energy on the anomalies.
Revenue protection. When sales teams negotiate with fraudsters, draft contracts, and arrange shipping for fake orders, they waste time that could go toward real revenue-generating activity. Catching fraud at the application stage protects the sales team's time and ensures inventory is reserved for paying customers.
Certain industries are targeted more frequently because of what they sell.
Equipment manufacturers are prime targets because their goods carry high resale value on the secondary market. A single piece of machinery worth tens of thousands of dollars makes the payoff significant. Wholesale food and beverage companies face similar exposure—food products are easily resold, difficult to trace once delivered, and move quickly. Credit teams in these high-volume industries face intense pressure to approve accounts rapidly, which makes them particularly attractive to sophisticated impersonation attempts.
B2B credit fraud is a persistent operational challenge, but it's entirely manageable with the right internal controls. By shifting focus from financial checks alone to comprehensive identity verification, credit teams can close the gaps that bad actors exploit.
Getting fraudulent applications past your team because ship-to addresses aren't locked down? Domains slipping through because manual review can't catch 14-day-old registrations? Bectran's fraud detection platform includes automated email domain verification that flags newly registered domains at submission, three-way address matching with commercial zone validation to catch residential ship-to addresses before goods move, ship-to address change alerts that route post-approval modifications back to the credit team for re-verification, bank account matching that confirms ownership directly rather than relying on forged PDF references, and Company Radar to validate company legitimacy and scan for legal issues, bankruptcies, and operational red flags in real time—giving credit teams the controls they need to catch impersonation attempts before a single product ships. See how fraud detection works.
300+ tools for efficiency and risk management
