Dun & Bradstreet

Blog

The Hidden Threat to Enterprise Risk Teams: B2B Fraud and How to Stop It

How Smarter Data Management Can Help Organisations Fight B2B Fraud

While consumer fraud often garners more attention, B2B fraud is becoming an increasingly sophisticated and costly problem, quietly draining enterprises of millions (if not billions). 

To understand the evolving threat landscape and how companies can better protect themselves, we spoke with Andrew La Marca, Senior Director of Risk and Fraud Operations at Dun & Bradstreet. His insights reveal not only the scale of the problem but also the strategic data management practices that can help mitigate it.
 

Why B2B Fraud Is Persistent, Growing, and Somewhat Overlooked 

While the media often sounds the alarm about consumer data breaches and fraud schemes built around personally identifiable information (PII), there’s less noise about B2B fraud perpetrators and their impact. 

According to La Marca, that’s an unfortunate consequence of certain economic and market conditions. Unlike consumer credit, the B2B credit space is not as regulated and sometimes is viewed as the Wild West. Beyond financial institutions or companies operating in a regulated industry, most businesses are not required to perform Know Your Customer (KYC) or Know Your Business (KYB) checks – though some still do so in order to mitigate future regulatory risk or avoid reputational risk. 

This lack of oversight creates fertile ground for fraudsters.

“Business fraud is really compelling in part because it’s easy to commit, “ La Marca explains. “It’s very easy to compromise a business registration. It’s very easy to impersonate an owner or officer or director of a business. And it’s very easy to create documentation to support your impersonation.” 

Even when B2B fraud is detected, law enforcement may lack the tools and resources to pursue cases, especially when the perpetrators cross state lines or flee to other countries. Cross-border fraud presents unique challenges, including jurisdictional gaps, language barriers, and inconsistent data governance.  

“Unless the incident creates significant business disruption and financial losses, it can be very hard for law enforcement to build the case to commit resources to pursue those criminals,” La Marca adds.  “When you combine these circumstances, you understand why business fraud can be very enticing and why fraudsters keep coming back for more.” 
 

How AI and Data Management Impact B2B Fraud Prevention

Through his work with organisations worldwide, La Marca has uncovered several reasons why enterprises may not understand how vulnerable they are to business-to-business fraud schemes. The lack of relevant data, incomplete risk assessments, and even isolated internal communication and language barriers can prevent organisations from recognising suspicious activity and potential threats. 

“It’s not enough to acknowledge that fraud is a risk,” La Marca says. “You need to appropriately classify your fraud risk. By that, I mean determine specifically what your biggest threat is. Is it business identity theft, synthetic entities, first payment default, or something else? Once you identify and classify specific risks, then you’ll be better prepared to develop a more precise, effective framework to mitigate them.” 

The rise of artificial intelligence has further complicated the landscape. Fraudsters now use generative AI to create fake documents, websites, and synthetic identities (which are fabricated entities that appear legitimate but don’t actually exist). “AI is no doubt making B2B fraud so much easier to scale, and to scale rapidly,” La Marca notes.

Centralising and strengthening data are crucial for enterprises to combat potential fraud schemes and prevent financial losses. “When data is scattered and disconnected throughout your AI tools and platforms – your  internal ecosystem – then you can’t effectively model, audit, govern, or really understand it,” he adds. “Integration and centralisation of data are crucial to helping you gain full visibility into your risks.” 

Seven Data Management Best Practices to Fight Fraud

Drawing from his experiences as a Certified Fraud Examiner, La Marca recommends seven data management best practices for enterprise businesses. These changes and behaviors can be vital for assessing fraud risk effectively and for strengthening detection and prevention strategies. 

  1. Centralise Your Data: Disconnected or siloed data weakens analysis and the decisions based on it. Scattered, spotty data will limit your ability to accurately assess your risk.

  2. Establish Real-Time Monitoring: Don't just look at customers, vendors, and suppliers when you onboard them. Monitor accounts throughout the lifecycle for changes and anomalies. 

  3. Leverage Predictive Analytics: Assess data quality, and use data science to identify vulnerabilities and anticipate fraud patterns.

  4. Evaluate Your Fraud Program: Regular assessments ensure fraud is identified at the right touchpoints.

  5. Implement Strong Access Controls: Limit who within the organisation can access sensitive data and manage permissions tightly. 

  6. Conduct Regular Audits: Frequent audits help uncover vulnerabilities and suspicious activities, and they reinforce accountability.

  7. Foster Industry Collaboration: Enterprises need to talk to each other about fraud events, concerns, and effective fraud prevention strategies. Join industry groups, networks, and consortiums to share intelligence. Helping out one another is how organisations can make a difference and stop bad actors. 

“When data is scattered and disconnected throughout your AI tools and platforms – your  internal ecosystem – then you can’t effectively model, audit, govern, or really understand it.  Integration and centralisation of data are crucial to helping you gain full visibility into your risks.”

Andrew La Marca, Dun & Bradstreet

Why Data Sharing Networks Matter

La Marca advocates for B2B fraud intelligence networks, such as the network hosted by Dun & Bradstreet. These forums allow businesses to share anonymised risk signals and receive alerts about suspicious entities. He recommends that companies do their homework before deciding which network to join. 

“First and foremost, evaluate the entity that hosts the fraud intelligence network,” he advises. “Look at their data standards and the data privacy regulations that they adhere to. Have a clear understanding of how they maintain any data you provide as well as the data they store. This entity should uphold itself to the highest standards.” 

Next, make sure you take a test drive. “Conduct a proof of concept exercise to help prove that you’re going to receive some benefit from this,” La Marca says. “You always want to make sure that what you are signing up for, what you are paying for, is going to help your organisation as well as the greater ecosystem that you’re joining.”

Because B2B fraud doesn’t look the same across sectors, the intelligence gained from network participation can be especially valuable. For instance, “pig butchering” scams and their perpetrators may be more problematic for financial institutions, while synthetic entities may be a problem for multiple industries, such as auto, heavy equipment, insurance, financial, etc.  

The same is true for businesses of different sises; you should expect the type and scope of fraud to vary due to resources, expertise, and focus.  

“Small businesses often prioritise growth over governance, making them easier targets for bad actors,” La Marca explains. “In contrast, enterprise companies typically have more resources for audits and monitoring. That’s why the ways in which companies experience and successfully avoid fraud can be very different. Sharing and collaborating based on those unique learnings may be the key to avoiding lasting disruption, financial losses, and other damage.” 

It’s not a decision to be made lightly, but La Marca feels it’s one that can definitely enhance an organisation’s risk position and fraud prevention strategy. “Sharing fraud experiences and information is a best practice. It can be done in an anonymised fashion where you're not actually revealing your data,” he says. “By not joining one of these networks, I feel you are ultimately doing more harm than good.”
 

AI Is a Double-Edged Sword

While AI can enhance fraud detection and data management processes, overreliance on automation is risky. La Marca stresses the importance of human-in-the-loop systems. “Too much AI and automation can be harmful. In this fraud space, you need humans. Humans are assets.” 

To maintain those assets, he emphasises the importance of education, training, and communication across the business. “Fraud prevention isn’t just an IT or compliance issue. It’s an organisational responsibility. Everybody in the organisation is responsible for preventing fraud. Nobody should say ‘it’s not my job.’” 

Being transparent with employees is also important to empower them to recognise and report suspicious activity and help create the strategies to stop criminals.

“Let employees know what types of fraud impact the organisation,” he advises. “Giving them that training and that awareness of fraud activity can enable and embolden them. They’ll be better prepared to protect themselves and their own PII, as well as the enterprise and its data and assets.” 
 

B2B Fraud Calls for Collective Action

B2B fraud is a systemic issue that requires collective action, and every stakeholder has a role to play. “There’s just a huge gap and a lack of understanding in the marketplace about what it takes to truly understand and mitigate against B2B fraud,” La Marca concludes. 

By embracing data centralisation and data management, real-time monitoring, collaboration, and human oversight, enterprises can protect themselves and also help raise the bar for the entire business ecosystem.

Read our eBook for more insights on how better data and routine habits can help you strengthen your risk strategy and prevent fraud attacks.  

Get the eBook