Baltimore officials are scrambling to institute new safeguards to the city’s payment system after more than $1.5 million was stolen by a person pretending to be a vendor who redirected city funds to their own bank account.

The fraud, which has since been reported to the Federal Bureau of Investigation and the city’s inspector general, was first flagged in March by a bank that received two large payments from the city — one for $803,000 and a second for $721,000.

The account was subsequently frozen that month and the second payment reversed. However, the $803,000 payment, cashed in February, has not been recovered, said Erika McClammy, the city’s deputy comptroller.

City officials do not know who is behind the sophisticated scheme, which involved months of email correspondence between city officials and the unknown person who was posing as an employee of the vendor. McClammy said the person first contacted city finance officials in October or November. After four months of contact, the person switched the bank account used by the vendor and provided proper documentation such as voided checks and the company’s tax identification number, McClammy said.

Baltimore has moved more and more parts of its vendor payment system online in an effort to streamline a process that has traditionally been labor intensive and slow for contractors. It has also made records of outgoing payments more easily discovered in the interest of transparency.

However, the person who perpetuated the fraud took advantage of the system’s ease of use and documents that were readily available online, McClammy said.

“The fraudulent actor started doing things such as changing account information, which is what vendors sometimes do. That part is normal,” she said.

City officials are not revealing the name of the vendor who they said is a regular contractor of the city’s Department of Public Works. No work has stopped as a result of the missed payment, and the city will be issuing a new payment to the vendor next week, McClammy said.

Inspector General Isabel Mercedes Cumming said she could neither confirm nor deny whether her office was investigating the matter.

The payment was flagged by the receiving bank because the company it was intended for did not match the name of the account holder, officials said.

Baltimore officials are exploring new internal controls as a result of the fraud. No city policies were broken by the employees involved in the scam, McClammy noted. The person submitted all the proper documentation necessary to change a bank account.

The Department of Accounts Payable, which is overseen by the city’s comptroller, is looking at recommendations from past inspector general findings on similar cases for new safeguards that can be implemented. Possible enhancements include automatic notices to vendors during different steps of the payment process.

The perpetrator of the fraud was able to bypass the city’s geofencing system, a virtual geographic boundary that can be used to monitor mobile devices or IP addresses that enter and exit. The person used an IP address set up through Starlink, a satellite internet network, McClammy said.

“They have very good technology and so it requires us to be constantly vigilant so that we’re one step ahead,” McClammy said. “In this instance, we were one step behind.”

Officials have found no signs that other city contractors have had their vendor information changed, but city officials are asking vendors to double check their information in the city’s payment system to ensure that it looks correct.

“We are taking every measure possible to make sure that our programs and our controls are up to par,” McClammy said. “Unfortunately, there will probably always be some kind of loophole.”