Accounts Payable Fraud Detection - Our Guide to AP Fraud and How to Detect It

Organizations lose up to 5% of their revenue of their revenue to occupational fraud each year, 86% of which can be linked to accounts payable (AP) processes. While checks and wires continue to be the most accessible methods for fraudsters due to the manual processing inefficiencies, they also target electronic invoices.

The financial toll of AP fraud extends far beyond obvious theft. Research indicates businesses lose an estimated $280,000 on average annually to detected fraud—with many organizations unable to quantify their actual losses because fraud often goes unnoticed. Recent surveys show that over half of organizations experienced increased fraud attempts in the past year, with finance professionals identified as primary targets in approximately 60% of phishing and fraud schemes.

Accounts payable fraud encompasses dishonest and illegal actions designed to steal funds from your business's payment systems. These fraudulent schemes can originate from three primary sources: internal employees with system access, external vendors exploiting business relationships, and cybercriminals targeting payment processes through sophisticated scams.

However, there are many ways to combat this rising problem. A combination of improved human processes and accounts payable automation can both limit opportunities for fund misappropriation and enhance fraud detection.

Before an AP department can map out its solution, it's essential to understand what techniques are being used today.

What is accounts payable fraud?

AP fraud tends to fly under the radar, and for a good reason. Essentially, accounts payable fraud deals with asset misappropriation, primarily through fraudulent expenses. Most organizations tend to scrutinize their employees since they have the most access and opportunity, but third-party vendors and even malicious actors can commit AP fraud. Sometimes, multiple parties may work together to siphon money from company accounts. The fraud may be entirely accidental in other cases, such as miscalculating a service cost on an invoice.

Before we can touch on types of accounts payable fraud prevention, it's essential to understand the most common methods of payments fraud. This makes it easier to detect red flags and invest in solutions to reduce fraud risk.

What are the most common types of accounts payable fraud?

The Association of Certified Fraud Examiners (ACFE) keeps a pulse on fraud cases and offers insights into the most widespread fraud methods across industries. Understanding these schemes is the first step in protecting your organization. When it comes to accounts payable, fraud can originate from both inside and outside your organization. Here are the most critical schemes every business should guard against:

Internal fraud schemes

• Billing Fraud - In this case, an employee sets up a fake supplier, generally through a shell company, to accept payments from the company through invoice fraud. They may also use duplicate invoices to real suppliers to siphon off money. The goal is to pay themselves the stolen funds and any other accomplices through this fake account.

• How it works - The employee creates a fictitious vendor in your system, complete with fake business documentation and a bank account they control. They then submit fraudulent invoices for goods or services that were never provided, routing company funds directly to themselves. In more sophisticated versions, they may create invoices that mimic legitimate suppliers, making detection even more difficult.

• Check Fraud - Check tampering is one of the most common ways to commit AP fraud. While it can be challenging to catch, investigators can trace the fraudulent activity to its source if the checks are poorly altered.

• Common methods include - Altering the payee name on legitimate checks, changing dollar amounts after checks have been signed, stealing blank checks and forging authorized signatures, or intercepting checks intended for legitimate vendors and depositing them into fraudulent accounts. Despite the decline in check usage, this remains a significant threat for organizations that haven't fully transitioned to electronic payments.

• ACH Fraud - In this case, the employee will use their ACH bank account as the recipient to intercept funds meant for the company.

• How it operates - Employees with access to payment systems modify ACH payment details to redirect funds to their personal accounts. This can involve changing vendor banking information in your system, creating unauthorized ACH transfers, or manipulating payment files before they're transmitted to the bank. While rare compared to other schemes, ACH fraud can result in substantial losses due to the typically larger transaction amounts involved.

• Reimbursement Fraud - Employees can also take advantage of the expense reporting process by inflating their expenses, claiming costs that aren't covered by company policy, or creating fake receipts.

• Common tactics include - Submitting personal expenses as business costs, inflating actual expense amounts, claiming reimbursement for the same expense multiple times (through different reporting periods or submission methods), using digitally altered receipts, or claiming expenses that never occurred. This type of fraud often starts small but can escalate significantly over time, particularly when expense review processes are lax.

• Bribery and kickbacks - Corporate bribery, often called a kickback, is also a possibility. In this case, the employee receives a gift, either in cash or another form, for signing on a specific supplier.

• How kickback schemes work: - A vendor and employee collude together for mutual benefit. The supplier submits inflated invoices or bills for goods and services never delivered, while the employee facilitates approval and payment. In return, the employee receives a percentage of the fraudulent payments—the "kickback." These arrangements can be surprisingly sophisticated, with payments disguised as consulting fees, gifts, entertainment, or even charitable donations to organizations connected to the employee.

• Why employees commit fraud: Employees decide to commit fraud for several reasons. Dissatisfaction with their salary or pressing financial matters can both push an individual to commit payments fraud. Other motivating factors include perceived unfair treatment, opportunity created by weak controls, and the ability to rationalize the behavior ("I deserve this," "The company won't miss it," or "I'm just borrowing temporarily").

External fraud schemes

These threats come from outside your organization, targeting your AP processes through deception, impersonation, and exploitation of business relationships.

Business Email Compromise (BEC)

Business email compromise has become one of the fastest-growing and most costly fraud schemes targeting accounts payable departments. This sophisticated scam involves cybercriminals impersonating trusted parties to manipulate employees into making fraudulent payments.

How BEC attacks work: Fraudsters send emails that appear to come from legitimate sources—executives, vendors, or business partners—but the email address is slightly altered (for example, @companyname.com becomes @company-name.com or @companyname.co). These emails typically request urgent wire transfers, changes to vendor banking information, or immediate payment of "overdue" invoices.

Common scenarios include:

• CEO Fraud: An email appearing to be from your CEO or CFO requesting an urgent wire transfer for a confidential acquisition or time-sensitive business matter
• Vendor Impersonation: A message claiming to be from an established supplier requesting updated banking details for future payments
• Attorney Impersonation: Emails posing as legal counsel requiring immediate payment for urgent legal matters
• Employee Impersonation: Messages appearing to be from HR or payroll requesting direct deposit changes

BEC attacks often target finance teams during high-pressure periods like quarter-end or when key personnel are traveling or on vacation. The emails create urgency and exploit authority, making recipients feel they must act quickly without following normal verification procedures.

Vendor Overbilling

Vendor overbilling occurs when suppliers intentionally inflate invoice amounts beyond agreed-upon pricing, charge for quantities not delivered, or bill for services never performed.

How overbilling schemes operate: Unlike honest billing errors, overbilling fraud is systematic and intentional. Vendors may charge premium rates while delivering standard products, inflate quantities on invoices while shorting actual deliveries, add unauthorized fees or charges not covered in contracts, or bill for rush delivery or special services that weren't provided.

This type of fraud often goes undetected when organizations fail to match invoices against purchase orders and receiving documents. It can also involve collusion with internal employees who receive kickbacks for approving fraudulent invoices.

Duplicate Invoice Fraud

Duplicate invoice fraud involves submitting the same invoice multiple times to receive payment more than once for a single transaction.

Common methods:

• Resubmitting the same invoice in different accounting periods
• Sending identical invoices to multiple departments, subsidiaries, or locations within a corporate group
• Making minor alterations to invoice numbers or dates while keeping amounts identical
• Submitting both paper and electronic versions of the same invoice through different channels

This scheme exploits poor invoice tracking systems, lack of communication between business units, and high-volume AP environments where duplicate detection is challenging. Organizations without automated three-way matching are particularly vulnerable.

Incomplete Goods or Services Fraud

This scheme involves billing for goods or services that were never fully delivered, don't meet specifications, or differ significantly from what was ordered.

How it manifests:

• Delivering partial shipments while billing for complete orders
• Providing inferior quality products while charging premium prices
• Substituting cheaper alternatives for specified products
• Billing for services that were never completed or were performed inadequately
• Short-shipping (delivering fewer units than invoiced)

This type of fraud requires collusion with receiving personnel or exploits weak receiving and inspection processes. It's particularly common in industries with complex supply chains or where quality verification is difficult.

Invoice Fraud from Imposter Vendors

Fraudsters create fake companies that impersonate legitimate suppliers, often using names very similar to established vendors in your system.

How these scams work: External criminals research your vendor relationships and create fictitious companies with names like "ABC Office Supplies Inc." when your real vendor is "ABC Office Supply Inc." They then submit professional-looking invoices for plausible amounts, hoping they'll be paid without careful verification.

Warning signs include:

• Invoices from vendors not in your approved supplier list
• Slight variations in vendor names or addresses
• Banking information that doesn't match your vendor master file
• Unsolicited invoices for services you didn't order
• Professional-looking invoices for small amounts designed to fly under review thresholds

Understanding these fraud schemes—both internal and external—is essential for developing effective prevention strategies. While internal fraud typically involves employees exploiting their system access and knowledge of processes, external fraud relies on deception and manipulation of business relationships. The most sophisticated attacks may combine elements of both, with external criminals collaborating with internal employees. By recognizing the warning signs and implementing controls targeted at these specific schemes, your organization can significantly reduce its vulnerability to accounts payable fraud.

Guidance on investigating AP fraud

When investigating potential accounts payable fraud, it's critical to conduct both an internal report and bring on an external auditor. According to the ACFE, most organizations learn about fraudulent activity from whistleblowers. While internal audits may detect potential fraud cases, an external auditor is far more likely to be unbiased.

If you suspect potential fraud, the first thing to do is preserve evidence. This means collecting checks, invoices, contracts, journal entries, bank statements, and other relevant documentation.

To further investigate potential fraud schemes, setting up a fraud control committee or bringing in an external auditor to review the files would be wise. They may also want to take additional steps, such as:

• Verify suppliers

• Reconcile accounts

• Investigate transactions

• Review checks before cutting them

As you evaluate the AP department employees and AP process, it is important to have someone new come in to review suppliers and check payments. This can be an auditor or someone from another part of the accounting office.

How to detect and prevent AP fraud: a multi-layered approach

The good news is that there are ways to prevent fraud cases. While no single approach can completely eliminate the threat of fraud, a comprehensive strategy combining process controls, technology solutions, and organizational culture can significantly reduce your risk.

Here are the essential measures every AP department should implement:

Process Controls

Strong internal controls create checks and balances that make fraud significantly more difficult to execute and easier to detect.

• Four-Eyes Principle - Ensure at least two people verify and approve transactions, particularly for payments above established thresholds. Requiring dual authorization creates accountability and makes collusion necessary for fraud to succeed, significantly raising the barrier for would-be fraudsters.

• Segregation of Duties - No single employee should have control over the entire AP process from start to finish. Divide critical responsibilities among multiple team members—one person to approve purchases, another to receive goods, a third to process invoices, and a fourth to authorize payments. This fundamental control prevents any individual from both perpetrating and concealing fraud.
• Employee rotation - It can help to rotate employees through different tasks in the AP process, even though this may require additional training for each employee. However, employee rotation reduces the likelihood that one employee or supplier will attempt fraud and makes it easier to notice red flags. When responsibilities shift regularly, fraudulent schemes that depend on a single person's control become unsustainable.
• Mandatory vacations - Prompting employees to take a vacation means that another team member will need to cover their regular tasks. Having fresh eyes review the documentation can pick up fraudulent activity. Many long-running fraud schemes are discovered when the perpetrator is forced to take time off and their duties are temporarily reassigned.
• Random audits - Checking the AP process during an unscheduled audit can deter potential fraudsters and make it easy to spot issues. The unpredictability of surprise reviews creates uncertainty for anyone considering fraudulent activity, while scheduled audits may simply become events that fraudsters work around.

Technology solutions

Modern AP automation and artificial intelligence provide powerful tools to detect anomalies and prevent fraud before payments are processed.

• Accounts payable automation - The best way to avoid internal fraud is to prevent it with technology. Accounts payable automation matches invoices, scans for duplicate payments, uncovers errors and leaves a clear audit trail. It's even possible to set approval restrictions on specific accounts with some solutions. Automated systems eliminate the manual processing inefficiencies that create opportunities for fraud while providing real-time visibility into all transactions.
• AI-powered anomaly detection - Advanced automation systems immediately alert users of red flags—whether that be a duplicate invoice, missing tax IDs, an incorrect receipt, or unusual payment amounts that deviate from established patterns. Machine learning algorithms analyze historical data to identify suspicious activities that might escape manual review, such as invoices that consistently fall just below approval thresholds or vendor payment patterns that suddenly change.
• Real-time monitoring and alerts - State-of-the-art AP automation systems provide continuous oversight of transactions as they flow through your system. These platforms can flag suspicious vendor changes, identify sequential invoice numbers from supposedly unrelated suppliers, and detect modifications to banking information—all in real-time before fraudulent payments are executed.
• Comprehensive audit trails - Technology makes it easy to detect a possible case of fraud by maintaining complete, tamper-proof records of every transaction, approval, and system access. These digital audit trails enable quick investigation when fraud is suspected and provide the documentation necessary for law enforcement or legal proceedings.

Cultural and organizational measures

Creating an environment where fraud is difficult to justify and easy to report is essential for long-term prevention.

• Set clear reimbursement policies - In many fraud cases, the employee doesn't intend to cause trouble. They just don't know the company policy. It can help to work together with human resources to ensure that employees understand the company policy around reimbursements. Clear, written guidelines eliminate ambiguity about what expenses are legitimate and what documentation is required, reducing both intentional and accidental fraud.
• Update supplier master data regularly - Long-term fraud requires some sort of invoice or supplier falsification. Ensuring that the supplier list is updated frequently is one way to prevent lengthy fraud schemes. Regular verification of vendor information—including addresses, banking details, and tax identification numbers—helps identify ghost vendors and catch unauthorized changes before fraudulent payments are made.
• Open a tip network - Sometimes, an employee may notice something off, but they aren't sure who to talk to. Organisations that already have a hotline benefit more from taking tips, as they are 10% more likely to detect fraud via tip than those without one. Establish an anonymous reporting mechanism—whether a dedicated hotline, email address, or online portal—and communicate its availability regularly. Employees must feel safe reporting concerns without fear of retaliation.
• Verify suppliers - As you evaluate the AP department employees and AP process, it is important to have someone new come in to review suppliers and check payments. This can be an auditor or someone from another part of the accounting office. Periodic verification should include confirming that vendors are legitimate businesses, validating their contact information, and ensuring their banking details haven't been altered without proper authorization.
• Fraud awareness training - Educate all employees—not just AP staff—about common fraud schemes, warning signs, and reporting procedures. Regular training helps your team recognize social engineering attempts like business email compromise, understand why controls exist, and appreciate their role in protecting the organization. When fraud awareness becomes part of your company culture, you create a human firewall that complements your technical defenses.
• Regular scheduled audits - While surprise audits are valuable, scheduled reviews of AP processes and records also play a critical role. These comprehensive examinations allow for deep dives into transaction patterns, control effectiveness, and compliance with established procedures. External auditors provide unbiased assessment and often catch issues that internal teams might overlook.

What Is Benford's Law?

To enhance fraud detection, certified fraud examiners use an array of tools. But one of the most common is Benford's Law. Basically, this mathematical principle suggests that numbers in a sequence are likely to be part of a pattern, even if they seem random.

In other words, for each number, there is a probability it will be used in a certain slot. For example, the probability of the number 1 being used in the first position in payment, such as $1XX, is 30.1%. Payment fraud is more likely to break the natural pattern.

While it isn't foolproof, Benford's Law provides a simple tool for an AP department to evaluate its payments.

Improvements in accounts payable fraud technology

Over the past few decades, accounts payable automation has evolved tremendously. The use of OCR (Optical Character Recognition) to extract data from invoices makes it faster to review both electronic and paper documents. Furthermore, artificial intelligence has largely automated the matching process.

These state-of-the-art AP automation systems immediately alert users of a red flag - whether that be a duplicate invoice, missing tax IDs, or an incorrect receipt. As a result, automation helps to mitigate fraud risk while streamlining the AP process for the entire team.