Common Invoice Fraud Schemes: How to Detect & Prevent Them

No company is immune from invoice fraud. Even Amazon, the world’s largest online retailer, can fall victim to it. In 2020, four brothers operating a wholesale business were arrested for swindling nearly $19 million from the company. The scheme? Invoicing Amazon for thousands of additional toothbrushes it never ordered — a form of invoice fraud called bill padding.

External parties like vendors are not the only fraudsters to watch out for, either. So are internal employees. Nearly 90% of cases of occupational fraud in 2023 involved asset misappropriation, including invoicing schemes. Each year, more than $5 trillion is projected to be lost to fraud globally. Regardless of size or industry, every company needs a comprehensive strategy to prevent this form of fraud.

What is invoice fraud?

Invoice fraud is a deceptive procurement practice in which scammers create and submit false or manipulated invoices to trick a business into making an authorized payment. It can take various forms, including issuing fake invoices, duplicating invoices, overbilling, or business email compromising (BEC), where fraudsters pose as legitimate vendors or company executives. Invoice fraud can also be carried out by legitimate vendors or employees, so it’s sometimes considered a form of vendor fraud or employee fraud.

When invoice fraud occurs, companies may lose thousands and even millions of dollars, draining operational funds and impacting profitability. It can also harm a company’s reputation among vendors and investors alike, especially if sensitive information is leaked in the process.

No matter the company size, invoice fraud is common. However, there are factors that contribute to it occurring, including:

• Non-standardized and manual processes make it difficult to detect fraudulent activities or anomalies and provide an opportunity to manipulate invoices, especially paper-based or PDF ones.
• Weak internal controls, such as a single employee handling multiple steps in the payment process or inadequate auditing procedures, can enable fraud to go unnoticed for extended periods.
• Processing a high volume of transactions, a common practice for companies with complex supply chains or multiple vendors, can lead to mismanagement. When a company receives hundreds — or even thousands — of invoices each month, it’s difficult to ensure they are legitimate.
• Poor cyber security and employee training make sensitive information vulnerable to phishing emails or malware attempts.
• Lack of vendor vetting during the sourcing process can open the door to working with risky suppliers. Placing too much trust in long-term vendors can lead to reduced invoice scrutiny.

Examples of invoice fraud schemes

Invoice fraud takes many forms, exploiting vulnerabilities in a financial system or human judgment. Here are some of the most common schemes deployed against companies:

Fake vendor invoices

In this case, a fraudster creates an invoice from a fake vendor, or a legitimate vendor creates an invoice for an order the company never placed and submits it for payment. These invoices are often designed to resemble those from a legitimate vendor to avoid detection.

A fraudster might set up a shell company with a similar name to a real supplier. For example, Cotton Company versus Cotton Company Co, might send an invoice for 500 T-shirts that the legitimate company never ordered. Without a thorough verification process, such as matching the invoice to a purchase order, the accounts payable (AP) team may process the invoice without realizing it’s fake.

Duplicate invoicing

One of the most common invoice schemes is duplicate invoicing, which occurs when a vendor submits the same invoice multiple times in the hope that the duplication will go unnoticed and result in multiple payments. A vendor may intentionally resubmit an invoice from four months prior, claiming it was unpaid. Without a system to flag duplicate invoices, the AP team ends up paying it again.

Companies with complex supply chains or that process multiple billing requests across a large number of vendors are most susceptible to this scheme. When multiple unique invoices from the same vendor appear each month, it can be difficult to spot duplicates.

Business email compromise

A business email compromise is when a scammer impersonates an executive, coworker, or vendor via email to request payments for fraudulent invoices. For example, an accounts payable manager might receive an urgent email from what seems to be the chief financial officer, asking them to pay a $25,000 invoice to a new bank account. The email looks authentic because the scammer changed just one letter in the real CFO’s email address, making it hard to detect the difference.

This fraud relies on tricking unsuspecting employees by creating emails that look legitimate. Oftentimes, the subject line claims it’s an urgent matter, and the body copy includes new banking information for the payment. Companies that routinely process invoices via email and through manual processes are more susceptible to this kind of scheme.

Phishing is another way scammers try to steal sensitive information. An employee may receive an email and click on a link in the email, which then downloads malware software onto the computer. This enables the scammer to gain access to operational and financial information.

Overbilling or bill padding

In this case, a legitimate vendor inflates invoice charges, billing for more goods and services than were actually provided. For example, a vendor may submit an invoice for 1,000 units of a product, but only 800 were delivered. Or, a vendor may change the price per unit in the invoice despite the purchase order stating a different price.

Sometimes, overbilling is an honest mistake from a vendor. However, frequent occurrences from the same vendor are a red flag. Without a digital tracking and analytical spend management system, detecting these kinds of patterns among vendors can be difficult and very time-consuming.

Unauthorized changes to payment details

A fraudster changes payment details, such as bank account numbers, to divert payments to their own account. Let’s say a fraudster intercepts an email chain between a vendor and the company, altering the vendor’s banking information on the PDF invoice. The payment is then transferred to the fraudster’s account instead of the legitimate vendor.

Alternatively, internal employees may alter the bank account information on an invoice and divert payments to a personal account. This form of accounts payable fraud can occur when there is a lack of segregation of duties, and an employee can approve an invoice and disburse payments without secondary approval.

Internal employee collusion

Employees may even collaborate with vendors or third parties to approve fraudulent invoices in exchange for kickbacks. An accounts payable employee might work with a vendor to create fake invoices, and then the employee ensures the invoices are approved. They then share the proceeds after the payment is issued.

Expense fraud via invoicing

This scheme involves inflating, falsifying, or manipulating expense-related invoices. For example, an employee might submit a hotel invoice showing a stay of $2,000 while adding additional unapproved days to the invoice. An employee might also manipulate legitimate receipts, like editing a taxi receipt from $50 to $125, before submitting it for reimbursement.

Tips for invoice fraud prevention

No company is immune from invoice fraud, from small local businesses to large global enterprises. Take tech giants Google and Facebook. They lost a combined $100 million to a fraudster posing as a long-time supplier who created fake invoices, contracts, letters, and even corporate stamps.

Fortunately, there are strategies businesses can deploy to protect themselves. Here are some ways to detect and prevent invoice fraud, no matter your company’s size:

Verify every invoice every time

It’s essential to match a purchase order (PO), delivery receipt, and contractual obligations to each invoice each time. This is often overlooked when manually matching invoices because it’s so time-consuming and prone to error. It’s easy to just approve invoices quickly without proper scrutiny when you’re battling a backlog.

Switching to a digital, automated three-way matching process can ensure consistency between a PO, invoice, and delivery confirmation. It works in the background so AP employees can focus on high-value work. Automated AP that uses machine learning is more effective at verifying invoice details against internal records to detect discrepancies, such as changes in quantity pricing or banking details.

Segregate duties

Fraud is more likely when a single individual controls multiple aspects of the accounts payable process. For those with bad intentions, they can manipulate the system with little oversight. Meanwhile, hardworking and honest employees are prone to make more errors if they’re overstretched handling a slew of invoices alone each month.

Dividing responsibilities, like invoice approval and payment processing, among different employees ensures there are fewer opportunities for fraud. Dual or triple approvals for high-value transactions provide additional scrutiny, preventing large fraudulent payments.

A spend management platform with automated and customizable workflows can help enforce the segregation of duties. It’s more difficult for something to slip through the cracks or for someone to alter invoices when there’s a traceable, digital audit trail. Digital workflows also help restrict unauthorized access since credentials are required.

Leverage AI to spot anomalies

How quickly do you need to detect fraud? Before a payment is ever issued. To do that, you need real-time fraud detection that analyzes vast amounts of data. AI makes it possible and replaces the tedious task of manual auditing with autonomous, continuous, and accurate monitoring across your entire procure-to-pay process so you can spot irregularities early.

AI reviews information at each processing step and compares it against the full company dataset to spot any suspicious invoices. AI can spot and alert authorized users if a PO or a vendor’s bank details don’t match an invoice. Over time, AI can even build behavioral profiles of employees and vendors based on historical data and detect anomalies that otherwise might be overlooked, such as a vendor regularly billing for the wrong quantity.

To leverage AI, you’ll need to centralize and cleanse operational data. A spend management platform can help track processes and data across the entire procure-to-pay process to create a centralized dataset.

Secure communication channels

Encrypting and using multi-factor authentication for communication channels can ensure unauthorized parties can’t view or change sensitive financial information. Encryption ensures that the data cannot be read or altered even if communication is intercepted. Multi-factor authentication requires users to verify their identity through multiple factors, like a password and a phone-based code.

Since external email systems are more prone to phishing and spoofing attacks, using a spend management platform with built-in messaging with vendors is best. These platforms typically use advanced encryption, multi-factor authentication, and controlled user permissions to restrict access to specific levels.

Eliminating reliance solely on email ensures any change of payment requests can be confirmed through multiple channels. Let’s say a fraudster posing as one of your vendors sends an email about updating their banking information. If the request did not also come through the supplier portal message system, it’s a red flag.

Use virtual cards

A virtual card is a single-use or vendor-specific payment option that limits the potential for unauthorized transactions or fraud. With a virtual card, a new card number is randomly generated for each transaction or unique supplier, enhancing security and control over the payment. The primary card’s information tied to the virtual card is never revealed, and each virtual card is digital-only, with encrypted versions for specific transactions, vendors, or time periods. This all ensures funds cannot be redirected to a fraudulent account.

Regularly train employees

Employees are the first line of defense against fraud. Without proper training, they may fail to recognize red flags or inadvertently facilitate fraud by mistake.

Here are some general tips you should share:

• Never click a link or download attachments in an email from an unknown sender.
• For any invoice request that comes by email, always check the sender’s email address, reply-to address, and tone of writing.
• Any urgent requests or those with unusual payment instructions should be highly scrutinized.
• If a vendor requests a payment to be sent to a new account, always cross-verify by directly calling an established contact with the vendor.

To ensure employees are aware of emerging schemes, hold regular training sessions or send out a company newsletter.

Implementing invoice fraud detection software

Invoice fraud detection software is like a high-tech security system for your business finances. Just as a home security system watches for unusual activity — like an open window from an unexpected visitor — fraud detection software keeps an eye on all your invoices, searching for any suspicious activity.

Fraud detection software uses machine learning and advanced analytics, a form of AI, to detect errors and anomalies in your procure-to-pay processes. For AI to be the most effective, it needs data. Centralizing and cleansing data is critical for the software to work. To create a centralized database, look to:

Collaborate with the IT department

Work with IT to ensure the software is compatible and provides real-time data sharing with the company’s ERPs, payment system, and vendor management tools. An advanced spend management platform can help automate much of the data management process.

Automate AP

Switching from manual to automated AP ensures the reconciliation process moves from scattered email inboxes and file cabinets to a centralized system. Each purchase order and invoice can be tracked, stored, and analyzed as it becomes part of a historical data set. Automation also reduces manual work and errors, freeing your AP team to focus on strategic tasks.

Use a data extraction tool

To accommodate suppliers that use different invoicing tools, find a solution that can extract data from invoices in PDF and image formats and automatically map it to electronic invoice records on file. This ensures both the supplier and your team aren’t bogged down manually inputting invoices into a system.

How fraud detection software works

Invoice fraud detection software helps companies go from a reactive to a proactive fraud approach. Here’s how it works:

Pre-configured rules engine

The software analyzes invoices using a set of preconfigured rules. These rules flag duplicate invoices, invoices exceeding certain thresholds, payments to unapproved or inactive vendors, and sudden changes in vendor payment details. You can stop non-complaint invoices from being paid using these tools.

Coupa’s fraud detection software, SpendGuard™, enables users to customize workflows and rules with simple drag-and-drop functionality. For example, if a certain invoice exceeds a budget threshold, the invoice can be flagged and routed to the appropriate auditor. Admin credentials also ensure employees with bad intentions are not authorized to change these rules or workflows without proper authorization.

Anomaly detection

AI enables real-time tracking across direct and indirect spending, spotting any irregularities and increasing visibility to spot and stop invoice fraud before a payment is made. The type of AI used is a form of machine learning that identifies patterns from historical data and flags anomalies, such as unusual invoice amounts, non-complaint spend, or atypical vendor or employee behavior.

With SpendGuard, you can build behavior profiles for employees and suppliers to identify transactions that alone aren’t suspicious but do indicate non-compliant behavior when analyzed across a historical dataset. There are 25 alerts across six key categories of spending activities:

• Requisitions
• Purchase orders
• Invoices and payments
• Expenses
• Sourcing events
• Timesheets

Fraud trend analysis

The software helps identify emerging fraud trends or tactics by continuously analyzing historical data from internal and external sources. Internal sources include data like purchase orders, invoices, approvals, and so forth. Some software also provides an additional layer of protection by monitoring external sources, such as risk across different domains for vendors and user trends.

With the largest anonymized B2B commerce dataset in the world, Coupa provides unparalleled insights to businesses by analyzing $7 trillion in real-world transactions. The enormous range of data across different industries and geographies gives SpendGuard’s AI the ability to identify potential risks in invoicing patterns and supplier relationships that aren’t noticeable with smaller datasets. Data from various industries and sizes also provides context-specific fraud detection to differentiate between normal spending patterns for your industry and genuine anomalies.

Protect your business’s profits and reputation in a fast-paced business environment. With Coupa, you can move from a reactive to a proactive fraud detection approach by unifying all spend activity on a single platform and leveraging advanced AI technology.

*ACFE, Occupational Fraud 2024: A Report to the Nations