How to Identify Fake Invoices
If Facebook and Google can get hit with invoice fraud, so can you. In March 2019, a fraudster pleaded guilty to billing over $123M from the tech giants over a three-year period, with fake invoices. THREE YEARS without being noticed! Okay, now I’ve scared the pants off you, I’m going to offer assistance… and a belt. This post is going to show you how to identify fake invoices, types of fraud to watch out for, and how to prevent…
Let us show you how we can help you with invoice fraud detection.
Wait. It gets worse. While invoice fraud has been around for years, it’s evolving. Generative AI is proving to be a dream come true for cybercriminals looking to create fake invoices – in minutes – that look realistic.
Because Gen AI tools are available to everyone – a bonus in many ways – we have the perfect storm. E-invoices, online transactions, and automated payment systems benefit businesses, customers, and cybercriminals. Fraudsters are exploiting our digitized world to steal, disrupt operations, and create distrust. Our systems are inadequately secured, and this has brought about an inevitable increase in accounting fraud.
Facing this new threat, it’s vital that businesses understand and address potential vulnerabilities in their finance processes. Ironically, the technology that fraudsters are employing to scam businesses, is the same technology that’ll protect them.
It’s worth saying that this fraud isn’t restricted to one industry. All businesses across all industries have finance departments. Therefore, they’re all at the mercy of fraudsters.
“51% of surveyed organizations say they experienced fraud in the past two years, the highest level in our 20 years of research.” PwC’s Global Economic Crime and Fraud Survey 2022
Our How To Identify Fake Invoices guide explains types of invoice scams and how to protect against fraud attacks.
Table of Contents
What is invoice fraud?
“Also known as mandate fraud, a fraudster poses as one of your suppliers. They tell you their payment details have changed and provide new account details. They may ask for a payment urgently. The fraud may only come to light when the genuine supplier seeks payment.” Barclays Bank PLC
It’s a fake payment request sent by scammers, pretending to be a supplier or vendor. The intent? To steal money from your business.
The fake invoice will have small discrepancies that can easily be missed. Bank account details one number off. Payment address tweaked. Purchase order doesn’t match.
Impersonating a vendor’s account, a fraudster could use the correct email address but provide a new payment procedure. I’ll go into more detail about the types of invoice scams later in this post, but here are some examples…
- Submitting the same invoice multiple times to receive duplicate payments
- Sending fake invoices for goods that either weren’t ordered or weren’t received
- Submitting invoices with the payment due increased
- Invoices that imply urgency and actions that could be taken if payment isn’t made swiftly
Fraudsters, knowing that accounts payable departments are often overwhelmed with paperwork, have an easy target. Adding a sense of urgency – this invoice is 90 days past due – almost guarantees payment is made without scrutiny.
Without a stringent accounts payable fraud detection process in place, businesses may fail to identify fake invoices and pay out substantial amounts of money.
Other examples of invoice scams include duplicate invoices and inflated invoices. A fraudster may submit multiple invoices that charge you for products or services that you’ve already paid for. Or, they may increase the price to something more than was agreed.
Unfortunately, invoice fraud has become more sophisticated with the shift to digital channels and AI technology.
Dealing with a large volume of invoices, mid to large businesses must be vigilant, especially if they’re still following manual processes for tracking, matching, and payment. Manually tracking which payments have been made and matching with the associated line items is a slow, error-prone task. Making it easier for fraudsters to pass fake invoices.
Deep learning neural network for accurate invoice data capture and validation.
Types of invoice fraud
“65% of organizations were victims of payment fraud attacks/attempts in 2022. Of the victims, more 27% were able to recover at least 75% of the funds they lost. But, nearly 44% failed to recoup their losses.” 2023 AFP® Payments Fraud and Control Survey
While all businesses are vulnerable to invoice fraud, the larger ones with more employees are more prone to communication breakdowns between accounts payable and other departments raising purchase orders. They also have to handle vast amounts of paperwork.
Scammers have upped their game so they can target more businesses. There are multiple ways they can defraud your business. Here are the most common types of invoice fraud…
A fake invoice is created by a fraudster and sent to your organization for payment, but zero products have been delivered. The scammer makes subtle changes, such as using a vendor known to you, but with the wrong payment address or bank account number.
An inventory check or two-way matching – automatically comparing purchase order and associated invoice – will reveal a fake invoice.
Business email compromise – BEC – is a social engineering attack. It occurs when a fraudster gains access to your email system, infiltrates email threads, and impersonates a supplier, vendor, or a person in your organization. Your CEO, for instance.
With an email thread compromised, the fraudster has access to payment information mentioned and is able to alter payment methods.
BEC emails are targeted, unlike phishing emails, and personalized. They often employ a sense of urgency, such as an immediate payment demand, funds transfer, or banking details.
Also called bill padding, a legitimate invoice is submitted with inflated prices. The increase won’t be huge, so it flies under the radar. But, the fraudster will deluge businesses with this type of fake invoice.
Regrettably, there are many businesses still struggling with manual processes in their accounts payable department.
Heads up! You’re inviting fraudsters into your business and offering them a cup of coffee and a cookie. A chocolate cookie.
Sorry to say, internal fraud means you’ve got someone dodgy in your company. Probably in the AP team. Taking a legitimate vendor invoice, rather than paying into the vendor’s bank account, they redirect to a third-party’s account.
Having access to your accounts payable software, they temporarily change the vendor’s bank details, correcting them later to avoid detection. Finally, they approve and sign off the accurate invoice and transfer the money to the vendor.
“31% of fraud cases are perpetrated by an employee, and 26% from collusion between internal and external actors.” PWC’s Global Economic Crime and Fraud Survey 2022
How to identify fake invoices
With businesses becoming more aware of the increase in invoice fraud, the first step is knowing what to look out for. These are red flags that indicate a fake invoice has landed…
Purchase order and invoice numbers don’t match
If the purchase order and invoice numbers don’t match, chances are that you’ve been hit with a fake invoice. Other discrepancies include an incorrect amount due, and goods or services that weren’t ordered.
While confirming the accuracy of every invoice is the standard for finance teams, mistakes can be missed if you’re following a manual data entry process or if you’re using a substandard automated matching solution.
For this reason, many companies are shifting towards intelligent document processing solutions with three-way matching. This feature automates the checking of details on purchase orders, receipts, and invoices.
Inconsistent customer contact information
When verifying the validity of an invoice, if the contact information of the vendor doesn’t match previous correspondence, contact the vendor – using the details you have on file – to confirm.
Increase in volume of invoices
Some businesses have a purchasing policy in place that stops your teams from making random purchases.
Which begs the question – why are you receiving more invoices?
Check the quantity of purchases compared with the number of invoices. Any invoice that doesn’t have a matching PO indicates that you’ve suffered a third-party or duplicate payment scam.
Sadly, there are some dodgy vendors out there, and invoice duplication occurs when a dishonest vendor submits the same invoice multiple times.
Businesses that manage complicated projects that juggle several vendors and billing requests are particularly vulnerable to duplicate invoice scams.
Receiving an invoice each month from a vendor, it’s safe to assume that your finance team will be able to confirm payment or otherwise. Being bombarded with 30 is going to be a problem.
But, duplicate invoices can’t all be blamed on vendor fraud. If you’re late to pay a bill, a vendor may justifiably resubmit an invoice. If your AP team is overwhelmed with manual tasks or working with a legacy automation platform, these invoices can end up being paid twice.
Or, you could look to accounting automation.
Does the invoice contain language designed to make you panic?
If you don’t pay within 90 days…
Legal action will be taken if you don’t…
Ignore the cold sweat that breaks out. The invoice has been written with the sole purpose of pressurizing you into paying for goods that you may not even have ordered.
Is this a vendor you usually work with? Is this language normal?
Verify. Verify. Verify.
How to protect your business against fake invoices
Many companies have vulnerabilities that make it easy for fraudsters to attack. Inconsistent processes, your finance team is overwhelmed with paperwork, communication bottlenecks between teams, a lack of data visibility… Unless you address these issues, you won’t identify fake invoices submitted to your business and your fraud management strategy will fail.
How to protect your business? Automated accounts payable workflows.
I know. I know. I bang on about automated document processing all the time. It’s what I’m paid to do. And it’s the best way to protect your accounts payable processes, by increasing the accuracy, efficiency, and security of your invoice verification process.
Let’s look at the ways in which AI document processing helps protect your business against fake invoices…
- Fast, accurate data extraction from invoices, cross-referenced with existing data bases and predefined criteria
- Inconsistencies or discrepancies in the data – mismatched amounts, dodgy vendor details – are flagged for review
- Configured with predefined rule-based validation checks, an automation platform can identify anomalies or deviations from expected patterns
- An alert is triggered for manual verification if unusual invoice amounts, changes in vendor details, duplicate invoices, altered payment methods or bank details are found
- Machine learning algorithms are trained to recognize patterns associated with genuine invoices and find deviations that could indicate fake invoices
- Historical data is referenced to detect irregularities over time – invoice amounts, frequency, vendor behavior
- Three-way matching compares invoice details with purchase order and goods receipt note – GRN – to ensure consistency
- Discrepancies will be flagged for investigation
- Check our our Guide To Invoice Processing Automation for more details.
Integration with ERP
- Integration with your ERP system ensures validation of invoice data against your existing records
- Identify anomalies such as invoices for goods or services that you didn’t order or receive
Approval workflow automation
- Invoices are systematically passed through multiple channels for verification, reducing the chances of unauthorized payments
- Multi-levels of approvals and segregation of duties are implemented to add another layer of security
Document encryption and security
- Processing and storage of sensitive financial information is done in a secure environment
- Encryption protects against unauthorized access of invoice data
- Audit trails monitor and analyze invoice processing in real time, identifying potential fraud attempts
- Alerts will be sent for suspicious activity, enabling fast intervention
Transactional document automation pumps up the accuracy, efficiency, and security of your invoice processing workflows. Making it harder for fraudsters to exploit your vulnerabilities.
For more information, check out our 11 Tips For Automating The End-To-End Process Of Accounts Payable.
How to identify fake invoices? Rossum AI
An intelligent document processing solution like Rossum will help you identify fake invoices. From data capture, validation, three-way matching to duplicate invoices and mismatched data, our IDP solution will red flag discrepancies immediately. Reducing your AP team’s stress levels and protecting your business against fraud.
If you don’t have time for an hour-long demo? Knock yourself out with our interactive demo. See how intuitive our AI-powered document processing platform is, and how we can revolutionize your business operations and drive efficient document workflows.
Invoice fraud happens when a fraudster pretends to be one of your suppliers. They demand payment via a fake invoice, sharing their own bank account details.
Warning signs include a supplier asking to change their bank details or payment methods. Email addresses that don’t match those you have on file for the supplier. Typos and grammatical errors. Often, there is an element of urgency – pay within 90 days, otherwise – to panic people into paying without confirming the invoice is genuine.
Your AP team needs to know what to look for. AI document processing automates your AP processes and is able to cross reference mailing addresses, phone numbers, vendor information, payment details, and employ three-way matching to match with the relevant purchase order. This digital process can be scaled depending on the volume of documents you receive at minimal cost, unlike manual document-based risk management processes. Which are slow, costly, and fake invoices can slip the net.
Check the sender’s email address. Does it match the domain name of the company website? Is it a business address? Are there spelling mistakes, intentional or otherwise? Verify the invoice details. Does the invoice number match the purchase order number? Are the payment details, bank account number, etc., correct? Is the logo consistent? Check for red flags such as a request for urgent payment, attachments/links that could contain malware or phishing attempts.