How to Identify Fake Invoices

If Facebook and Google can get hit with invoice fraud, so can you. In March 2019, a fraudster pleaded guilty to billing over $123M from the tech giants over a three-year period, with fake invoices. THREE YEARS without being noticed! Okay, now I’ve scared the pants off you, I’m going to offer assistance… and a belt. This post is going to show you how to identify fake invoices, types of fraud to watch out for, and how to prevent…

Let us show you how we can help you with invoice fraud detection.

Scary stuff!

Wait. It gets worse. While invoice fraud has been around for years, it’s evolving. Generative AI is proving to be a dream come true for cybercriminals looking to create fake invoices – in minutes – that look realistic. 

Generative AI is Fueling a Surge in Invoice Fraud… discuss.

Because Gen AI tools are available to everyone – a bonus in many ways – we have the perfect storm. E-invoices, online transactions, and automated payment systems benefit businesses, customers, and cybercriminals. Fraudsters are exploiting our digitized world to steal, disrupt operations, and create distrust. Our systems are inadequately secured, and this has brought about an inevitable increase in accounting fraud.

Facing this new threat, it’s vital that businesses understand and address potential vulnerabilities in their finance processes. Ironically, the technology that fraudsters are employing to scam businesses, is the same technology that’ll protect them.

It’s worth saying that this fraud isn’t restricted to one industry. All businesses across all industries have finance departments. Therefore, they’re all at the mercy of fraudsters.

“51% of surveyed organizations say they experienced fraud in the past two years, the highest level in our 20 years of research.” PwC’s Global Economic Crime and Fraud Survey 2022

Our How To Identify Fake Invoices guide explains types of invoice scams and how to protect against fraud attacks. 

What is invoice fraud?

“Also known as mandate fraud, a fraudster poses as one of your suppliers. They tell you their payment details have changed and provide new account details. They may ask for a payment urgently. The fraud may only come to light when the genuine supplier seeks payment.” Barclays Bank PLC

It’s a fake payment request sent by scammers, pretending to be a supplier or vendor. The intent? To steal money from your business.

The fake invoice will have small discrepancies that can easily be missed. Bank account details one number off. Payment address tweaked. Purchase order doesn’t match. 

Impersonating a vendor’s account, a fraudster could use the correct email address but provide a new payment procedure. I’ll go into more detail about the types of invoice scams later in this post, but here are some examples…

• Submitting the same invoice multiple times to receive duplicate payments
• Sending fake invoices for goods that either weren’t ordered or weren’t received
• Submitting invoices with the payment due increased
• Invoices that imply urgency and actions that could be taken if payment isn’t made swiftly

Fraudsters, knowing that accounts payable departments are often overwhelmed with paperwork, have an easy target. Adding a sense of urgency – this invoice is 90 days past due – almost guarantees payment is made without scrutiny.

Without a stringent accounts payable fraud detection process in place, businesses may fail to identify fake invoices and pay out substantial amounts of money.

Other examples of invoice scams include duplicate invoices and inflated invoices. A fraudster may submit multiple invoices that charge you for products or services that you’ve already paid for. Or, they may increase the price to something more than was agreed.

Unfortunately, invoice fraud has become more sophisticated with the shift to digital channels and AI technology.

Dealing with a large volume of invoices, mid to large businesses must be vigilant, especially if they’re still following manual processes for tracking, matching, and payment. Manually tracking which payments have been made and matching with the associated line items is a slow, error-prone task. Making it easier for fraudsters to pass fake invoices. 

Deep learning neural network for accurate invoice data capture and validation.

Types of invoice fraud

“65% of organizations were victims of payment fraud attacks/attempts in 2022. Of the victims, more 27% were able to recover at least 75% of the funds they lost. But, nearly 44% failed to recoup their losses.” 2023 AFP® Payments Fraud and Control Survey

While all businesses are vulnerable to invoice fraud, the larger ones with more employees are more prone to communication breakdowns between accounts payable and other departments raising purchase orders. They also have to handle vast amounts of paperwork.

Scammers have upped their game so they can target more businesses. There are multiple ways they can defraud your business. Here are the most common types of invoice fraud…

Fake invoice

A fake invoice is created by a fraudster and sent to your organization for payment, but zero products have been delivered. The scammer makes subtle changes, such as using a vendor known to you, but with the wrong payment address or bank account number. 

An inventory check or two-way matching – automatically comparing purchase order and associated invoice – will reveal a fake invoice. 

Fake email

Business email compromise – BEC – is a social engineering attack. It occurs when a fraudster gains access to your email system, infiltrates email threads, and impersonates a supplier, vendor, or a person in your organization. Your CEO, for instance. 

With an email thread compromised, the fraudster has access to payment information mentioned and is able to alter payment methods.

BEC emails are targeted, unlike phishing emails, and personalized. They often employ a sense of urgency, such as an immediate payment demand, funds transfer, or banking details. 

Inflated invoices

Also called bill padding, a legitimate invoice is submitted with inflated prices. The increase won’t be huge, so it flies under the radar. But, the fraudster will deluge businesses with this type of fake invoice.

Internal fraud

Regrettably, there are many businesses still struggling with manual processes in their accounts payable department. 

Heads up! You’re inviting fraudsters into your business and offering them a cup of coffee and a cookie. A chocolate cookie.

Sorry to say, internal fraud means you’ve got someone dodgy in your company. Probably in the AP team. Taking a legitimate vendor invoice, rather than paying into the vendor’s bank account, they redirect to a third-party’s account. 

Having access to your accounts payable software, they temporarily change the vendor’s bank details, correcting them later to avoid detection. Finally, they approve and sign off the accurate invoice and transfer the money to the vendor.

“31% of fraud cases are perpetrated by an employee, and 26% from collusion between internal and external actors.” PWC’s Global Economic Crime and Fraud Survey 2022

How to identify fake invoices

With businesses becoming more aware of the increase in invoice fraud, the first step is knowing what to look out for. These are red flags that indicate a fake invoice has landed…

Purchase order and invoice numbers don’t match

If the purchase order and invoice numbers don’t match, chances are that you’ve been hit with a fake invoice. Other discrepancies include an incorrect amount due, and goods or services that weren’t ordered.

While confirming the accuracy of every invoice is the standard for finance teams, mistakes can be missed if you’re following a manual data entry process or if you’re using a substandard automated matching solution. 

For this reason, many companies are shifting towards intelligent document processing solutions with three-way matching. This feature automates the checking of details on purchase orders, receipts, and invoices.

Inconsistent customer contact information

When verifying the validity of an invoice, if the contact information of the vendor doesn’t match previous correspondence, contact the vendor – using the details you have on file – to confirm.

Increase in volume of invoices

Some businesses have a purchasing policy in place that stops your teams from making random purchases. 

Which begs the question – why are you receiving more invoices?

Check the quantity of purchases compared with the number of invoices. Any invoice that doesn’t have a matching PO indicates that you’ve suffered a third-party or duplicate payment scam.

Duplicate invoices

Sadly, there are some dodgy vendors out there, and invoice duplication occurs when a dishonest vendor submits the same invoice multiple times.

Businesses that manage complicated projects that juggle several vendors and billing requests are particularly vulnerable to duplicate invoice scams.  

Receiving an invoice each month from a vendor, it’s safe to assume that your finance team will be able to confirm payment or otherwise. Being bombarded with 30 is going to be a problem.

But, duplicate invoices can’t all be blamed on vendor fraud. If you’re late to pay a bill, a vendor may justifiably resubmit an invoice. If your AP team is overwhelmed with manual tasks or working with a legacy automation platform, these invoices can end up being paid twice.

Or, you could look to accounting automation.

Threatening language

Does the invoice contain language designed to make you panic? 

If you don’t pay within 90 days… 

Legal action will be taken if you don’t…

Ignore the cold sweat that breaks out. The invoice has been written with the sole purpose of pressurizing you into paying for goods that you may not even have ordered. 

Is this a vendor you usually work with? Is this language normal? 

Verify. Verify. Verify.

How to protect your business against fake invoices

Many companies have vulnerabilities that make it easy for fraudsters to attack. Inconsistent processes, your finance team is overwhelmed with paperwork, communication bottlenecks between teams, a lack of data visibility… Unless you address these issues, you won’t identify fake invoices submitted to your business and your fraud management strategy will fail.

Okay…

How to protect your business? Automated accounts payable workflows.

I know. I know. I bang on about automated document processing all the time. It’s what I’m paid to do. And it’s the best way to protect your accounts payable processes, by increasing the accuracy, efficiency, and security of your invoice verification process.

Let’s look at the ways in which AI document processing helps protect your business against fake invoices…

Data validation

• Fast, accurate data extraction from invoices, cross-referenced with existing data bases and predefined criteria
• Inconsistencies or discrepancies in the data – mismatched amounts, dodgy vendor details – are flagged for review

Rule-based validation

• Configured with predefined rule-based validation checks, an automation platform can identify anomalies or deviations from expected patterns
• An alert is triggered for manual verification if unusual invoice amounts, changes in vendor details, duplicate invoices, altered payment methods or bank details are found

Pattern recognition

• Machine learning algorithms are trained to recognize patterns associated with genuine invoices and find deviations that could indicate fake invoices
• Historical data is referenced to detect irregularities over time – invoice amounts, frequency, vendor behavior

Invoice matching

• Three-way matching compares invoice details with purchase order and goods receipt note – GRN – to ensure consistency
• Discrepancies will be flagged for investigation
• Check our our Guide To Invoice Processing Automation for more details.

Integration with ERP

• Integration with your ERP system ensures validation of invoice data against your existing records
• Identify anomalies such as invoices for goods or services that you didn’t order or receive

Approval workflow automation

• Invoices are systematically passed through multiple channels for verification, reducing the chances of unauthorized payments
• Multi-levels of approvals and segregation of duties are implemented to add another layer of security

Document encryption and security

• Processing and storage of sensitive financial information is done in a secure environment
• Encryption protects against unauthorized access of invoice data

Audit trails

• Audit trails monitor and analyze invoice processing in real time, identifying potential fraud attempts
• Alerts will be sent for suspicious activity, enabling fast intervention

Transactional document automation pumps up the accuracy, efficiency, and security of your invoice processing workflows. Making it harder for fraudsters to exploit your vulnerabilities. 

For more information, check out our 11 Tips For Automating The End-To-End Process Of Accounts Payable.

How to identify fake invoices? Rossum AI

An intelligent document processing solution like Rossum will help you identify fake invoices. From data capture, validation, three-way matching to duplicate invoices and mismatched data, our IDP solution will red flag discrepancies immediately. Reducing your AP team’s stress levels and protecting your business against fraud.

If you don’t have time for an hour-long demo? Knock yourself out with our interactive demo. See how intuitive our AI-powered document processing platform is, and how we can revolutionize your business operations and drive efficient document workflows.

FAQs