Accounts payable fraud: types, red flags, and how to prevent it

Accounts payable fraud includes invoice fraud, shell company schemes, duplicate payments, expense reimbursement fraud, and payment diversion — collectively costing organisations a median of $145,000 per case (ACFE, 2024). AP departments are the primary target because they control outgoing payments. The most effective prevention methods are enforced segregation of duties where no single person controls the full payment chain, automated approval routing with duplicate detection, and bill-to-PO matching that runs before payment rather than after.

A $117,000 loss. That's what one company discovered after an employee quietly submitted fake consulting invoices every month for a year. The amounts were small enough to avoid scrutiny, consistent enough to look routine, and completely fabricated. Accounts payable fraud like this rarely announces itself. It hides in the ordinary.

The ACFE's 2024 Report to the Nations found that organizations lose a median of $145,000 per fraud case, with billing schemes among the most common forms of asset misappropriation (ACFE, 2024). AP departments are a primary target because they sit at the point where money actually leaves the business.

This article covers the most common types of AP fraud, the warning signs finance teams should watch for, and the controls that catch fraud before payment is made.

What is accounts payable fraud?

Accounts payable fraud is any scheme that manipulates the AP process to steal money or divert payments. It covers both internal fraud (employees exploiting their access) and external fraud (vendors or third parties submitting false claims).

What makes AP fraud particularly dangerous is its location in the financial chain. Every outgoing payment is a potential exposure point. Without proper controls around accounts payable management, a single compromised step can result in significant financial loss.

Common types of accounts payable fraud

Invoice fraud (fake or inflated invoices)

The most common AP fraud type. Employees or external parties submit invoices for goods or services never delivered, or they inflate legitimate invoices to skim the difference.

In one documented case, a single employee fabricated over $300,000 in sales records and expense claims over twelve months before anyone noticed (ApprovalMax Fraud Stories series). Indicators include invoices from unfamiliar vendors, round-number amounts, and missing purchase order references.

The ACFE reports that billing schemes are among the most frequent forms of asset misappropriation, affecting 86% of fraud cases in their 2024 study (ACFE, 2024).

Vendor fraud (shell companies and kickbacks)

Employees create fictitious vendors and route payments to themselves, or they accept kickbacks from real vendors in exchange for favorable treatment. Shell company schemes are difficult to detect because the paperwork often looks legitimate.

Red flags include vendors registered to PO box addresses only, vendors with a single client, and employees who approve their own vendor setups. Regular reviews of vendor master data help catch these patterns early.

Duplicate payment schemes

Deliberately submitting the same invoice twice, or under slightly altered invoice numbers, to trigger a second payment. This fraud type is especially effective at scale, where the volume of transactions makes manual detection nearly impossible.

Look for the same amount from the same vendor within a short window, or invoice numbers that differ by a single character.

Expense reimbursement fraud

Employees submit false or inflated expense claims. Personal purchases disguised as business expenses, fabricated receipts, and inflated mileage are the most common tactics.

Individual amounts tend to be small, which is exactly why this type often goes undetected. Automating expense management adds the verification layer that manual review misses.

Check tampering and payment diversion

Altering payment details after approval. This includes changing bank account numbers on invoices, intercepting checks, or manipulating payment runs.

In one near-miss, a company almost paid $45,000 to a fraudulent account after receiving a convincing PDF with a changed IBAN. The discrepancy was caught only because the bank details didn't match the vendor's records on file (ApprovalMax Fraud Stories series). Payment diversion is growing more common as businesses shift to electronic transfers.

Red flags that signal AP fraud

These warning signs don't confirm fraud on their own, but they warrant immediate investigation:

• Invoices just below approval thresholds (splitting amounts to avoid higher-level review)
• Vendor addresses that match employee addresses
• A sharp increase in payments to a single vendor over a short period
• Invoices without purchase order references
• Sequential invoice numbers from the same vendor in a single batch
• Round-number invoices ($5,000.00 exactly, $10,000.00 exactly)
• Vendors with no phone number, website, or verifiable business presence
• Payments processed outside normal AP cycles
• Employees who resist taking leave or sharing AP duties (fraud often requires continuous oversight by the perpetrator)
• Unexpected changes to vendor bank details shortly before a payment run

In one case, a supplier's email was hacked and a revised $22,000 invoice was sent with altered payment details. The only thing that prevented the loss was a team member who noticed a subtle font change in the PDF (ApprovalMax Fraud Stories series). Automated verification catches what human attention occasionally misses.

How to detect accounts payable fraud

Detection relies on three approaches working together.

First, regular AP audits. Spot-check invoices against purchase orders, verify vendor details independently, and review the full approval trail for each transaction. A thorough accounts payable audit is the foundation of any fraud detection program.

Second, data analytics. Use transaction data to identify anomalies. Benford's Law analysis flags unusual digit distributions. Duplicate matching algorithms catch repeated invoice numbers and amounts. Trend analysis on vendor payment volumes reveals sudden spikes.

Third, segregation of duties review. Ensure no single person controls the full chain from vendor setup to payment execution. When one person can create a vendor, approve an invoice, and authorize a payment, fraud becomes significantly easier. Implementing segregation of duties in accounts payable is one of the most effective controls available.

According to the ACFE, 43% of occupational fraud cases are detected through tips, more than three times the next most common method (ACFE, 2024). This underscores why a combination of automated controls and a culture of accountability matters.

How to prevent accounts payable fraud

Enforce segregation of duties

No single person should be able to create a vendor, approve an invoice, and execute a payment. Segregation of duties creates checkpoints that require collusion to bypass.

Even small teams can implement basic separation. One person enters invoices, a different person approves, and a third authorizes payment. The principle scales with business size, and tools can enforce it automatically.

Automate approval workflows

Manual approval processes are the biggest vulnerability. Automated approval workflows enforce rules consistently. Every invoice follows the same routing based on amount, department, and vendor. No one can bypass the chain without leaving a record.

Approval routing removes the human judgment that fraudsters exploit. When the system enforces the rules, there's no opportunity for someone to "just this once" skip a step.

Use duplicate detection and matching

Automated systems flag invoices that match existing records by amount, invoice number, or vendor. Bill-to-PO matching catches invoices for goods never ordered. These checks happen before approval, not after, which means problems are caught before money moves.

Ardent Partners reports that manual invoice processing costs $10.18 on average, and that automated environments reduce processing costs by over 70% while also improving accuracy (Ardent Partners, State of ePayables). Faster, cheaper, and safer.

Audit vendor master data regularly

Review the vendor list quarterly. Flag vendors with incomplete records, dormant vendors still receiving payments, and vendors with recent bank detail changes. Cross-reference employee addresses with vendor addresses to catch shell companies.

Build a culture of accountability

Fraud prevention isn't only about tools. Anonymous reporting channels, clear consequences for policy violations, visible controls, and regular training all reduce fraud risk.

The ACFE found that tips from employees are the single most effective fraud detection method (ACFE, 2024). Building essential financial controls into daily operations makes fraud harder to commit and easier to catch.

How ApprovalMax helps prevent AP fraud

Automated multi-step approval routing

Rules-based routing ensures every invoice, bill, and expense claim follows the correct approval chain. Routes are determined by amount thresholds, department, vendor, or project. Approvers can act from any device. Auto-substitution prevents delays when someone is unavailable.

ApprovalMax processed over 11.62 million bills in 2024. A new bill enters the workflow every 2.72 seconds.

Always-on fraud detection

Duplicate detection catches matching invoice numbers, amounts, and vendor combinations before approval. Bank detail change flagging alerts approvers when vendor payment information changes unexpectedly. Budget threshold alerts prevent overspend. Coding rule enforcement at the point of approval ensures every transaction is correctly classified.

These are the audit and fraud control features that turn prevention policies into automated checkpoints.

Full audit trail and compliance

Every action is logged: who approved, when, and from where. The audit trail is immutable. This gives finance teams defensible records for auditors and creates the transparency that deters internal fraud.

ApprovalMax's controls have been validated by Big Four audit firms. Customers like Le Contrôleur and Zivo report improved audit readiness and stronger financial visibility after implementation.

Getting started

ApprovalMax offers a free trial. Deployment takes days, not weeks, and teams can start with basic approval routing before adding advanced controls like PO matching and budget checking. Learn more about accounts payable controls to see how the platform fits your AP process.

• ACFE, Occupational Fraud 2024: A Report to the Nations
• Ardent Partners, State of ePayables Report
• IOFM, Institute of Finance and Management
• ApprovalMax Fraud Stories video series