Accounts payable fraud: Common schemes and how to spot them

Accounts payable (AP) fraud is a growing concern for businesses of all sizes.

The Association of Certified Fraud Examiners (ACFE) reports that organizations lose about 5% of annual revenue to occupational fraud, with a median loss of $145,000 per case. Even more alarming, fraud can go undetected for an average of 14 months without strong controls in place.

Left unchecked, AP fraud drains cash, damages vendor relationships, and exposes companies to regulatory risk. Understanding how schemes work and how to spot them early is critical to protecting your organization’s financial health.

What is accounts payable fraud?

Accounts payable fraud is the deliberate exploitation of your company’s payment process for unauthorized financial gain. It targets the accounts payable department, which manages vendor payments and is a frequent point of vulnerability.

Fraud can involve insiders, such as employees with access to payment systems, or external parties like vendors or cybercriminals. Sometimes it includes collusion—for example, an employee working with a vendor to inflate invoices or approve payments for nonexistent services.

AP fraud can occur at multiple points in the procure-to-pay process, including vendor setup, purchase orders (POs), invoice submission, approval workflows, and payment execution.

How AP fraud schemes work

Fraud often enters through weak points in the accounts payable process.

One common entry point is vendor master creation and changes. Fraud occurs when fictitious vendors are onboarded or when bank details are altered without proper verification.

Invoice submission and approval thresholds are another target. Inflated or duplicate invoices can slip through if approvers don’t closely review supporting documentation. At the payment stage, schemes often involve diverted ACH payments or manipulation of checks, such as altering payee information.

Collusion adds to the risk. Employees may conspire with vendors or other approvers to override controls. Gaps like missing 3-way matches (purchase order, invoice, and receipt), weak verification or callback procedures for bank account changes, and inadequate segregation of duties also create opportunities for fraud.

Consequences and risks of AP fraud

Accounts payable fraud drains cash and creates ripple effects across the business. It can damage vendor relationships, harm your reputation with customers and auditors, and trigger regulatory scrutiny that leads to fines or restatements. Beyond compliance, fraud disrupts daily operations, lowers employee morale, and diverts resources away from growth.

Common types of accounts payable fraud

Accounts payable fraud schemes generally fall into two categories: internal fraud, committed by employees inside the organization, and external fraud, carried out by outside parties like vendors or cybercriminals. Each category presents unique challenges and risks, requiring tailored prevention strategies.

Internal AP fraud

Common internal fraud schemes include:

• Billing schemes: Employees create fake vendors or inflate invoices to divert funds for undelivered goods or services
• Pass-through schemes: An employee sets up a shell vendor to buy goods at market price, then resells them to the company at inflated rates
• Check tampering: Fraudsters alter payee details or increase amounts by exploiting access to checks or accounting software
• Expense reimbursement fraud: Employees file false claims such as fake expense reports, business travel expenses, or duplicate receipts
• Duplicate payments: Invoices are intentionally paid twice, or vendors exploit the process by resubmitting the same invoice with minor changes
• Conflict of interest: Employees approve payments to vendors with undisclosed personal ties, often leading to inflated costs or poor service
• Kickback schemes: Employees collude with vendors to obtain personal benefits, such as cash or gifts, in exchange for favorable contracts

External AP fraud

External fraud schemes include:

• Invoice fraud: Criminals submit fake invoices with altered details, often impersonating legitimate vendors
• Overbilling: Vendors inflate invoices or bill for services not rendered when purchase orders or receipts aren’t closely reviewed
• Vendor fraud: Fraudulent vendors register fake entities to receive payments, taking advantage of weak onboarding and limited monitoring
• Ghost vendors: Fictitious supplier accounts are created to receive payments for nonexistent goods or services, often in small, recurring amounts
• Business email compromise (BEC): Cybercriminals impersonate executives or vendors via email to request urgent payments, using spoofed addresses and social engineering tactics
• ACH fraud: Fraudsters alter ACH payment instructions to divert funds to unauthorized accounts, often escaping detection without real-time monitoring
• Payment diversion: Bank account details or payment instructions are manipulated, sometimes with insider collusion, to reroute legitimate vendor payments
• Other external techniques: Tactics such as phishing, malware, and social engineering target outdated systems and weak security

AP fraud red flags

Detecting accounts payable fraud schemes early is critical. Watch for these warning signs.

Vendor red flags

Fraud risk increases when payments go to unfamiliar or unverified vendors. Signs include vendor addresses or bank accounts that match employees, inactive vendors suddenly receiving payments, or vendors that provide only a P.O. box. Rapid or unexplained changes to vendor bank details are another red flag.

Invoice red flags

Invoices missing details such as tax IDs, rounded amounts, or vague line-item descriptions should be treated with caution. Sequential invoice numbers, duplicate submissions, or amounts that consistently fall just below approval thresholds can also signal false invoices.

Payment red flags

Unusual payment activity often signals fraud. Examples include sudden spikes in payments, multiple transactions to the same vendor in a short time, or frequent off-cycle payments. Repeated wires to new accounts and exceptions that bypass standard workflows also deserve closer scrutiny.

Behavioral red flags

Employee behavior can reveal risks systems miss. Reluctance to share responsibilities, resisting scheduled leave, or insisting on handling vendor changes alone can indicate concealment. Close or undisclosed personal relationships with vendors are another warning sign.

Data red flags

Fraud often leaves patterns in the data. Look for repeated cents across invoices, duplicate entries across vendors, or payment spikes clustered by vendor, approver, or time period.

How to detect AP fraud in your business

Strong detection practices are essential to identify vulnerabilities before they become costly fraud events.

Use Benford’s law for data analysis

Benford’s law predicts the distribution of leading digits in naturally occurring datasets. In legitimate financial transactions, lower digits such as 1, 2, or 3 appear more often than higher digits such as 8 or 9. Significant deviations from this pattern in invoices or payments can signal fraud.

Automated accounting software can compare payment data against Benford’s law. Investigate anomalies when first-digit distributions deviate by more than 5 percentage points across a period, or when unusual patterns persist month over month. These anomalies are leads to potential fraud, not proof on their own, and should always be combined with other tests and controls.

Conduct regular audits

Regular accounts payable audits help uncover discrepancies in high-risk areas such as vendor onboarding, payment approvals, and invoice reconciliation. Surprise audits can be especially effective in deterring internal fraud.

Focus on four core checks:

• Periodic vendor master reviews: Validate vendor legitimacy
• Sample-based invoice audits: Use invoice audits to catch duplicates or irregularities
• Statement reconciliations: Confirm balances with vendors
• Surprise check stock counts: Prevent unauthorized use of paper checks

Designate responsible parties for monitoring

Fraud detection only works when ownership is clear. Key roles include:

• AP department: Handles vendor setup, invoice processing, first-line reviews, and callbacks for bank detail changes
• Internal audit/compliance: Oversees control design, conducts audits, and supports investigations
• IT/security: Manages email and domain protections, enforces access controls, and leads incident response
• Executive sponsor (CFO or Controller): Sets the tone at the top, approves policies, and provides resources
• External auditors: Offer independent assessments and identify blind spots internal teams may miss

Establish a culture where employees know their role in protecting financial integrity and feel comfortable reporting concerns.

Centralize monitoring and analytics

Use centralized dashboards to flag risks such as duplicate invoices, rapid vendor changes, split invoices designed to bypass approval thresholds, and payments to first-time vendor accounts. Automated anomaly detection, including machine learning models that score outliers in invoice amounts or approval patterns, strengthens oversight and surfaces fraud trends early.

What to do if you suspect fraud

If you suspect fraud, act fast. Freeze pending payments, lock system access, and preserve records as evidence. Notify your bank and internal stakeholders right away, and escalate to IT/security, law enforcement, or your insurer. Quick action limits financial loss and improves your chances of recovery.

Preventing AP fraud in your business

Preventing accounts payable fraud requires a combination of strong internal controls, advanced technology, and a culture of accountability. Here are eight controls worth prioritizing:

1. Segregation of duties: Separate vendor setup, invoice entry, approval, and payment release. Role-based access ensures no single employee controls the full process.
2. 3-way matching (with tolerances): Use systems that automatically match purchase orders, receipts, and invoices before releasing payment. Define acceptable tolerances so minor variances, such as shipping costs or taxes, don’t delay legitimate payments.
3. Vendor master data validation: Vet new vendors thoroughly with background checks, address verification, and tax ID confirmation. Restrict who can edit vendor records and require out-of-band callbacks before approving changes.
4. Four-eyes principle for approvals: Require dual approvals for payments above a threshold and for sensitive actions such as vendor bank account changes or high-risk vendor onboarding.
5. Positive pay for checks: Implement positive pay controls, which verify check details with the bank before payment. Lock check stock and reconcile exceptions daily.
6. Bank detail change verification: Block email-only change requests. Always confirm with a trusted vendor contact by phone or another secure method before updating bank details.
7. Training and whistleblowing: Offer annual training on red flags and BEC tactics. Provide confidential reporting channels so employees can raise concerns without fear of retaliation.
8. Periodic risk assessments: Regularly review whether controls are effective. After incidents or system changes, revisit thresholds, approval levels, and monitoring rules to keep protections current.

How to prevent fraud with Ramp’s AP automation

Ramp’s accounts payable software makes fraud prevention simpler and more effective.

With Ramp, you gain streamlined processes, greater visibility, and AI-powered tools that reduce exposure to accounts payable fraud schemes by:

• Reducing manual data entry: Capture invoice details instantly with OCR to minimize human error and reduce fraud opportunities
• Building multi-layer approval flows: Use intelligent routing rules to ensure every payment is verified, with alerts for errors or overbilling
• Integrating with ERP systems: Sync vendor details, purchase orders, and payment records across systems for consistency and fewer discrepancies

Try Ramp’s interactive demo to see how AP automation strengthens security and efficiency.