7 types of accounts payable fraud (and which ones slip past your controls)

1. Ghost vendors

How it works: A fake vendor is created in the master file and paid like any legitimate supplier.

Why it slips through: If new vendor setup is lightly reviewed or one person can both create and approve, the scheme hides in volume.

How to detect: Look for vendors with no purchase history, odd naming patterns, duplicate addresses, or payments to individuals who should not receive firm funds.

2. Duplicate invoices

How it works: The same invoice (or a near copy) is submitted twice—sometimes with a different bank account on the second pass.

Why it slips through: Basic amount matching passes; reviewers focus on vendor name, not invoice ID or bank detail deltas.

How to detect: Cross-check invoice numbers, dates, and amounts; flag duplicate pairs and any payee change between them.

3. Vendor impersonation

How it works: An attacker poses as a known supplier via email or portal to redirect payment.

Why it slips through: The vendor record is “real”; only the contact path is wrong—something static approvals rarely test.

How to detect: Compare communication domains to historical threads; require out-of-band confirmation for bank updates.

4. Bank change fraud

How it works: Fraudsters convince AP to send the next payment to a new account they control.

Why it slips through: Staff trust urgency and familiar branding; QBO stores the new details without questioning whether they match prior payee history.

How to detect: Fingerprint prior payments; alert when routing or account numbers diverge from established patterns.

5. Overbilling

How it works: Invoices exceed contract rates, quantities, or agreed scope.

Why it slips through: AP matches to a PO header but not line-level pricing; busy approvers rubber-stamp.

How to detect: Three-way match, statistical sampling, and trend reviews on vendor spend versus prior periods.

6. Kickback schemes

How it works: An insider steers business or inflated payments to a vendor who shares the benefit.

Why it slips through: Transactions look “authorized”; collusion defeats pure system controls.

How to detect: Rotation of duties, vendor analytics, whistleblower channels, and board-level review of related-party risk.

7. Business email compromise (BEC)

How it works: Compromised or spoofed email drives fake payment instructions or fake invoices from what looks like leadership or a vendor.

Why it slips through: Email is trusted; MFA on mail does not prove message content. AP processes optimize for speed.

How to detect: Domain authentication signals, vendor fingerprinting, and payment holds on anomalous bank or invoice changes.

Build detection that matches the fraud type

Layer policy with tooling: start from accounts payable fraud prevention practices, then add continuous monitoring on top of your stack. For a concise rollout path, see prevent —our hub for stopping payment fraud before funds leave.