Blog
7 types of accounts payable fraud (and which ones slip past your controls)
Published April 5, 2026 · Updated June 10, 2026 · 7 min read
The AFP 2026 Payments Fraud and Control Survey found that 76% of organizations experienced attempted or actual payment fraud in 2025 — including organizations with documented AP controls. Understanding types of AP fraud helps you tune detection beyond segregation of duties. Below, seven common schemes: how they work, why they slip through typical workflows, and how to catch them earlier.
1. Ghost vendors
How it works: A fake vendor is created in the master file and paid like any legitimate supplier.
Why it slips through: If new vendor setup is lightly reviewed or one person can both create and approve, the scheme hides in volume.
How to detect: Look for vendors with no purchase history, odd naming patterns, duplicate addresses, or payments to individuals who should not receive firm funds.
2. Duplicate invoices
How it works: The same invoice (or a near copy) is submitted twice—sometimes with a different bank account on the second pass.
Why it slips through: Basic amount matching passes; reviewers focus on vendor name, not invoice ID or bank detail deltas.
How to detect: Cross-check invoice numbers, dates, and amounts; flag duplicate pairs and any payee change between them.
3. Vendor impersonation
How it works: An attacker poses as a known supplier via email or portal to redirect payment.
Why it slips through: The vendor record is “real”; only the contact path is wrong—something static approvals rarely test.
How to detect: Compare communication domains to historical threads; require out-of-band confirmation for bank updates.
4. Bank change fraud
How it works: Fraudsters convince AP to send the next payment to a new account they control.
Why it slips through: Staff trust urgency and familiar branding; QBO stores the new details without questioning whether they match prior payee history.
How to detect: Fingerprint prior payments; alert when routing or account numbers diverge from established patterns. See the full vendor bank change verification protocol.
5. Overbilling
How it works: Invoices exceed contract rates, quantities, or agreed scope.
Why it slips through: AP matches to a PO header but not line-level pricing; busy approvers rubber-stamp.
How to detect: Three-way match, statistical sampling, and trend reviews on vendor spend versus prior periods.
6. Kickback schemes
How it works: An insider steers business or inflated payments to a vendor who shares the benefit.
Why it slips through: Transactions look “authorized”; collusion defeats pure system controls.
How to detect: Rotation of duties, vendor analytics, whistleblower channels, and board-level review of related-party risk.
7. Business email compromise (BEC)
How it works: Compromised or spoofed email drives fake payment instructions or fake invoices from what looks like leadership or a vendor.
Why it slips through: Email is trusted; MFA on mail does not prove message content. AP processes optimize for speed.
How to detect: Domain authentication signals, vendor fingerprinting, and payment holds on anomalous bank or invoice changes. BEC has also moved beyond email — see how fraudsters are using WhatsApp to bypass email security.
Build detection that matches the fraud type
Layer policy with tooling: start from accounts payable fraud prevention practices, then add continuous monitoring on top of your stack. For AI-generated invoice fraud specifically, see how behavioral detection catches what visual review misses. For ACH compliance requirements, see the NACHA 2026 compliance checklist for AP teams.
Stop AP fraud before it clears
Pair education on fraud types with prevention workflows and invoice-level detection so your controls match how attackers actually behave.