Common Accounts Payable Fraud Schemes

In accounts payable, knowing common fraud schemes that are confronting your vendor payment process is the power to prevent the scheme from occurring. There are several key concepts for you to understand in order to have this power. But first, what is accounts payable fraud? What are the different types? And how can businesses detect AP fraud? Keep reading to get answers to each of those questions as well as learn how AP automation can help businesses prevent fraud.

Key Takeaways

  • Understand the two main categories of accounts payable fraud, which are internal accounts payable fraud and external accounts payable fraud.
  • Uncover the difficulties in detecting certain fraud schemes, such as pass-through schemes and disguised purchase schemes.
  • Use technology solutions like AP automation to streamline processes, reduce human error, and enhance overall fraud detection capabilities.

hacker at computer

What is Accounts Payable Fraud?

Accounts payable fraud is a type of financial fraud that targets a company’s accounts payable department. When fraud occurs in this department, fraudsters can exploit the entire AP process to steal money from the company. Typical fraud schemes have two elements:

  • The type of vendor
  • The fraud action statement

Regarding the type of vendor, businesses need to identify if the vendor is real or false. If false, is the false vendor created by the perpetrator, or did someone take over the identity of a dormant vendor? If real, is the vendor complicit in the fraud scheme or not complicit?
The fraud action statement can include schemes such as false billing, overbilling, disguised purchases, and more.

What Are the Different Types of Accounts Payable Fraud?

There are two main types of AP fraud: internal accounts payable fraud and external accounts payable fraud.

Internal Accounts Payable Fraud

Internal AP fraud is when the employer is cheated via billing schemes by an internal source at the company. Examples of this include:

  • False Billing: This includes paying for goods or services you did not receive. This typically occurs with disbursements associated with services.
  • CEO Fraud: CEO fraud is when an attacker impersonates a senior executive of a company, such as the CEO, CFO, or COO, in order to trick an employee into making a fraudulent payment or transferring sensitive data.
  • Pass-Through Schemes: Pass-through schemes often involve systematic markups converted through shell companies. These are a little more complicated and have up to 15 permutations.
  • Overbilling: This can be anything from overbilling on the price, quantity, or quality, as well as creating false charges, false add-on charges and no recovery of chargebacks or credits.
  • Disguised Purchases: This occurs when someone buys something and converts the purchase to their personal use. A more complex version is buying an item and diverting it for resale.
  • Conflict of Interest Schemes: Conflict of interest schemes occur when an internal employee has an ownership or a disguised ownership interest in a vendor.
  • Check or Payment Tampering: Check tampering occurs when an employee steals checks to deposit funds into his or her account. It typically takes companies 18 months to catch perpetrators.


External Accounts Payable Fraud

External accounts payable fraud refers to schemes made by outsiders such as vendors, fraudsters, or customers.

  • Vendor Fraud: Vendor fraud occurs if a vendor submits false invoices, overcharges for goods or services, or accepts kickbacks from employees in exchange for inflating prices. For example, a vendor may inflate the price of goods or services, or submit an invoice for goods that were never provided.
  • Customer Fraud: Customers may return goods they never purchased, use stolen credit cards to make purchases, or claim refunds for goods they did not receive.
  • Check Fraud: Check fraud is when a cybercriminal manipulates a physical check to redirect payments to unauthorized accounts. This can be accomplished through forgery, tampering, or theft.
  • ACH Fraud: ACH fraud is the process of electronically transferring funds from your company’s bank account to an unauthorized account through the Automated Clearing House (ACH) network. This can be done through phishing, BEC, data breaches, or installing malicious software.
  • Cyber Fraud: Cyber fraud is when a cybercriminal hacks into a company’s computer systems to steal financial information. This can be accomplished through phishing emails that appear to be from legitimate sources in order to trick employees into revealing sensitive information.
  • BEC Fraud: Business email compromise (BEC) fraud is a type of email scam where the attacker sends an email that appears to be from a legitimate source, such as a business partner, vendor, or customer, and requests money or sensitive information.


What Are the Red Flags of Accounts Payable Fraud?

Since accounts payable fraud can come in a variety of forms, it’s important to know and identify any red flags. Below are some key areas to monitor when looking for red flags in AP.

Increases in Vendor Payments

Sharp increases in payments to a single vendor, without a corresponding increase in goods or services, can be a red flag for AP fraud where funds are diverted through fake vendors or vendor collusion.

Large Payments to One Vendor

Large payments to a single vendor is a major red flag in accounts payable fraud. This tactic can be used to funnel funds to a fake company created by the fraudster, or worse, it could be a “kickback scheme” where the vendor works with someone within the organization to inflate prices and split the stolen funds.

Payments Slightly Under the Payment Approval Amount

Fraudsters often use a widespread tactic of keeping payments slightly below the threshold that requires payment approval. This approach allows them to scheme just below the approval limit of being noticed while successfully committing AP fraud.

Duplicate Invoices

Receiving duplicate invoices for the same goods or services can often be a red flag for AP fraud. In this case, fraudsters submit duplicate invoices for payments in the hopes of negligence from the AP team to not notice.

Suspicious Spikes or Patterns in Payment Amounts

Any irregularities or unusual variations in payment amounts can indicate a red flag in AP. If payments suddenly skyrocket, especially during off-peak periods, fraudsters may exploit quieter times to push through unauthorized payments.

Large Purchases on an Company Issued Credit Card

If an employee makes unusually large purchases without authorization or submits fraudulent expenses and claims (most commonly known as reimbursement fraud) for non-existent purchases, this is a major red flag and can indicate fraud.

Sense of Urgency and Secrecy

Any sudden demand for immediate action or claim that payment is required immediately is a major red flag. Urgency within payments creates pressure that might result in an employee skipping standard verification procedures. This may also be paired with a level of secrecy, where the fraudster asks to use communication outside usual channels or requests for the employee to keep their conversation confidential.

Common Fraud Schemes that Occur in Accounts Payable

There are two fraud schemes that can occur in any company and comply with all of your internal controls. These schemes did occur in companies with excellent internal controls, and did result in losses to the company.

Pass-Through Schemes

The pass-through scheme is difficult to prevent because it’s challenging to detect with traditional controls. This scheme is very common and could operate for years without detection because it complies with your three-way match and appears to be a valid transaction. The first step is to understand how a pass-through scheme occurs in your expenditure cycle.
The standard pass-through scheme is composed of three companies and can have a lasting effect on your bottom line. The three companies involved are your company, a shell company, and a vendor company. The shell company is either controlled by a perpetrator who is a member of your company or the supplier company, and the scheme unfolds like this:

  1. The perpetrator places an order with the shell company.
  2. The shell company places an order with the supplier company.
  3. The supplier company ships the goods to your company. The goods are received and in good condition.
  4. The supplier company invoices the shell company and the shell company invoices your company with a typical markup of 5-10%.

Examples of Pass-Through Schemes in Accounts Payable

An example of a pass-through scheme is if a salesperson at one of your vendors convinces your employee to purchase from a shell company that the salesperson owns, instead of the actual vendor. The initial terms given to your employee were that the goods would be the same price and quality, and this was all true to begin with. However, prices eventually rose and somewhere along the way the salesperson clued in your employee and began providing a healthy kickback to ensure continued business together. It was estimated that over the course of a year, your company was overcharged by $500,000.

Disguised Purchase Schemes

The second scheme that is difficult to detect is the disguised purchase scheme. In this scheme, an internal employee has the authority to procure goods, and typically, this person ends up abusing some level of physical custody that they hold over those goods. Let’s look at two real-life examples.

Examples of a Disguised Purchase Schemes in Accounts Payable

Consider an electrical contracting company. The project foreman is running many projects concurrently and places an order for copper cabling to be delivered to a job site. Then, he diverts two of the rolls of cabling to another location and either sells them or brings the cable to a scrap yard to obtain cash.

Another scenario is a business that relies heavily on the use of paper. Each time the office needs a re-supply of paper, the office manager orders more than necessary. When the shipment arrives, the office manager takes the extra paper and resells it to small businesses.

How to Detect Accounts Payable Fraud

Detecting accounts payable fraud can be accomplished by implementing strong internal controls, providing employee education around fraud schemes, conducting regular audits, and by leveraging an AP automation solution that helps to automate tasks and reduce human error. While preventing fraud is an ongoing process for many AP departments, being aware of the red flags and implementing the right internal controls can help businesses detect and prevent fraud schemes in the future.

6 Ways to Prevent Fraud Schemes in Accounts Payable

Unfortunately, not all fraud schemes can be prevented, and most are committed by people we trust. That said, there are several ways your AP team can help prevent fraud.

1. Perform a Fraud Risk Assessment

A common first step for companies looking to mitigate fraud risk is to perform a fraud risk assessment. This process involves creating a list of fraud risk statements facing your company and your business cycle.

2. Have Strong Internal Controls

After you’ve performed a fraud risk assessment, it’s time to link the internal controls to the fraud schemes and ask yourself: Will our internal controls either prevent or detect the fraud scheme? Establishing strong segregation of duties, regularly reviewing vendor information, educating employees, and enforcing a purchase order and approval workflow are all ways to implement strong internal controls for your AP department.

3. Verify Vendor Information

Verifying vendor information is especially important to help prevent fraud schemes in accounts payable. A few ways to do this include: verifying vendor credentials, business licenses, registrations, and tax identification numbers, as well as confirming physical addresses, phone numbers, and email addresses.

4. Ensure Payment Information Matches Invoice Information

Comparing invoices to approved purchase orders and payment information to be sure the details match up, as well as verifying the legitimacy of goods or services received, is very important to help prevent vendor fraud schemes. You should be sure information such as invoice number, date, currency, vendor name and address, bank account details, payment method, PO number, and description of goods or services all match up.

5. Conduct Employee Trainings

Employees are an important line of defense when detecting fraud. Many occupational fraud cases are initially reported by an inside tip (42%). As a result, it’s important to educate employees on what to look for. Companies that hosted trainings improved the rate at which employees reported fraud.

6. Automate Accounts Payable

Leveraging an AP automation solution to help streamline the AP process to remove any discrepancies and errors within traditional processes is essential to prevent AP fraud schemes. There are several reasons for this, but most importantly, AP automation can help improve visibility into the payment process, strengthen data security, enhance payment verification and matching, as well as streamline the entire end-to-end payment process.

hacker at computer

AP Fraud Scheme FAQs

What is an Example of an Accounts Payable Fraud Scheme?

One example of an AP fraud scheme is a very common and simple check scheme where an employee has access to signed checks. The entry in the accounting record will indicate a proper vendor for a proper invoice, but the employee diverts the check and either alters the check or falsely endorses the check. By eliminating internal check handling, this list of schemes goes away.

Why Are AP Departments a Higher Risk for AP Fraud?

Accounts payable departments and employees have access to valuable data and confidential financial information, which makes them a primary target for fraudsters. In addition, AP departments often have less oversight in comparison to other departments, which contributes to a lack of oversight and controls. AP processes are also complex and time-consuming, making them an easy target for fraudsters who understand these processes and can trick AP departments by submitting false invoices or altering invoices to inflate the price of goods or services.

What is the Most Common Form of Acquisition and Payment Fraud?

The most common form of acquisition and payment fraud is for the perpetrator to issue payments to fictitious vendors and deposit the cash in fictitious accounts.

What is the Most Common Way Accounting Frauds are Detected?

The most common ways accounting fraud is detected is by identifying anomalies such as growing revenues without a corresponding growth in cash flows, consistent sales growth while competitors are struggling, or a significant surge in a company’s performance within the final reporting period of a fiscal year.

How Can Accounts Payable Fraud be Prevented?

Accounts payable fraud can be prevented by implementing sound internal payment controls, educating yourself and your employees, learning how to detect fraud schemes through educated skepticism, and leveraging an AP automation solution.

What Are the Biggest Risks of Fraud in Accounts Payable and Payroll?

Some of the biggest risks of fraud in AP include billing scams, kickback schemes, errors in accounting, and payment diversion. For payroll, some of the biggest fraud risks include time and attendance manipulation, payroll diversion, expense reimbursement scams, and fictitious employees that are added to the payroll.

Why Are Accounts Payable at a High Risk?

Accounts payable departments are a high risk for fraud given that all the funds within a company flow through the AP department. In addition, AP departments are traditionally complex, have high transaction volumes, and often involve various employees, making it a very easy target for fraudsters.

Leonard Vona

CPA, CFE, and CEO of Fraud Auditing, Inc.