How to Prevent Accounts Payable Fraud Schemes

Ira Brooker    Written: March 17th, 2023       Updated: February 6th, 2024

Prevent AP Fraud Schemes Web Banner

Fraud is a major concern for virtually every area of modern organizations, and the unprecedented rise in cybercrime over the past several years has only made the issue more pressing. Businesses are increasingly finding that they need to do more than focus on protecting against fraud. The more effective approach by far is investing in fraud prevention tools.

As noted by Dr. Rocco Lueck, Assistant Professor at D’Youville University’s Department of Business Administration, in his webinar “Fraud Prevention: Techniques to Reducing the Probability of Fraud in Organizations,” “If we only focus on fraud protection, it’s kind of like driving a car looking through a rearview mirror. It’s already happened. It’s already behind us.”

In this article, we’ll be looking more deeply into accounts payable fraud, based on insights from Dr. Lueck’s webinar, as well as Debra Richardson’s “Best Practices to Prevent Fraud in Your Inbox,” Lynn Larson’s “Fight AP Payment Fraud with the Right Controls,” and MHC CEO Gina Armada. We’ll cover common types of fraud, common risk factors for fraud, and the many ways an organization can leverage AP automation software to prevent fraud. We’ll also explore the benefits of an automated software system for the AP employees who would otherwise need to spend a great deal of time and effort on fraud prevention.

What Is Accounts Payable Fraud?

Accounts payable fraud can take many forms and come from many directions. The most basic definition of AP fraud is any kind of fraudulent financial behavior that targets or exploits an organization’s accounts payable system. That might include internal fraud committed by an AP employee, external fraud perpetrated by a vendor or supplier, or an employee and vendor working together. It also encompasses the rapidly growing field of third-party fraud, in which cybercriminals gain access to a business’s AP system.

Identifying and preventing cases of AP fraud should be top-of-mind for business leaders across all industries. More than half of large companies experience some sort of invoice-related fraud each year, costing them hundreds of thousands of dollars. A recent study in the United Kingdom found that large businesses lost around $349,000 per year to invoice fraud. Beyond the pure financial risk, letting fraud go undetected can do serious damage to vendor relationships, employee morale, and organizational reputations. That all adds up to costs no business wants to have to pay.

” Fraud is one of the biggest concerns we hear about. Businesses know there are all kinds of threats out there, but they don’t always know what can be done to prevent them. Avoiding and preventing fraud is a key day-to-day challenge for most organizations. The peace of mind our customers get when they entrust more of their fraud prevention efforts to the MHC NorthStar system is one of our biggest points of pride. ”
Gina Armada, CEO of MHC Automation

External and Internal Accounts Payable Fraud

Most AP fraud can be broken down into two categories: external and internal fraud. As you might presume, external fraud is committed by groups or people outside of the organization being defrauded, while internal fraud is committed by someone working within the organization. There is also a risk of hybrid fraud, where someone within your organization conspires with an unscrupulous vendor or third-party group to commit AP fraud. Let’s take a closer look at each type of AP fraud.

Using Virtual Cards_ Lynn Larson” Many organizations spend so much time and energy focusing on the external fraud threats that they forget about the internal fraud threats which can happen just as often. If you’re only looking in one direction, you can miss what might be happening right in your house. ”
Lynn Larson, Principal, Recharged Education 

Examples of External AP Fraud

As a hub for moving both money and data through an organization, accounts payable departments make a tempting target for criminals. In fact, a 2022 study found that AP departments are more susceptible to business email compromise (BEC) schemes than any other department, with 58% of businesses falling victim. And that’s only one part of the fraud picture. Lynn Larson breaks down some common examples and their impacts.

  • Business email compromises:BEC is one that we continuously hear about. It could result in things like extortion — they want the organization to pay or great harm will come upon the organization. It could be a BEC that impersonates an internal employee who is asking to have their payroll moved or redirected to a different bank account. These emails also tend to relate to bogus invoicing, trying to direct money the fraudster’s way.
  • Payment-related change requests:A product might be shipped to a company that the company never ordered. It might be from a vendor that the company had never even done business with. Then they start getting invoices and demands to pay.
  • Gift card scams:There’s the gift card scam, where a fraudster has gotten into an email system. They’re impersonating someone, usually from the C-suite, saying, ‘We want to give away these gift cards as an employee appreciation.’ They direct the employee to go out and get a bunch of gift cards and email them the numbers and the PINs.
  • Phishing scams:Phishing can happen in email form, or it might even happen over the phone. In this day and age, with artificial intelligence, fraudsters have gotten very good at making emails that look very legitimate. They’ve cleaned up the spelling and the language, and it’s now much harder to identify phony emails.
  • Phony invoices:There could be vendors who are knowingly sending duplicate invoices — sending more than one copy of the same invoice, hoping that it will get paid twice. Good luck getting your money back if that’s what happens.
  • Check theft and tampering:We all know the risks associated with checks being stolen or tampered with. Just in case you’re wondering if this really still happens, the Association of Financial Professionals show that checks are still far and away the top fraud target.

Examples of Internal AP Fraud

As worrying as fraud from outside actors may be, businesses are statistically at more risk from within their own organizations. Researchers estimate that around two-thirds of AP fraud is committed internally. AP employees typically have access to a vast trove of valuable data and confidential financial information. That can make the temptation to commit fraud difficult to resist for less scrupulous workers. For some common examples of internal AP fraud, let’s go back to Lynn Lawson.

  • Check theft and tampering:Signatures can be forged. Even a rubber stamp of someone’s signature — I have seen stories where there is a rubber stamp and an administrative assistant or some other employee has used that to commit fraud against their organization.
  • Colluding with suppliers:There was an example in the news not long ago. Several employees participated in a scheme to defraud their employer of nearly $1 million. They were getting vendors to provide them with cash payments. The vendors were billing for things that they hadn’t even provided, so they were getting some money and the employees were getting some money.
  • Submitting false expense reports:There’s an example of a healthcare organization vice president who had stolen nearly $800,000 over a multiple year period. One of his biggest things was submitting false mileage reports to accounts payable. He was also submitting reimbursement requests saying he had paid a printing company. He had copies of the checks that he supposedly sent to them.
  • Altering invoices:There is always a possibility for an invoice to be altered, especially if they’re doing everything manually and don’t have automation. Managers sign off their approval of an invoice to be paid. Then accounts payable is expected to pull out that list of signatures and try to compare it. You don’t want to be giving full system access to anyone.
  • Setting up fake vendors:Make sure you have separation of duties. In this case, it appears nobody was paying attention. An employee was able to set up new vendors, cut the checks, including duplicate checks… she just had control to do all sorts of things on her own. That might have been a case where an organization just said, ‘We trust our employees. We don’t have to worry about anything happening internally. And you couldn’t be further from the truth.
  • Using cards for personal gain:Far too many fraud stories indicate a cardholder concealed their personal purchases by altering documentation related to the suppliers used. In one elaborate case, the cardholder used her card to pay fictitious vendors that she created and set up with merchant accounts for card acceptance. In other words, she paid herself.

Using Virtual Cards_ Lynn Larson“The latest Verizon Data Breach Investigation report shows that 74% of all data breaches involve a human element. I think we all know that’s where a lot of weaknesses happen, just through people who are trying to be helpful, who want to make a good impression.”
Lynn Larson, Principal, Recharged Education 

An Example of Check Fraud by an AP Supervisor

Despite a high level of oversight and regulation, check fraud remains a significant risk for organizations of all sizes. As an example, Lynn Lawson points to a typical fraud case in which an accounts payable supervisor from a prestigious private university pleaded guilty to felony charges. Over 18 months, the supervisor wrote around 70 checks to nonexistent vendors that she cashed herself. She also cashed a number of checks made out to the university’s existing vendors, then dispersed duplicate checks when the vendors contacted her about late payments. She was eventually caught when the university’s bank raised a red flag about unusual deposits to the supervisor’s personal account. By that time she had stolen around $160,000 from her employer.

5 Things That Increase the
Risk of Fraud in an Organization

1. Relying on Trust
Every employer wants to trust their employees. After all, that’s part of why you hired them. But circumstances are unpredictable. An otherwise trustworthy employee might face financial troubles or be tempted by a crime of opportunity. Implementing fraud controls is a service to both your business and your employees.

2. Weak Signature Controls
A business with a manual sign-off process involving rubber stamps or “wet signatures” opens itself up to fraud. Stamps can easily fall into the wrong hands, signatures can change over time, and both can be forged. On top of that, manual signature processes are time-consuming and inefficient.

3. No Separation of Duties
Fraud is often a crime of opportunity, and having the same person or group in charge of too many duties creates more opportunity. Having different eyes on different steps of your vendor relations, invoicing, payment, and other key AP processes makes it harder to both commit and hide internal fraud.

4. Control Gaps
Too many fraudsters get away with it longer than they should simply because no one bothers to check on what they’re doing. Establishing a clear chain of command for all processes, including regular reviews and/or internal audits can go a long way toward closing risky control gaps.

5. Lack of Automation
Manual AP processes are slow, inefficient, and make fraud easier to commit. Physical invoices and other documents are easier to forge and alter. Paper trails are easier to cover up. An automated AP system not only ensures that proper processes and timelines are being followed, it also provides instant visibility that makes it simpler to identify fraud when it does occur.


Discover Our Accounts Payable Automation Solutions

Simplify the processing of invoices and payments while reducing costs, errors, and time-consuming tasks with MHC NorthStar. Explore the features and book a free demo today!

5 AP Fraud Red Flags

Fortunately, there are a number of ways for a diligent AP management team to identify potential fraud early and tamp it down before it spirals out of control. If you’re concerned about fraudulent behavior within your AP system, keep your eyes open for red flags in the following areas:

AP Fraud Red Flags

1. Invoice fraud

Watch for evidence of illegitimate or altered invoices, including:

  • Invoices that include address or account information that matches an employee’s
  • Invoices with missing information or fields left blank
  • Invoices with suspiciously round numbers such as $2,000.00
  • Invoices with PO boxes listed as addresses
  • Invoices listing vague or unspecified services rendered

2. Vendor management

Your vendor list can reveal a number of forms of fraudulent behavior. Signs of ethical breaches in your vendor management system might include:

  • A new supplier who receives an unexpectedly large contract
  • Invoices containing data that doesn’t match your master vendor list
  • Significant numbers of duplicate or inactive vendors
  • Too many employees having access to vendor lists

3. Employee behavior

While it isn’t advisable to treat your employees with undue suspicion, it is wise to keep an eye open for unusual behavior, possibly including:

  • Employees who develop an unusually close working relationship with a specific vendor
  • Employees who behave secretively about contracts or invoices
  • Employees who suddenly seem to be spending more lavishly than usual

4. External complaints

When in doubt, listen to your vendors. There may be a fraud problem if your suppliers are noting:

  • Late or unusual payments that don’t match up with your records
  • Unexpected changes in the invoicing process
  • Unusual behavior from their contacts within your company

5. Checks

If your business still issues physical checks to some vendors, this can be a ripe area for fraud, with signs including:

  • Misnumbered or missing checks
  • Checks that appear to have been altered
  • Checks with unrecognized or illegible signatures

6 Common Types of AP Fraud

Accounts payable fraud can take many forms depending on the industry, the size of the companies involved, and the specific processes in place. Even so, most examples of AP fraud fall into one or more of the following six categories. Let’s take a closer look at each.

1. Billing schemes
The most commonly identified form of accounts payable fraud involves some form of billing scheme. This can take a number of forms, including shell companies set up to create invoices for nonexistent services or goods, pass-through schemes that create a shell company to add a mark-up to legitimate invoices, and exploiting the master vendor file to issue invoices on behalf of inactive vendors.

2. Check Fraud
AP-related check fraud generally involves employees stealing or falsifying physical checks and depositing them into an account that they can access. Access to accounts payable systems means these employees are often able to cover their tracks by manipulating accounting records.

3. ACH Fraud
Automated clearing house (ACH) transactions are a frequent target for fraud in an era of rising cybercrime. Hackers often employ bogus invoices or other social engineering attacks to gain access to an employee’s credentials. That allows them access to the AP system and the valuable data it contains.

4. Expense Reimbursement Fraud
For businesses that regularly allow employees to submit expense reports for reimbursement, inflated expenses, duplicate receipts, and fabricated purchases are all common pitfalls.

5. Kickback Schemes and Conflicts of Interest
Kickback fraud in an AP department involves collusion between an employee and a supplier to submit fabricated or inflated invoices, with the two parties splitting the excess profit between each other. These schemes often involve a conflict of interest in which someone uses a position of authority or an external relationship for unethical purposes — an AP employee conspiring with a former schoolmate who works for a supplier, for example.

6. Business Email Compromises (BEC)
Your email system makes a tempting target for fraudsters. Phishing scams, stealing passwords and login info, and other forms of business email compromises put your private communications and financial data at risk. A BEC is often the first step toward a larger cybersecurity breach, including ransomware attacks and data thefts.

IT and Your Inbox: Email Fraud

Did you know that some cybersecurity experts estimate that around 85% of the emails sent every day are spam? Did you also know that the typical IT security system is only able to filter out around 85% of that spam? That may not look like a bad percentage, but as Debra R. Richardson notes, “The problem is that you still have to deal with that 15%.” Email-based cyberattacks have skyrocketed in recent years, putting virtually every business and organization at greater risk of falling victim to fraud. Let’s take a closer look at some of the most important elements of email fraud, in Richardson’s words.

Types of Email Fraud

Phishing emails are the most familiar form of email fraud. Phishing is defined as posing as a legitimate source in order to send fraudulent communications. Along with email, these can include variations such as vishing (voice-based fraud, usually over the phone), smishing (SMS or text-based fraud), and quishing (QR code-based fraud). Richardson breaks phishing down into three main categories:

Debra R Richardson LLCThe first one is the beginner’s level, just a mass email. The fraudsters are sending out millions of emails just to see who’s going to click. Then you get to spearfishing, where they’re targeting a specific person or group. They’re watching you on social media, they’re checking you out on Facebook and LinkedIn to see who your connections are, what content you’re responding to. When they send an email to your inbox, it seems more legitimate because they’re using content and words from what they saw you connecting with on social media.

Then there is whaling. That’s where they’re really targeting the inboxes of your senior executives. If you get an email from the C-suite, just because of basic human behavior, the first thought process is to make sure you hurry up and do what the boss says.

Debra R. Richardson, Accounts Payable Speaker

A business email compromise (BEC) is a specific form of phishing in which a fraudster poses as someone with authority in order to get employees to send them money or data, or to provide access to higher levels of their system. Richardson highlights two key areas of focus for BEC accounts payable scams:

Debra R Richardson LLCThose emails are getting into your inbox for the vendor maintenance teams that have the ability to add or change banking or remittance details on the vendor master file. You are being targeted so that you can either change that information to divert vendors’ payments for legitimate invoices, or to divulge sensitive information so that the frauds can create their own fictitious invoices.

Check fraud is exploding. They’re also including the change of remittance address for vendors that have check payments. They’re getting those checks, they’re whitewashing them, and they’re very successful at getting those checks cashed.

Debra R. Richardson, Accounts Payable Speaker

Tricks Fraudsters Use to Seem More Real

Spam filters manage to catch 85% of fraud emails, but how do scammers manage to land that last 15% in your inbox? The creativity of cybercriminals is endless, unfortunately, but according to Richardson, some of the most frequently seen tricks of the trade include:

Email addresses including subtle misspellings or similar-looking characters, such as “O” and “0” or “.com” and “.co”
Emails originating from real addresses using stolen login credentials
Using CSS code to evade external email indicator filters
Evading ChatGPT fraud filters by instead generating AI content on FraudGPT, WormGPT, and other unethical sites
Monitoring social media feeds to access employees’ contacts and personal information for use in phishing schemes
Job seeker schemes that rely on employee behavior, such as staging fake interviews in order to obtain personal data and access employee emails

Richardson also notes that too many businesses are overconfident in making confirmation calls to vendors as a method of avoiding fraud. “The confirmation call is not that silver bullet, because if it was there would be no fraud. Say the vendors don’t pick up. They may send us a legitimate change, but they’ll send it to us and then they’ll go off and do vendor things. Or it could be that you just don’t have the right contact. Lots of companies are removing telephone numbers and email addresses because of fraud, so it’s getting harder to reach out to those vendors, especially vendors that are not in the U.S.”

Even when you do reach a vendor, if the team members are using information that came from a fraud email or fictitious invoice, the fraudsters are going to say, ‘Sure, I approve!’ or ‘Right, I submitted that request for a bank account change or remittance address change!’

6 Ways to Combat Email Fraud

Want to beat fraudsters to the punch with a plan for spotting fraud before it happens? Debra Richardson outlines five best practices and useful tools that can help your organization stay several steps ahead of fraudulent behavior.

1. Keep Up to Date with Frauds and Scams

There are resources where you can either sign up to get alerts or search for the latest news. There’s the FBI. For those that are doing 10-99s in-house, you’ll want to sign up for the IRS tax scam/consumer alerts. They have a whole e-news subscription.

The Better Business Bureau has one, they’re really good for regional scams. And you can sign up for my new scam alerts. I review all the different resources and post them. I’ve been posting about two to three per week.

2. Share the Knowledge

Once you get those scam alerts or new fraud trends, share them with your team. If you have a vendor team or accounts payable team meeting on a recurring basis, have fraud as a static agenda item. Talk about the latest frauds that are out there. If you’ve gotten tools to help avoid fraud, share that with your team members so they have it as well.

3. Password Manager 

Employees can have up to a hundred passwords to remember. Best practices says just don’t reuse them, so that if a fraud does get a hold of your info, they won’t be able to get into your email or other accounts. But that’s easier said than done with so many passwords to remember. Another best practice is to make sure that they’re around 20 digits long so it takes much longer to crack. 

With a password manager you don’t have to remember those long passwords. It’ll generate them for you. If you happen to click on a phishing link, if that is not a legitimate site the password manager will not prefill your username and password. That can be another red flag for you.”  


Another zero-cost tool is, the domain lookup. If you are suspicious about an email domain or an email address, you can copy and paste it into this search. You’re going to get a lot of information, but what I look at is the date of registration.

You’re not going to know the dates of all of your different vendors, of course, but what you will know is if it was a recent date. Lots of times fraudsters will create specific spoof sites just for a campaign that they’re going to be running. It could be a red flag if it has a date that is within weeks or months.” 

5. Secured Email For Sensitive Data  

Say you’re sending sensitive information like banking documents or W-9s, anything with a social security number on it. You can put the vendor’s actual email address into a secured email. The vendor will get a request to sign in again using that actual email address.

What I like about it is when you’re exchanging that sensitive information, it doesn’t even have to be on a form. The fields to input that data can be embedded in that actual form. Best practice is to update it every year, because if you get an old form, that’s an indication that it could be fraud.” 

6. Authentication Reference Template 

When you contact your bank, they will ask you two to three identifying questions before they even start talking to you, just to make sure you are who you say you are. You can do this too, via phone or email. Studies have shown that if you push back on frauds, they’ll hang up or abandon the email string and go on to the next victim.

If they’re asking, ‘Hey, how do I change my banking?’ you say, ‘No problem, can you give me an invoice number and the last five digits of your existing bank account?’ If they don’t have the existing bank account, that is a huge red flag.

7 Ways to Know If Your Email Has Been Hacked

If you suspect your email has been compromised but aren’t 100 percent certain, there are a few telltale signs to look into before you take further action. If any of these items check out, you may be the victim of an email hack. Don’t panic — security breaches happen all the time, and your business likely has a plan in place for this exact situation — but do be sure to alert the appropriate channels within your organization.

1. You aren’t able to log in to your email

2. You get notified that an unauthorized device tried to access your account 

3. You’re receiving unexpected password reset emails  

4. Your Sent folder contains messages you don’t remember sending 

5. Co-workers and contacts report receiving strange emails from your account

6. Your account seems to have accessed sites or tools that you wouldn’t usually use

7. Your account data has been altered or edited

Debra R. Richardson’s 6-Step Process to Avoid a Fraudulent Payment if a Fraudulent Email Gets Through

So what happens in the event that one of these fraudulent messages makes it into your inbox? Debra Richardson lays out a six-point plan for avoiding fraudulent payments and not playing into the fraudsters’ hands.

1. Authenticate the Requester:
Make sure the requester can correctly answer a series of identifying questions before complying with their request. 

2. Authenticate the Data:
Always ask the requester to provide authenticating data about existing accounts before approving any banking changes. 

3. Vendor Communication Before and After Change:
Verifying a change with a vendor both before and after you make it gives you an added chance to catch fraudulent requests. 

4. Check Payments Before Sending:
Double-check that the payment amount you’re about to send matches the original request and that no unauthorized changes have been made.   

5. Confirm That the Vendor Received Payment:
A quick check-in with each vendor to ensure that payments have been received can help avoid confusion later on. 

6. Document and Audit Your Process and Vendor Data:
Keeping careful records and running regular audits makes it easier to spot patterns of fraud, as well as potential security gaps.

Using Benford’s Law to Detect AP Fraud

If you’ve done any research on accounts payable fraud, you may have seen mention of Benford’s law. This is an important concept for understanding common methods of fraud detection, but it may require some explanation for the layperson. Let’s discuss the idea and why it matters to your fraud prevention efforts.

What Is Benford’s Law?

To understand Benford’s Law, it may be helpful to know that it is alternately known as “the law of first digits” and “the leading digit phenomenon.” Named for the American physicist Frank Benford, it states that in any large set of naturally occurring numbers, smaller digits will appear disproportionally as the lead digit. Studies have shown that in such a set of numbers, “1” will be the lead digit around 30% of the time, while “9” will be the lead digit only about 5% of the time. If lead numbers were distributed evenly, each digit from 1 to 9 would occur as the lead around 11% of the time. This phenomenon occurs most regularly in sets of numbers that span several orders of magnitude.

When to Use Benford’s Law to Identify Fraud

Benford’s Law Graph Illustration

Benford’s Law is a useful tool for identifying fraud because it can provide an easy visual illustration of whether a number set is naturally occurring or has been artificially altered. In most cases, a large set of natural numbers will include a high concentration of numbers with “1” as their lead digit. If all of the numbers in that set are included in a bar graph, the bar for numbers beginning with “1” will be the tallest, with each digit from 2 to 9 represented by progressively shorter bars. This is known as a Benford curve.

On the other hand, a set of fraudulent or fabricated numbers is much less likely to follow a Benford curve. Whether the data set is generated by a computer or by hand, research shows that patterns will almost always emerge that reveal the set as non-natural. While Benford’s law is not an infallible test for fraudulent behavior in an AP setting — there are simply too many variables involved to definitively say that the absence of a Benford curve equals evidence of fraud — it is a strong indicator of a situation that demands further investigation.

Investigating Accounts Payable Fraud

No one wants to have to face down fraud in their AP department, and the odds are that most teams will never be put in that position. Even so, it’s important to be prepared to conduct an efficient and effective investigation if and when the situation does arise. Investigating potential accounts payable fraud requires some specific approaches and bases of knowledge. Let’s break down a few key areas of focus.

How to Find Fraud in Your AP Department

Suspicion of AP fraud can arise from any number of angles depending on the type and size of your business, but in most instances fraud investigations are initiated in one of three ways.

Internal whistleblowers

The people who work with accounts payable data on a daily basis are also the people in the best position to recognize when something doesn’t look right. That makes it important to maintain a workplace culture where employees feel safe and comfortable reporting possible bad behavior to supervisors without fear of retaliation.

Scheduled audits

Conducting regular audits of your AP processes and records should be a regular part of your housekeeping routine. Periodical deep dives into your data can reveal telling anomalies and inconsistencies that point to fraud such as duplicate payments and invoices from inactive vendors.

Manager reviews

After AP employees, AP managers are the most likely people to be able to identify fraud within your department. Managers should be tuned in to departmental norms and expectations, and maintain a close working relationship that engenders the trust employees need to feel safe presenting evidence of fraud.

What To Do If You Find Evidence of AP Fraud

In the unfortunate event that your organization positively identifies accounts payable fraud, you’ll need a plan to deal with it swiftly and decisively. In most cases, that means administering some form of internal discipline to the employees involved. That might mean anything from probation to termination, depending on the extent of the fraud and the roles of the employees involved. Some employers may wish to turn the case over to law enforcement, which can be an effective deterrent against future fraudulent behavior even if it does not result in a conviction.

Accounts Payable Fraud Prevention

As the old saying goes, an ounce of prevention beats a pound of cure. There are a number of approaches an AP department can take to prevent fraud from becoming an issue in the first place. That will almost always prove more efficient and less burdensome than trying to repair fraud damage after the fact.

Agent-Principal Problem

The agent-principal problem is an economic concept acknowledging that the goals of an organization will not always align with the actions of its representatives. In an accounts payable  setting, that might manifest as an AP employee making arrangements with a vendor or supplier that are not in the organization’s best interests. This could happen for a number of reasons, including fraudulent behavior. For example, an employee running a pass-through scheme might choose to accept a contract with a higher-priced vendor than the company would prefer in order to pocket more of the fraudulent profits.

The agent-principal concept represents a chance for organizations to prevent fraud through a combination of intelligent hiring decisions, open communication, and regular reviews. A well-vetted employee who feels that their needs and concerns are being heard, and who receives regular feedback about performance and expectations is less likely to act against the organization’s interests than an employee who feels that no one cares or notices what they do in the workplace.

Agent-Principal Problem
The Fraud Triangle Theory Illustration

The Fraud Triangle Theory

The fraud triangle is a concept introduced by business writer Steve Albrecht stating that many instances of fraud are motivated by three factors:

  • Perceived pressure
  • Perceived opportunity
  • Rationalization that the fraud is somehow justified

Essentially, this theory states that an employee who feels pressured to live up to certain expectations and has access to systems that can be defrauded may be able to convince themselves that theft is acceptable in their specific circumstances. “Oftentimes, individuals who commit fraud will rationalize it: ‘Well, I didn’t get that promotion,’ or ‘They pay more at another company.’ However they present it, it’s rational to them at the time,” says Dr. Rocco Lueck.

Organizations can cut down on fraud by addressing each side of the triangle. Clear communication and two-way feedback sessions can help to alleviate some pressure for employees and also alert managers to issues that may fuel that pressure. Opportunity for fraud can be reduced via a well-organized chain of command that gives access to sensitive systems only to those employees who truly need it.

Rocco Loueck’s 5 Ways to
Prevent AP Fraud in Your Organization

It is really everyone’s responsibility to prevent fraud,” says Dr. Lueck. “It might not be everyone’s responsibility to detect it, but preventing it should be everyone’s responsibility in the organization.” That sentiment holds true no matter what industry your business operates in. Making fraud prevention a team effort requires a solid strategy that can be communicated clearly throughout your organization. Some key focal points for building out that strategy include:

5 Ways to Prevent AP Fraud in Your Organization

1. Integrate fraud prevention into your hiring process

Be sure to check references and background information carefully for any potential hire who will have access to your AP system. Dr. Lueck recommends asking fraud-related questions during interviews, such as:

  • Have you ever been part of detecting or preventing fraud?
  • Did your past organization have a fraud prevention program?
  • How did you feel about that fraud prevention program?

2. Set policies that encourage structured interviews

Develop and test pre-written interview questions that are designed to elicit specific answers. That might include questions about past experiences with fraud or hypotheticals that gauge a potential hire’s reactions to common fraud scenarios.

3. Emphasize fraud in your onboarding process

Once an employee has joined your team, their onboarding process should include education on your organization’s specific fraud concerns, policies for preventing and detecting fraud, and penalties for fraudulent behavior.

4. Train your team to recognize symptoms of fraud

A well-trained team will be more alert to signs of possible fraud. Develop training programs that include elements such as the fraud triangle and principal-agent problem, and instruct employees on your organization’s policy on what to do when fraud is suspected.

5. Plan a strategy for testing employees’ fraud knowledge

Incorporate lessons on fraud prevention into ongoing employee evaluations such as performance reviews. This not only confirms that your workforce is up to date on fraud policies and practices, but also brings fraud prevention to the front of their minds.

Lynn Larson’s 10-Point Checklist for
AP Fraud Prevention

Now that you’ve learned some of the ins and outs of preventing AP fraud, how well do you think your business measures up? Take a look at these 10 areas of focus as laid out by Lynn Larson. If your organization isn’t following these steps, it may be time to revisit your AP fraud policies.

1. Ensure the separation of duties.

2. Complete an annual risk assessment.

3. Keep your master vendor file (MVF) updated and cleaned up.

4. Add to and update procedures as needed.

5. Hold AP employees accountable for following policies and procedures.

6. Mandate using electronic tools and automation.

7. Use a separate, dedicated computer for banking activity.

8. Conduct daily bank account reconciliations.

9. Mail checks to suppliers instead of using employee requisitioners as a go-between.

10. Prohibit the use of rush checks.

How AP Automation Helps Organizations Prevent Fraud

AP automation tools can play a key role in guarding your organization against fraud. By employing a strategic combination of automation, best practices, internal and external communications, and data analysis, you can put your business in a better positions to stamp out accounts payable fraud.

Automated software can flag abnormal data and suspicious activity without the risk of human error that comes with a manual system.

A three-way matching process automatically compares invoices against purchase orders and receipts of goods or services.

If any data is missing or does not match, the document is routed to an exception path for further review.

Automation also checks for both duplicate invoices and payments, providing a double layer of protection. 

Encryption of ACH and positive pay files helps to safeguard against any human tampering or alteration. 

How Can MHC NorthStar Help Your Organization Prevent Fraud?  

Is it time for your organization to bolster fraud prevention by making the leap to an automated AP software system? If you’re ready to see some of these anti-fraud tools in action, contact us today to schedule a free demonstration of our MHC NorthStar software solutions. We’re eager to show you the difference a reliable AP automation system can make in guarding your organization against fraud at every level. 


Get a Live Demo Today

Agile and reliable delivery of high-impact communications when it matters most. Experience it today! Easily integrated with your business systems, utilizing our cloud-based platform will guide you to communication success.

Accounts Payable Fraud FAQ

Who determines that fraud was actually committed?

Only a court of law can determine whether fraud has been committed in the legal sense, which serves as a reminder for employers to be cautious about using that specific terminology. 

What is the profile of the fraudster?

There is no universally agreed-upon profile for employees who are more likely to commit fraud than others. Fraud could be committed by anyone with access and opportunity. 

Are smaller businesses safer from fraud?

No, small businesses have the same risk of fraud as larger ones, and in fact may have fewer resources available for fraud detection and prevention. 

How is accounts payable fraud calculated?

Just as the specifics of fraud will vary widely from organization to organization, so will the ways by which those organizations calculate fraud losses. There is no single method for calculating AP fraud. 

What are some of the most common forms of AP fraud?

While fraudulent activity comes in many forms, some of the most common include billing schemes, fraudulent reimbursement and expense reports, check fraud, ACH fraud, and kickback schemes. 

How can you identify vendor fraud?

Invoices submitted without key information, employees who seem to be spending beyond their means, master vendor files containing an inordinate number of inactive or duplicate suppliers, and reports of unpaid invoices that do not match internal records are all red flags for a fraudulent vendor. 

How can you identify vendor fraud?

Invoices submitted without key information, employees who seem to be spending beyond their means, master vendor files containing an inordinate number of inactive or duplicate suppliers, and reports of unpaid invoices that do not match internal records are all red flags for a fraudulent vendor. 

How do you investigate invoice fraud?

Fraudulent AP behavior is most commonly identified by a whistleblower within your team or your vendor’s organization. Internal audits and manager reviews can also reveal evidence of fraud. 

How can you prevent accounts payable fraud?

Fraud prevention begins with alert hiring and onboarding practices and continues with regular fraud training, internal audits, and close communication between AP employees and management. Investing in an automated AP software system that can flag inconsistencies and suspicious behavior is also a hugely useful tool for fraud prevention. 

Is a confirmation call good enough to prevent fraud?

If you personally are contacting each vendor until you get through to them and make a confirmation, then you may be fine. If you are relying on employees or third parties to do that, there is no guarantee that your confirmation calls are reaching the right parties. 

How often should vendor files be purged?

It depends on how often your vendor experience changes, but experts say that vendor files should be purged at least once a year for most organizations. 

For organizations that cannot move away from physical checks, are there recommended methods for keeping checks safer?

If you keep check stock on hand at your physical location, make sure it is always locked up when not in use. Institute dual approvals to make sure checks are accurate before they go out the door. Check with your bank to see if there are more checking processes that you can be doing electronically.

Watch Our MHC AP Fraud Webinars On Demand   

You’ve gotten an overview of the challenges of preventing AP fraud, as well as some of the ways MHC automation solutions can help in that fight. Ready to take a deeper dive? View the three webinars referenced in this article in their entirety for further insights and expert recommendations. 


Fraud Prevention: Techniques to Reducing the Probability of Fraud in Organizations
August 23, 2023

Many organizations focus on fraud detection techniques, but few utilize fraud prevention strategies. Register for our webinar to find out how to prevent fraud!


Fight AP Payment Fraud with the Right Controls
October 31, 2023

No organization is too big or too small to be a fraud target, so join B2B payments expert Lyn Larson and MHC for a webinar on how to fight AP payment fraud!


Best Practices to Protect Your Inbox From Fraud
November 22, 2023

Your IT team’s email filters don’t block all fraudulent emails. Join MHC’s webinar featuring Debra R Richardson and learn how to keep your company’s inbox protected from fraud!

Ira Brooker

Ira Brooker is a freelance writer and editor based in Saint Paul, Minnesota. He has been writing blogs and copy about software-as-a-service solutions for most of the past decade. Before exploring accounts payable and workflow solutions with MHC, he wrote about fields including cybersecurity, workforce management, online accessibility, audiology, retail sales, and much more. When he’s not doing business writing, he also indulges in writing fiction, journalism, arts criticism, and bar trivia.


Get to Know MHC!

Automate Processes.
Empower People. Reach Your Goals.

From document capture and content creation to employee self-service and other critical use cases across the enterprise, you can combine and configure MHC’s automation solutions to empower teams to meet goals today – and for the long game.

Download our guide and find out how MHC Automation can help you improve service, manage compliance, and drive ROI.

Explore Our P2P Resources


Discover the top 12 accounts payable KPIs to track to increase performance in your Accounts Payable department and how AP automation software can help you improve them.


Data entry mistakes are one of the most common causes of unnecessary money loss in a company. Here’s how accounts payable automation software helps you eliminate them!


Take a forward step into 2024 by embracing the advantages of AP process automation. Download the MHC AP Automation Buyer’s Guide to help show you the way.


Explore MHC’s ultimate guide to automating your business, a step-by-step system to get your company to complete business process automation successfully. 


Learn how to prevent accounts payable problems that commonly haunt your office, plus how to improve your overall accounts payable department. MHC CEO Gina Armada weighs in.


What role do AI, specifically ChatGPT, and automation play in the future of FinTech and AP? See what FinTech thought leaders have to say!

var _hsq = window._hsq = window._hsq || []; _hsq.push(['setContentType', 'blog-post']);
Scroll to Top

JULY 25  |  12 PM CT  |  ZOOM

Presenter: Mary Schaeffer, AP Now

Join MHC and AP Now founder Mary Schaeffer and discover how to maximize your organization’s AP impact with the action steps that make a difference!

Sign up and have our newsletter delivered right to your inbox. Stay up to date on everything happening in the worlds of AP and CCM!