Even the world’s largest companies can fall victim to vendor fraud – and it often starts with nothing more than a convincing invoice or disguise. A Lithuanian man stole millions from Google and Facebook by posing as an employee of a well-known computer hardware vendor the companies worked with. He registered a company with the same name as the vendor, created fake invoices, and emailed them for payment. It worked. And over two years, he was able to swindle more than $100 million in fraudulent payments from the tech giants before getting caught.

It’s a case of vendor fraud, a type of fraudulent activity that is overwhelmingly common today. In 2022, more than 60% of businesses said they were either victims of attempted or actual payment fraud, according to a J.P. Morgan survey.

What is Vendor Fraud?

Vendor fraud occurs when a fraudster uses deceptive procurement practices to receive payments from a legitimate business. This can involve fraudsters posing as legitimate suppliers or creating a fake company, a legitimate supplier overbilling or delivering counterfeit goods, or an internal employee collaborating with a supplier to improperly invoice and issue payments.

What makes vendor fraud so dangerous is that it can go unnoticed for a long time, especially when committed by legitimate vendors. The average duration of a fraud scheme is 12 months before detection. When vendor fraud occurs, it leads to financial loss, operational disruptions, and reputational damage among stakeholders, the public, and employees. It can also result in compliance violations if the fraudulent payment violates tax or anti-bribery laws.

12 months is the average duration of a fraud scheme before it is detected

It’s obvious the most common motivator for vendor fraud is greed, but other motivators include:

• Personal financial pressure: Individual employees or vendors may face financial hardships such as debt, medical bills, or lifestyle pressures. Vendor fraud can be a form of employee fraud if the employee works with a vendor to deploy the scheme.
• Perceived unfair treatment: Employees or vendors may feel they’re being underpaid or undervalued. Fraud can be a way for them to “right the injustice” or claim what they believe they deserve.
• Business survival: In the midst of rising inflation and economic instability, suppliers may engage in fraudulent activities to maintain cash flow, meet financial obligations, or avoid bankruptcy.
• Opportunity-driven motivation: Without proper oversight or by having gaps in internal controls, companies create an environment where fraudulent activities become more accessible.

While vendor fraud is relatively common, there are certain factors that can make a company more susceptible to it. They include:

• Weak internal controls: Without segregation of duties, one employee may handle multiple aspects of vendor transactions, creating an opportunity for fraud. Loose user access rights can also enable unauthorized individuals to modify vendor information or approve payments.
• Manual processes: Reliance on paper-based or manual, separate systems increases the chance of errors, manipulation, and poor auditing accuracy.
• Poor vendor due diligence: Companies may not have the time or resources to thoroughly vet suppliers across different risk domains during onboarding or neglect to periodically verify vendor credentials and activities.
• Lack of comprehensive monitoring: Sporadic audits or a failure to systematically review vendor invoices for anomalies make it easier for fraudulent activities to persist unnoticed.
• Pressure to cut costs: Strained budgets can lead to reduced investment in anti-fraud measures, such as staff training, automated tools, or routine audits.
• Inadequate technology: Legacy systems often lack robust fraud detection capabilities and integration with modern anti-fraud tools, making it difficult for companies to keep pace with increasingly sophisticated fraud schemes.

Vendor fraud is a significant concern for organizations across various industries, but there are ways to mitigate it, which we’ll explain later on in this article.

Common Types of Vendor Fraud

Vendor fraud can take many forms. In 2021, fraudsters stole $7 million from the U.S. government by committing quality substitution and false billing vendor fraud. They illegally imported goods on contracts set aside for veterans and falsified the value of those goods to evade higher duties and taxes.

Common types of vendor fraud include:

Overbilling

This occurs when a vendor charges or supplies more than the agreed-upon price or quantity for goods or services, such as inflating invoice amounts or billing for hours not worked. It’s most common among vendors that supply large quantities of goods to a business. The hope is that with such a big order, the procurement or account payables team won’t have the proper tools or audit measures to cross-check purchase orders to invoices.

Another form of overbilling that’s common among employees is expense fraud, where employees inflate or add expenses that they never actually incurred. The company then reimburses them for these “fake” expenses, and they pocket the cash. While this is not vendor fraud, it does make up 13% of occupation fraud cases.

Duplicate Invoicing

One of the most common vendor fraud types is duplicate invoicing, which occurs when a vendor submits multiple invoices for the same product or service. For example, a vendor might send one invoice via email and another by mail, exploiting the lack of invoice tracking. Duplicate invoicing is also considered a form of invoice fraud.

Kickbacks

A kickback occurs when an employee colludes with a vendor to approve inflated or unnecessary contracts in exchange for cash or gifts. This happens during the sourcing process. An employee pushes the company to award a lucrative contract to a vendor in return for a percentage of the profits.

Phantom Vendors

Phantom vendors are schemes in which fraudsters create a fake vendor or shell company to steal money from a legitimate business. They create a fake tax ID number, use a nonexistent mailing address, create bank accounts that look legitimate, and generate fake invoices.

Misrepresentation of Vendor Identity

One form of vendor fraud involves fraudsters who impersonate legitimate vendors, steal payments, or access sensitive information from legitimate vendors. For example, a fraudster might compromise a vendor’s email and steal important information, then submit an invoice to a company the vendor works for. The fraudster may also email the company saying they’ve recently changed banking accounts and need them to send the payment to the “new account.”

Quality substitution or Delivery Fraud

This occurs when a vendor delivers substandard goods, swaps out the goods with an alternative without prior approval, or provides fewer goods than contracted. For example, a vendor might charge for premium materials but supply lower-quality substitutes or shorten the delivery quantity.

Price Fixing or Bid Rigging

Bid rigging is a scheme in which vendors work together to manipulate the competitive bidding process during a sourcing event. A group of vendors agrees to inflate bids so that one preselected vendor wins the contract at a higher price and may split some of the profits with the other vendors.

Advanced Payment Fraud

This occurs when a vendor requests partial or full payment upfront but fails to deliver the goods or services in the contract. For example, a vendor may demand a 40% advance payment but disappear without delivering the goods.

How to Detect and Prevent Vendor Fraud

Any type of vendor fraud can significantly affect a business, and the loss encompasses more than just revenue. It makes forecasting cash flow harder, limiting a company’s ability to scale. Trust in the supplier pool also shrinks, creating a longer sourcing and vendor onboarding process that slows a company’s ability to get to market quickly. And investors may pull out of partnerships due to doubt about the company’s ability to safeguard assets.

Luckily, there are strategies companies can deploy to protect themselves against vendor fraud. Enhancing oversight and using advanced technology are the best ways to stop fraud from occurring. Here are some actionable steps you can take to develop a strong fraud detection and prevention framework.

Step 1: Strengthen Internal Controls through Automation

Despite recent technological advancements, many companies still rely on manual procedures to prevent fraud. This might involve manually reviewing each invoice and cross-referencing it against a contract or purchase order or having one person approve and dispense payments to keep overhead costs low. It’s time-consuming, prone to errors, and leaves room for document altering.

Automation is the first step to better manage processes and protect associated data. Automation helps:

• Segregate duties with digital workflows that require dual or multiple approvals for large transactions or vendor changes.
• Verify invoice and payment details with three-way matching. It automatically matches purchase orders, delivery receipts, and vendor invoices to ensure consistency before approving payments.
• Restrict access to sensitive information with systems or tools that only authorized personnel can use. Paper or email-based processes can be compromised more easily.
• Detect anomalies or suspicious activity by automatically monitoring and analyzing each source-to-pay process over time, such as frequent changes to vendor banking details, duplicate invoices, or invoices exceeding set thresholds.

Step 2: Make Fraud Prevention a Team Sport

Fraud prevention should be a group effort because vendor fraud can occur at different levels in the source-to-pay cycle. The procurement or sourcing team may accidentally onboard an imposter fraudster, or an employee may change the bank account information on an invoice during the payment process. Finance and procurement departments need to create workflows and cross-departmental checks that ensure nothing slips through the cracks.

IT also needs a seat at the table when it comes to fraud prevention. How is the company’s sensitive data managed? Are vendor management systems and fraud prevention tools integrated? The best way to stop fraud is by having one centralized spend management system or platform to monitor and track all transactions. It enables IT to embed controls and guardrails and better manage data so auditing is more effective and efficient. Without a centralized spend management system, a third-party auditing service is needed. This requires IT to port company data, which can increase the risk of exposing confidential information.

Step 3: Conduct Vendor Due Diligence

Centralizing data and processes helps verify vendors and onboard them more efficiently. To ensure the company only works with legitimate vendors, it’s important to conduct comprehensive background checks, including financial health, reputation, and past performance. Some spend management software can automatically verify vendor risk. Using AI, the software checks the vendor’s information against various sources, such as InfoSec and Anti-Bribery Anti-Corruption (ABAC) domains.

Another way to prevent fraud is to use a trusted vendor network. Companies typically access a vendor network when they use a spend management platform or software. Depending on the platform, each network can be large and extensive or small. The vendors in these networks are monitored and analyzed by their performance levels. Prioritize working with vendors who have a proven track record and high-performance scores.

Once approved, a digital onboarding process via a supplier portal can streamline vendor management activities. Confirming POs, requesting bank account changes, or updating invoice information is done in one place, making it more difficult for fraud to occur. If a vendor sends an email about a bank account change, but it’s not noted or submitted in the supplier portal, it’s a red flag. The vendor’s email may be compromised, indicating a fraudster is attempting to divert the payment to a personal account.

A centralized system ensures a uniform and standardized vetting and onboarding process.

Step 4: Enforce Regular Audits and Reviews

Conduct regular internal audits of vendor contracts, invoices, and payment records to identify any discrepancies. Using a centralized spend management system facilitates a faster auditing process with data stored and categorized, making it easier to pull the necessary information within a few clicks.

Screen historic purchase orders from past vendors that may still be open. If the vendors have not notified you, establish automated inactivity closure for such accounts in 30-, 60-, and 90-day increments.

It’s also important to periodically review vendor credentials to confirm the legitimacy of existing vendor relationships. Real-time vendor risk detection tools can alert you to risky vendor changes, such as a new bankruptcy filing or suspicious patterns of repeat billing for out-of-scope materials.

Maximizing the Benefits of Fraud Prevention Software

Just like when your credit card company notifies you about a suspicious transaction on your account, fraud prevention software for businesses works in the same way. It plays a critical role in identifying and preventing fraudulent activities with suppliers by leveraging automation, advanced analytics, and machine learning to detect anomalies. When something doesn’t look right, like the altering of an invoice amount after its approval, it is flagged for immediate review and caught before a payment is made.

Before implementing the software, it’s important to:

• Ensure compatibility with existing systems. The software must integrate seamlessly with your spend management software to be most effective.
• Centralize data from multiple sources (both direct and indirect spend) for comprehensive monitoring and reporting. Fraud detection software uses AI, and AI only works if the data it’s analyzing is accurate, complete, and vast. You’ll eliminate blind spots if you have an entire landscape view of spend across the organization.
• Streamline processes with automation to help improve data management, vendor vetting, invoice matching, and payment verification. Integrating invoicing and payments together on a single platform enables fraud detection software to analyze data more effectively and flag suspicious or irregular activity.

Advanced software helps companies move from reactive fraud recovery to proactive vendor fraud prevention, stopping fraud before it can impact the business. Here are a few ways to get the most from vendor fraud prevention software.

Customize Approval Workflows

The right software enables customizable approval workflows. An example of this is if an invoice is above a certain dollar amount threshold or a bank account number is changed, it’s automatically flagged and routed to an auditor or authorized users to review before being processed.

Coupa’s SpendGuard™ fraud detection tool enables users to customize workflows with simple drag-and-drop functionality. Administrators can set guardrails to ensure these workflows can’t be changed without prior approval or admin credentials.

Create approval workflows and rules that match your company’s needs. Here are some tips:

• Customize rules for unusual payment amounts, vendor bank detail changes, or transactions outside typical patterns. Set up action triggers for certain rules, such as pausing a payment or requesting additional verification when fraud is suspected.
• Define different approval levels based on transaction value or risk, such as low-risk transactions requiring one approval and high-value or high-risk transactions from multiple levels or departments.
• Restrict access to specific workflow stages based on job responsibilities. This also helps create an audit trail when changes are made in the approval process. Approval groups for complex sourcing needs are another way to reduce fraud.

Create a Summary Dashboard

Instead of running a full-blown audit, summary dashboards are a quick way to review spend and spot risky patterns. Look to create a dashboard that categorizes these key areas of the source-to-pay lifecycle:

• Requisitions
• Purchase orders
• Invoice and payments
• Sourcing events

Vendor fraud can occur at many steps in the source-to-pay process, so complete monitoring at each step is critical.

Coupa’s SpendGuard dashboard provides a real-time overview of an organization’s spend and 25 alerts across six key categories: expenses, requisitions, orders, invoices, sourcing, and timesheets. Advanced AI analyzes transactions across all these spend categories, examining historical data and flagging anomalies that may indicate fraud, errors, or policy violations.

Stop Payments in Real Time

If an alert is set off, be sure the rules for the alert route to the appropriate party. To mitigate any internal employee collusion, it might be best to include multiple reviewers when an alert arises. Create a clear policy for each alert type so employees understand which protocols to follow.

With SpendGuard, alerts are detailed with apparent issues and broken down by requisition, invoice, or payment number to help ensure financial accuracy and security at every step.

Build Vendor Behavior Profiles

Building vendor behavior profiles with AI ensures you can catch fraudulent activity even with seemingly long-standing, trusted suppliers. These AI-driven profiles can identify transactions that aren’t suspicious alone but show non-compliant behavior when analyzed with past data and historical transactions.

The best data creates the best AI. SpendGuard is trained from the largest anonymized B2B commerce data set in the world, analyzing over $7 trillion in real-world transactions. That enormous range of transactions across industries and geographies enables SpendGuard to identify potential risks in spending patterns or supplier relationships that otherwise go unnoticed in smaller datasets.

The sheer volume and diversity of this data enable predictive insights. As fraudsters develop new techniques, the system detects these emerging anomalies across the Coupa community and provides early warning and protection.

Vendor fraud poses a significant threat to business, but with proactive strategies and the right technology, companies can effectively mitigate this risk and support long-term success.

For more Coupa Resources please go the Coupa Resource Page.