Despite technical advancements in fraud protection, vendor fraud remains a persistent challenge for merchants. It costs businesses more than just lost cash – it incurs legal fees and damages your reputation. That’s why your fraud monitoring strategy needs to update over time.
On this page, you’ll learn what vendor fraud is, how it works, and how to identify and prevent vendor fraud schemes. We’ll also explain how Checkout.com can help your business thrive in the ever-changing world of payment fraud.
What is vendor fraud?
Vendor fraud describes fraudulent activity carried out by genuine or fake vendors that targets a business. It normally relates to someone tricking a company's accounts payable and payment processes for personal gain, using tactics like bribes, invoice manipulation or check tampering.
It can range from relatively straightforward attacks to highly sophisticated schemes, and may involve collaboration between external parties and employees, or even a collective effort from a group of employees within the target business.
Vendor fraud schemes can be broadly classified into three main categories:
- Internal employee(s) engaging in collusion to defraud the business.
- External vendors or individuals perpetrating fraud without internal assistance.
- Collaboration between an external vendor or individual and internal employee(s) in defrauding the company.
Types of vendor fraud
Vendor fraud takes on many different forms because it refers to who’s done it rather than how it's done. The most common types of vendor fraud schemes include:
- Fake vendor fraud – vendor fraud involving a non-existent, fabricated company. These can be set up internally, but external actors can also pose as legitimate vendors. It may involve cases of synthetic identity fraud, when a fraudster uses aspects of a real person’s identity.
- Insider threats – employees within the target company may engage in vendor fraud independently or in collusion with external actors. For instance, an insider threat may orchestrate duplicate payments, appearing to pay a legitimate vendor while secretly diverting the second payment to their own account.
- Price fixing – multiple vendors conspiring to set a market price for a product or service, violating competition laws and constituting a form of vendor fraud.
- Invoice fraud – the submission and deliberate approval of counterfeit or altered invoices.
- Check tampering – an employee or external fraudster may forge, alter, or intercept a check, attempting to divert payments to a fraudulent bank account instead of a legitimate supplier's.
- Vendor Email Compromise (VEC) – an individual gains control of a legitimate vendor's email account and impersonates them, directing companies to send payments to a fraudulent account.
- Billing fraud – deceitful activities involving manipulated sums or payments, including overbilling and fake vendors.
- Bid rigging – in procurement, genuine competitors collude to manipulate their bids for a contract, leading the purchasing company to potentially overpay compared to the market price.
- False certifications – a vendor (legitimate or fake), falsifying their certification (e.g. ISO certificates) to secure a contract for which they don’t qualify. It may also refer to fabricated website certificates used to give a false impression of legitimacy.
- False payments – an employee may fabricate a payment entry for a vendor, redirecting funds to their own account, effectively embezzling from the company.
- Short and long firm fraud – reliant on supplier credit, fraudulent businesses establish seemingly legitimate relationships before exploiting them for supplier fraud.
- Wire fraud – all vendor fraud conducted online or over the phone, or facilitated by online payments, falls under wire fraud in the US. Perpetrators caught committing vendor fraud can face wire fraud penalties, which may include fines of up to $1,000,000 and a potential 30-year prison sentence if the scheme is deemed major.
- Electronic vendor fraud – includes all vendor fraud enabled by digital systems or involving electronic payments.
- Kickbacks and bribes – an external party bribes an employee to aid in vendor fraud, typically at the procurement or accounts payable level.
It’s worth noting that the Government Finance Officers Association (GFOA) in the US has published an electronic vendor fraud advisory to safeguard authorities from falling victim to electronic payment fraud, outlining how fraudsters employ fake documentation for electronic vendor payment deposits.
Who is vulnerable to vendor fraud?
Smaller to medium-sized private companies, often referred to as "soft targets," tend to be at higher risk of falling victim to vendor fraud schemes. These businesses usually have less comprehensive internal controls or fraud analytics in place.
SMBs often heavily depend on a small number of employees to handle vendor transactions and payments, without implementing a careful separation of responsibilities. This situation creates a greater chance for a small group of individuals to manipulate payments and records without detection.
On the other hand, executing vendor fraud — be it digital, involving employee collusion, or aided by external scammers — becomes more challenging when businesses scale and put stronger anti-fraud measures in place.
It’s crucial to bear in mind that fraudsters continually evolve their tactics, which means orchestrating a complex fraud scheme against a large business remains a possibility.
How to identify early signs of vendor fraud
Most vendor fraud schemes show specific characteristics. While meeting one of these criteria doesn't necessarily indicate vendor fraud, finding several in your business may warrant an investigation:
- Discrepancies between payment and delivery addresses.
- Vendor addresses or payment details originating from high-risk or international locations.
- Invoices and transactions with round-dollar amounts.
- Vendors lacking standard contact information or phone numbers.
- Repeated orders falling below reporting thresholds or internal approval limits.
- Invoice payments diverging from the standard internal payment process and controls.
- Invoice numbers not conforming to the vendor’s standard numbering convention (e.g. unexpected hyphenation, numerical, or alphabetical suffix).
- Payments to a known vendor significantly exceeding the usual or anticipated invoice total.
- Companies lacking common tax ID numbers like an Employee Identification Number (EIN), Value Added Tax (VAT), or Economic Operator Registration and Identification (EORI).
- Mailing information that includes only a PO Box.
If you see suspicious activity by a known, trusted vendor, then take the time to investigate the discrepancy and work with the vendor to find a resolution.
In cases where fraud happens on a corporate card or other corporate account and can’t be resolved directly with the vendor, seek guidance from the card issuer or your bank for further steps.
How to detect and prevent vendor fraud
When it comes to vendor fraud prevention, here are six best practices to follow:
Conduct regular vendor audits
Regular audits of your vendors serve as a powerful defense against significant financial losses resulting from fraudulent activities. Start with a thorough examination of vendor master files and go from there.
Use invoice matching techniques
When done correctly, invoice matching is a potent tool in minimizing instances of vendor fraud. This method involves comparing vendor-submitted invoices with financial documents such as purchase orders, payment receipts, and inspection records. You can choose a one-to-one comparison or perform a comprehensive three-way match, as the situation demands.
Establish an efficient vendor management system
To combat vendor fraud effectively, it's crucial to have a robust vendor management system in place. This system streamlines vendor risk management, significantly reducing the likelihood of fraud.
Implement a multi-level payment approval process
To fight vendor fraud, it's essential to avoid a scenario where a single employee is solely responsible for vetting vendor invoices. Instead, ensure that invoices undergo scrutiny from two or more employees across different departments and management levels.
Conduct regular employee background checks
If an employee has a personal connection to a vendor, it creates an opportunity for fraud. To counter this, it's important to routinely conduct background checks on employees in relation to your vendors, especially in cases where they're related or married.
Rotate employees
Fraudulent schemes often need the cooperation of one or more employees to go undetected. Typically, employees in procurement and accounting are more susceptible to involvement in such schemes. To mitigate this risk, consider rotating your employees, potentially transferring them to different departments or even different branches.
How Checkout.com helps with Vendor fraud
Vendor fraud comes in various forms, ranging from low-profile cases of overbilling vendors to major cases of wire fraud that can incur up to 30 years in prison.
This means it's crucial for your business to get support from a comprehensive fraud detection toolkit that can adapt to the evolving world of payment fraud, rather than relying on one method.
That’s where Checkout.com comes in. With our Fraud Detection Pro solution, you’ll get anti-fraud protection that’s tailored to your specific risk profile. With features like machine learning, robust reporting and testing capabilities, you’ll have all the tools you need to protect your business and minimize false positives.
Contact our team today to learn more or visit our website to explore the details of Checkout.com's Fraud Detection Pro and how its powerful anti-fraud features can minimize the impact of fraud on your business.