Accounts payable fraudis mostly an inside job.Fake vendors, duplicate payments, altered checks, and one trusted person who onboards, approves, and pays. Most AP fraud does not come from a hacker. It comes from a process where a single person can complete a payment unchecked. RankShield makes that impossible.
An outside deception, or an inside process failure
Accounts payable fraud splits in two. Most guides only cover the loud one.
The external family is the one that makes headlines: a fraudster poses as your vendor and emails new banking details, and your team pays the wrong account. That is business email compromise, and it has its own page here, invoice and vendor payment fraud. It is real and growing, but it is not where most accounts payable losses actually come from.
The internal family is quieter and, by the numbers, larger. Someone with access to the payables process, alone or working with a vendor, exploits the fact that no one is independently checking. The ACFE’s 2024 Report to the Nations, drawn from 1,921 real cases, finds asset misappropriation in 89 percent of occupational-fraud cases, and the two schemes that live specifically inside accounts payable, billing schemes and check tampering, together account for a third of all cases. This page is about that internal side, because it is the part your bank’s fraud tools and a BEC checklist do not touch.
The internal AP schemes, named
Shell vendor
An employee creates a fictitious vendor in the master file and submits invoices for goods never delivered. Payment routes to an account they control. The most common branch of the 22 percent billing-scheme category.
Duplicate & pay-and-return
A real invoice paid twice, or a deliberate overpayment to a genuine vendor, with the “refund” intercepted. It hides inside legitimate activity.
Check & payment tampering
Forged or altered checks, or changed banking details in the vendor master to redirect real disbursements. The highest median loss of the payables schemes, and 23 percent of cases at small firms.
Collusion
An insider and a vendor split the take. The ACFE found 54 percent of frauds involved multiple people, precisely because collusion is how you get around separation of duties.
Small firms get hit harder because one person does it all
Separation of duties is the defense, and it is the exact thing a lean AP function does not have.
The ACFE states the cause plainly: smaller organizations have fewer checks and balances and less segregation of duties. When the same trusted person onboards a vendor, approves its invoice, and releases the payment, there is no independent step where a fake vendor or a padded invoice would be caught. It is not that small businesses hire worse people. It is that they cannot afford the three-person process that makes the fraud hard, so a single point of trust becomes a single point of failure.
Verify the payee, and require an approval one person can’t self-satisfy
Internal and external AP fraud collapse to the same two failures. Close both and you close most of the exposure.
Strip the schemes down and they share a root. A shell-vendor scheme works because the person who set up the vendor also approved its invoices. A vendor-impersonation email works because the changed banking details were never checked against a trusted record. Both come down to (1) the payee was not independently verified, and (2) no genuine, independent human approved the payment.
Verify the payee
Every payment’s payee is checked against the vendor record you already trust, before it moves. A new or changed account does not clear on an email’s say-so.
Independent approval
The payment carries proof that an authorized approver, who is not the person originating it, signed off. The segregation of duties a small team cannot staff, enforced automatically.
No self-completion
No one person can onboard, approve, and release a payment end to end. That single rule defeats the shell vendor, the duplicate, the self-approval, and the collusion that circumvents manual controls.
A checkable record
Every decision leaves a record of who approved what, so a surprise audit, the control the ACFE found cuts loss and duration by half, actually has something to review. See verifiable attestation.
Shared across the network
A payee or account flagged at one member of the RankShield Network is shared across it, so a fake vendor or account seen elsewhere is known before you pay it. Unlike a scoring consortium, every shared verdict is independently verifiable, and the signal compounds as members join.
Evidence, not adjectives
Every figure on this page is from the ACFE’s 2024 Report to the Nations, drawn from 1,921 real cases, and we cite it rather than paraphrasing it into folklore. We do not claim a fraud network, customer names, or a sealed build we cannot show you, which our transparency page reports honestly. What we offer is the segregation of duties and payee verification that small AP teams cannot staff by hand, automated and applied before the money moves.
Accounts payable fraud, answered
What is accounts payable fraud, and how is it different from invoice fraud?
How common is internal accounts payable fraud, really?
Why are small and mid-sized businesses hit harder by internal AP fraud?
We trust our AP person. Isn’t this someone else’s problem?
How does RankShield address both internal and external AP fraud?
See your payments verified before they settle.
Most AP fraud runs because one person can complete a payment alone. Verify the payee, require an independent approval, and leave a record — automatically, on every payment. Request access and we will map it to your AP process.