Request access
RankShield Financial · Accounts payable

Accounts payable fraudis mostly an inside job.Fake vendors, duplicate payments, altered checks, and one trusted person who onboards, approves, and pays. Most AP fraud does not come from a hacker. It comes from a process where a single person can complete a payment unchecked. RankShield makes that impossible.

payee-verifiedindependent approvalno self-payment
From the ACFE, 1,921 real cases
22%
of occupational fraud is billing schemes: fake vendors, inflated and duplicate invoices. $100k median loss (ACFE 2024)
12 mo.
median time an AP scheme runs before anyone catches it; losses grow to $875k at five years (ACFE 2024)
01 // two families
Where AP fraud comes from

An outside deception, or an inside process failure

Accounts payable fraud splits in two. Most guides only cover the loud one.

The external family is the one that makes headlines: a fraudster poses as your vendor and emails new banking details, and your team pays the wrong account. That is business email compromise, and it has its own page here, invoice and vendor payment fraud. It is real and growing, but it is not where most accounts payable losses actually come from.

The internal family is quieter and, by the numbers, larger. Someone with access to the payables process, alone or working with a vendor, exploits the fact that no one is independently checking. The ACFE’s 2024 Report to the Nations, drawn from 1,921 real cases, finds asset misappropriation in 89 percent of occupational-fraud cases, and the two schemes that live specifically inside accounts payable, billing schemes and check tampering, together account for a third of all cases. This page is about that internal side, because it is the part your bank’s fraud tools and a BEC checklist do not touch.

02 // the schemes
How the money leaves

The internal AP schemes, named

Shell vendor

a company that isn't real

An employee creates a fictitious vendor in the master file and submits invoices for goods never delivered. Payment routes to an account they control. The most common branch of the 22 percent billing-scheme category.

Duplicate & pay-and-return

the excess diverted

A real invoice paid twice, or a deliberate overpayment to a genuine vendor, with the “refund” intercepted. It hides inside legitimate activity.

Check & payment tampering

$155k median

Forged or altered checks, or changed banking details in the vendor master to redirect real disbursements. The highest median loss of the payables schemes, and 23 percent of cases at small firms.

Collusion

two people, no controls

An insider and a vendor split the take. The ACFE found 54 percent of frauds involved multiple people, precisely because collusion is how you get around separation of duties.

03 // why SMBs
The control you can’t staff

Small firms get hit harder because one person does it all

Separation of duties is the defense, and it is the exact thing a lean AP function does not have.

23% vs 9%
Check and payment tampering strikes firms under 100 employees at 23% of cases, versus 9% at large firms — the biggest small-vs-large gap of any scheme (ACFE 2024).
40% vs 90%
Only 40% of small firms have an internal audit function, against 90% of large ones. Fewer eyes, longer-running schemes.
Half
More than half of frauds occurred due to an insufficient system of internal controls: 32% a lack of controls, 19% an override of them (ACFE 2024).

The ACFE states the cause plainly: smaller organizations have fewer checks and balances and less segregation of duties. When the same trusted person onboards a vendor, approves its invoice, and releases the payment, there is no independent step where a fake vendor or a padded invoice would be caught. It is not that small businesses hire worse people. It is that they cannot afford the three-person process that makes the fraud hard, so a single point of trust becomes a single point of failure.

04 // the fix
One control, both families

Verify the payee, and require an approval one person can’t self-satisfy

Internal and external AP fraud collapse to the same two failures. Close both and you close most of the exposure.

Strip the schemes down and they share a root. A shell-vendor scheme works because the person who set up the vendor also approved its invoices. A vendor-impersonation email works because the changed banking details were never checked against a trusted record. Both come down to (1) the payee was not independently verified, and (2) no genuine, independent human approved the payment.

Verify the payee

against a trusted record

Every payment’s payee is checked against the vendor record you already trust, before it moves. A new or changed account does not clear on an email’s say-so.

Independent approval

not the originator

The payment carries proof that an authorized approver, who is not the person originating it, signed off. The segregation of duties a small team cannot staff, enforced automatically.

No self-completion

no single point of failure

No one person can onboard, approve, and release a payment end to end. That single rule defeats the shell vendor, the duplicate, the self-approval, and the collusion that circumvents manual controls.

A checkable record

who approved what

Every decision leaves a record of who approved what, so a surprise audit, the control the ACFE found cuts loss and duration by half, actually has something to review. See verifiable attestation.

Shared across the network

flagged once, known to all

A payee or account flagged at one member of the RankShield Network is shared across it, so a fake vendor or account seen elsewhere is known before you pay it. Unlike a scoring consortium, every shared verdict is independently verifiable, and the signal compounds as members join.

What we claim, and what we do not

Evidence, not adjectives

Every figure on this page is from the ACFE’s 2024 Report to the Nations, drawn from 1,921 real cases, and we cite it rather than paraphrasing it into folklore. We do not claim a fraud network, customer names, or a sealed build we cannot show you, which our transparency page reports honestly. What we offer is the segregation of duties and payee verification that small AP teams cannot staff by hand, automated and applied before the money moves.

FAQ

Accounts payable fraud, answered

What is accounts payable fraud, and how is it different from invoice fraud?
Accounts payable fraud is the broad category of schemes that steal money through the payments process. It splits into two families. External AP fraud is when an outsider deceives you, most often business email compromise, where a fraudster poses as a real vendor and emails fake banking details. Internal AP fraud is when someone inside, or an insider working with a vendor, exploits weak controls: a fake vendor set up in the system, a duplicate payment with the excess diverted, an altered check, or a payment the same person both approved and released. The external kind is covered on our invoice and vendor fraud page. This page focuses on the internal side, which the ACFE finds is where the most common and most damaging AP schemes live.
How common is internal accounts payable fraud, really?
It is the core of occupational fraud. The ACFE’s 2024 Report to the Nations, based on 1,921 real cases, found that billing schemes, which include fake vendors and inflated or duplicate invoices, account for 22 percent of all occupational-fraud cases with a median loss of 100,000 dollars. Check and payment tampering accounts for another 11 percent, with the highest median loss of the payables schemes at 155,000 dollars. And these schemes run a long time before anyone notices: the median fraud lasts 12 months, and losses scale sharply the longer it goes, from 30,000 dollars when caught inside six months to 875,000 dollars when it runs five years or more. AP fraud is rarely a single dramatic event. It is a slow leak through a weak process.
Why are small and mid-sized businesses hit harder by internal AP fraud?
Because the control that stops it, separating who can set up a vendor from who approves and who pays, is the exact control small businesses cannot staff. The ACFE found firms under 100 employees suffer check and payment tampering at 23 percent of cases versus 9 percent at large firms, the single largest gap of any scheme between small and large organizations, and billing schemes at 31 percent versus 22 percent. It names the cause directly: smaller organizations have fewer checks and balances and less segregation of duties. Only 40 percent of small firms have an internal audit function, against 90 percent of large ones. When one trusted person onboards the vendor, approves the invoice, and releases the payment, there is no second set of eyes, and that is precisely the gap these schemes exploit.
We trust our AP person. Isn’t this someone else’s problem?
Trust is not a control, and the data is uncomfortable about this. More than half of occupational frauds, per the ACFE, occurred because of an insufficient system of internal controls: 32 percent traced to a lack of internal controls and another 19 percent to someone overriding the controls that existed. And 54 percent of frauds involved more than one person colluding, with three or more colluders pushing the median loss to 329,000 dollars, specifically because collusion is how people get around separation of duties. The point is not that your AP clerk is dishonest. It is that a process where one person can complete a payment end to end, or where two people can quietly agree to, is a process that depends on everyone staying honest forever. Controls exist so it does not have to.
How does RankShield address both internal and external AP fraud?
Both families collapse to the same two failures: the payee was never independently verified, and no genuine, independent human approved the payment. A shell-vendor scheme works because one person set up the vendor and approved its invoices. A vendor-impersonation email works because the changed banking details were never checked against a trusted record. RankShield verifies the payee against the record you already trust and requires proof that an authorized approver, who is not the person originating the payment, signed off, before the money moves. That single control defeats the fake vendor, the self-approved payment, the duplicate, and the external payee swap, because it removes the ability of any one person, inside or outside, to complete a payment unchecked. It automates the segregation of duties the ACFE says small firms lack.
Verify, then settle

See your payments verified before they settle.

Most AP fraud runs because one person can complete a payment alone. Verify the payee, require an independent approval, and leave a record — automatically, on every payment. Request access and we will map it to your AP process.

Request accessHow it works