Skip To Main Content
    Contact Us
    May 06, 2026

    Accounts payable fraud: Red flags and mitigation tactics.

    The accounts payable (AP) department is one of the most vulnerable areas of fraud for any business. As the central hub for a company’s outgoing funds, AP is a common target for bad actors looking to scam businesses out of money. Furthermore, the consequences of AP fraud can go far beyond financial losses. Fraudulent payments activities can also cause compliance issues, damage vendor relationships, and divert time and resources from important business initiatives.

    What is AP fraud?

    AP fraud refers to fraudulent activity that manipulates a company’s payment processes to steal money. It may be carried out by external parties such as vendors or cybercriminals posing as vendors, or by internal employees who have access to accounting systems. Sometimes, the fraudulent scheme involves internal and external parties working together. In many cases, AP fraud can go undetected for several months or longer.

    Common types of AP fraud schemes.

    While AP fraud can take many forms, these are the most common schemes that a business may encounter:

    Business email compromise (BEC) scams.

    A business email compromise (BEC) scam occurs when a cybercriminal sends an email to a company employee that appears to be from a legitimate source — such as a company executive, vendor or business partner — and requests an urgent wire transfer, a change to a payment process, or access to confidential data. Once a payment is sent, recovering the funds can be extremely difficult.

    BEC is considered a type of phishing. Unlike mass phishing, the email is highly personalized and often involves research into the way a business is structured.

    The Association for Financial Professionals’ 2025 Payments Fraud and Control Survey found that BEC was the leading avenue for both attempted and successful payments fraud in 2024.

    Check fraud.

    According to the same 2025 Payments Fraud and Control Survey, checks are the payment method most often targeted for payments fraud, with 63% of respondents experiencing attempted or actual fraud using checks in 2024.

    Unlike electronic transactions, which typically incorporate multiple layers of security protocols, paper checks rely on basic security features that bad actors can easily circumvent. Examples of check fraud include mailbox theft, forged signatures, check washing (the chemical removal of legitimate payments information), counterfeit reproduction and fraudulent checks issued to shell companies.

    While paper checks are more vulnerable to fraud than electronic payments, bad actors can use stolen bank routing and account numbers to initiate unauthorized eCheck debits through the Automated Clearing House (ACH) network.

    Invoice fraud.

    Invoice fraud occurs when a scammer submits false invoices to AP for goods and services that were never delivered. Types of invoice fraud include inflated invoices submitted by a legitimate vendor, invoices that are submitted more than once, and “ghost vendor” scams, where a fake vendor account is created in the accounting system.

    Kickback schemes.

    Kickback schemes are a type of AP fraud that usually involves collusion between an employee and a vendor. When a vendor submits a fake or inflated invoice, the bad actor working on the inside will authorize a fraudulent payment in exchange for cash, gifts or other incentives. This type of AP fraud is particularly difficult to detect because the payments often appear to be legitimate.

    Red flags and warning signs: Detecting AP fraud early.

    AP fraud can be difficult to detect because it often hides within routine financial transactions. However, there are several common warning signs that may indicate fraudulent activity:

    • Increases in vendor payments: Sharp increases in payments to a single vendor, without a corresponding increase in goods or services, are a major red flag for AP fraud. If payments suddenly skyrocket during off hours, a fraudster may be exploiting quieter times to push through unauthorized payments.
    • A pattern of payments that are slightly under the payment approval amount: Bad actors will often keep payments slightly below the threshold that requires payment approval so that unauthorized payments are less likely to be noticed.
    • Unusual vendor details: Be suspicious of sudden changes to vendor banking information, vendors with only a P.O. box address, and vendors who don’t have a verifiable tax identification number.
    • Sense of urgency and secrecy: Any sudden demand for immediate action or claim that payment is required right away is a red flag for AP fraud, and it’s especially common with BEC scams. Fraudsters are counting on an employee skipping standard verification procedures because of the urgent nature of the request. This is often paired with an appeal for secrecy, where the fraudster asks the employee to keep their conversation confidential.

    Mitigation strategies for AP fraud.

    Businesses can reduce the risk of AP fraud by using a multipronged approach that involves people, process and technology. Key fraud mitigation strategies include the following:

    • Segregation of duties: Separate employee responsibilities around vendor setup, invoice processing and approval so that no single person controls the entire payment process. In addition, require that two or more people approve changes to accounts or large payment requests. These strong internal controls help ensure that a company’s AP procedures are valid and properly authorized.
    • Strict vendor verification procedures: Before onboarding a new vendor, verify tax ID and banking details and confirm the vendor’s contact information independently. If payment changes are requested, verify the details by contacting the vendor through a secondary channel.
    • Use digital AP systems: Switching from manual to digital AP systems allows for better segregation of duties and fewer single-person controls over AP tasks. In addition, financial institutions such as Commerce Bank offer fraud mitigation solutions that can help detect suspicious activity and reduce exposure to cybercrime.
    • Train employees regularly: People are your first line of defense. Many AP fraud schemes — especially BEC scams — succeed by exploiting human psychology rather than technical vulnerabilities, focusing on trust, urgency and authority. Teach employees how to recognize suspicious messages and what to do if one is received.

    What to do if you suspect AP fraud.

    If you think your business has been the victim of AP fraud, it’s important to act quickly to limit losses and preserve evidence. After restricting access to payments systems and freezing any suspicious vendor accounts, contact your bank as soon as possible. Your banking representative can work with you to resolve any unauthorized or improper payments and guide you through the recommended next steps. These include reporting the fraud to the proper authorities and reviewing internal procedures to help prevent any further fraudulent activity.

    Back to top

    About Us

    Careers

    • Join Our Team
    • Get Connected
    • Team Member Stories
    • Follow Us on Instagram
      You are now leaving the Commerce Bank website.

      By clicking the "I Agree" button below, you acknowledge and agree to the following:

      You will leave the Commerce Bank website and enter a third party social media/collaboration website. The information shared on Instagram.com is not the responsibility of Commerce Bank and we are not responsible for the content shared between users and participants on the site. Please note that Instagram.com may have its own privacy and security policies which differ from those of Commerce Bank.

      Never share your personal information on Instagram.

    • Upcoming Events

    Security Center

    Other Links

    Challenge Accepted.(R) Member FDIC. Commerce Bank logo

    Privacy Statement | Online Privacy Policy & Terms of Service | En Español

    Equal Housing Lender, Member FDIC

    Copyright © 2026 Commerce Bancshares, Inc. All rights reserved. Commerce Bank, Member FDIC.