Skip To Main Content
    Contact Us
    March 31, 2026

    Vendor fraud mitigation: A business guide.

    Vendor fraud has become a major financial and operational risk for all types of businesses.

    The Association for Financial Professionals’ 2025 Payments Fraud and Control Survey revealed that 45% of companies were targets of vendor imposter fraud in 2024, up from 34% in the previous year. While businesses of any size can be targets of vendor fraud, small businesses are especially vulnerable because they have limited staff and often lack dedicated fraud detection teams.

    Understanding the most common types of vendor fraud, and the most effective tactics for mitigating them, is essential for reducing organizational risk for all businesses.

    What is vendor fraud?

    Vendor fraud is a type of financial deception in which a business’s vendors or employees working with vendors intentionally manipulate payments or procurement processes to steal money or overcharge for services and goods. In some cases, the fraudulent activity is carried out by bad actors who are posing as vendors.

    These schemes can drain a company’s resources and undermine the integrity of the business’s procurement and accounts payable operations.

    Common types of vendor fraud.

    Vendor fraud can involve various scenarios, including fraudulent invoicing practices such as inflated or duplicated charges; ghost vendor fraud, where payments are made to fake or nonexistent suppliers; payment diversion fraud, where legitimate payments are redirected to fraudulent accounts; and price fixing or bid rigging, where vendors collude to control pricing or limit competitive bidding.

    Invoice fraud and overbilling schemes.

    One of the most common types of vendor fraud involves invoicing scams.

    For example, a vendor might submit an invoice for goods or services that were never delivered. Or, the vendor might submit an invoice for higher than the contracted amount, or duplicate invoices for the same deliverable.

    In many cases, invoice fraud is the result of a collusion between the vendor and a dishonest employee in the company. The bad actor working on the inside authorizes fraudulent payments to the vendor in exchange for a kickback or other financial incentives.

    Invoice fraud and overbilling schemes are rarely one-time events. Perpetrators often begin with small, one-off attempts to probe a business’s security and controls. Once the bad actors identify a vulnerability in the accounts payable process, they’ll exploit it repeatedly to generate sustained, long-term financial gain.

    Ghost vendor fraud.

    A fraudulent scheme involving a fake vendor is known as ghost vendor fraud.

    By exploiting vulnerabilities in a company’s vendor management system, bad actors are able to create a fictitious supplier and then submit fraudulent invoices for goods or services that weren’t provided. Ghost vendor schemes frequently involve insiders at a business who are either working alone or with outsiders.

    The fictitious vendor often evades detection because they use false information that makes it appear legitimate within the company’s system, including fabricated bank account numbers, tax identification numbers and vendor numbers. The fake invoices are also usually in small, inconspicuous amounts to help evade detection.

    These schemes are often meticulously planned and involve multiple steps to avoid detection, including forged documents and impersonation. All of these measures can make it difficult for companies to identify ghost vendor fraud promptly.

    Payment diversion fraud.

    Payment diversion fraud often involves sophisticated schemes in which criminals trick a business into updating the bank account information for a legitimate vendor. Once the payments details have been altered, future vendor payments are rerouted to an account controlled by the vendor imposter, allowing them to intercept funds intended for the genuine vendor.

    This type of fraud usually involves business email compromise (BEC), which is when a criminal compromises a legitimate email account and spoofs the owner’s identity. Once the criminal gains access to a vendor’s email account, usually with stolen credentials, they’re able to gain control of accounts by changing recovery information and adding fraudsters as authorized users. They’re also able to monitor ongoing conversations and impersonate the vendor with highly convincing requests, in many cases with the use of AI tools.

    Another type of payment diversion fraud involves employees intercepting legitimate vendor checks or invoices and altering them to divert money to their own accounts.

    Price fixing and bid rigging.

    Price fixing and bid rigging are illegal, anti-competitive practices where vendors collude to manipulate contracts and inflate prices. These practices may also involve bribes to one or more of a company’s employees.

    Price fixing occurs when vendors who are competitors agree to raise, fix, or maintain prices for the same goods or services, or to jointly establish a price range or minimum price.

    Bid rigging is a type of collusion where two or more vendors steer a company’s purchase of goods or services by agreeing in advance who will win a bid. In some cases, the vendors will engage in bid rotation, which is when vendors take turns acting as the low bidder. Another bid-rigging scheme involves bid suppression, where competing vendors agree that one or more of them won’t bid at all, or will withdraw a previously submitted bid.

    Complementary bidding is another form of bid rigging among vendors designed to give the appearance of competition. In this scheme, coconspirators submit token bids that are intentionally high or intentionally fail to meet all of the bid requirements so they will lose a contract.

    Vendor fraud mitigation tactics.

    Businesses can reduce their exposure to vendor fraud by deploying several fraud mitigation strategies. These include setting up strong internal controls for all accounts payable processes, scheduling internal and external audits to detect unusual patterns of vendor payments, and regularly educating employees about vendor fraud. This multi-pronged approach to vendor risk management helps create accountability and can lower the risk of unauthorized actions.

    Strong internal controls for vendor payments.

    The first line of defense for businesses that regularly transact with vendors is to implement several strong internal controls to mitigate vendor fraud and ensure operational efficiency.

    Internal controls are policies, procedures and systems that a business sets up to formalize and document how they handle the various steps in the accounts payable process, including verification steps, approvals and access to assets. These measures help ensure that a company’s vendor payments and other transactions are valid, authorized and properly recorded.

    Segregated accounts payable duties.

    One of the most important internal controls in a company’s accounts payable department is the segregation of the payments process so that different employees are responsible for different tasks.

    For example, one person might enter data for a new vendor, but another person needs to review and approve that information. In addition, the employee who originates a transaction would be different from the person who is verifying or reconciling that payment. When large payments or changes are entered, or there are unusual or out-of-cycle invoices, then sign-off by two or more people would be required.

    Splitting responsibilities among several employees not only makes it harder for one person to conceal fraud, but it also provides an additional layer of protection if a scammer is attempting to trick someone into issuing an improper payment.

    Switching from manual systems to digital accounts payable and receivable systems creates a clear audit trail and supports better segregation of duties and fewer single-person controls over critical payments tasks.

    Payments authorization and verification procedures.

    A key strategy for mitigating vendor fraud is to implement strong onboarding procedures for new vendors, as well as formal systems for making any requested changes to established vendor accounts.

    For example, before adding a new vendor to your system, make sure you call the vendor using a known phone number, rather than a phone number in an emailed request. Validate the vendor’s tax ID, business registration, contact information and bank details.

    If you receive an unsolicited phone call claiming to be from an established vendor requesting a payments change, hang up and call back using the number on file to verify that it’s a legitimate request. The same is true of vendor payments changes made through email. Confirm any payments change requests through secondary channels such as phone calls to established contacts, since fraudsters can insert fake vendor details into phishing emails.

    Reviewing vendor activity with regularly scheduled vendor audits is another way to uncover fraudulent transactions such as unauthorized changes or duplicate entries.

    Employee training on fraud awareness.

    Educating employees on how to mitigate vendor fraud is a crucial part of the equation.

    In addition to reviewing policies and procedures for issuing and receiving payments, regular training and communication should include how to recognize social engineering tactics such as phishing and scam emails, as well as other red flags such as inconsistent vendor details and urgent payments requests.

    Building a culture of ethics and integrity within the organization can also help discourage fraudulent behavior by employees.

    What to do if you suspect vendor fraud.

    With vendor fraud so prevalent today, businesses should be on the lookout for suspicious vendor activity. According to the Association for Financial Professionals, some of the most common vendor fraud red flags include the following:

    • Multiple invoices are paid to the same vendor on the same date or within the same payment cycle.
    • Invoices are approved for payment at times outside of normal operating hours.
    • The vendor’s prices are well below market.
    • Two invoices have nearly identical invoice numbers.
    • The vendor lacks a verifiable tax identification number.
    • The vendor lacks standard contact information.
    • Orders repeatedly fall below thresholds for reporting or approval.
    • Invoices and transactions are for whole-dollar amounts.
    • Invoice numbers deviate from the vendor’s usual numbering conventions.
    • The payment and delivery addresses are different.
    • Payment to a known vendor is much higher than the typical invoice total.
    • The vendor’s address or contact information suddenly and unexpectedly changes.

    If you suspect that your business has been the victim of vendor fraud, reach out to your bank immediately for help addressing the issue.

    The bank can work with you to review your safety measures, help resolve any unauthorized or improper payments, and guide you in contacting the appropriate authorities. It can also offer ongoing support to strengthen controls and help reduce the risk of future fraud.

    Back to top

    About Us

    Careers

    • Join Our Team
    • Get Connected
    • Team Member Stories
    • Follow Us on Instagram
      You are now leaving the Commerce Bank website.

      By clicking the "I Agree" button below, you acknowledge and agree to the following:

      You will leave the Commerce Bank website and enter a third party social media/collaboration website. The information shared on Instagram.com is not the responsibility of Commerce Bank and we are not responsible for the content shared between users and participants on the site. Please note that Instagram.com may have its own privacy and security policies which differ from those of Commerce Bank.

      Never share your personal information on Instagram.

    • Upcoming Events

    Security Center

    Other Links

    Challenge Accepted.(R) Member FDIC. Commerce Bank logo

    Privacy Statement | Online Privacy Policy & Terms of Service | En Español

    Equal Housing Lender, Member FDIC

    Copyright © 2026 Commerce Bancshares, Inc. All rights reserved. Commerce Bank, Member FDIC.