Minimising the risks of invoice fraud using algorithms and AI

One corollary of the digital transformation of the Finance function is that paper invoices are virtually a thing of the past. ‘The share in the Dutch market is less than one per cent. Invoice processing has been extensively digitised; which, incidentally, more than 90% is still in PDF form.’

As ISPnext's Director Product Management for Business Spend Management, he naturally welcomes digitisation. ‘But not only me. I think every Finance professional recognises the benefits. But, the coin has another side: it brings new issues. A digital invoice processing process is also vulnerable to errors. These could be technical or human errors, or deliberate fraud.’

‘After cybercrime and corruption, Procurement fraud is the biggest financial risk within organisations,’ Schouten states, referring to research by PWC (Global Economic Crime Survey 2024). ‘The damage involved can be significant and directly affects an organisation's profitability or even livelihood.’

A common form is invoice fraud. This can involve fake invoices or duplicate invoices, but also a supplier or own employee adjusting invoices. A digital invoice processing system can recognise this, but fraudsters are getting smarter. Schouten: ‘An automated system uses bandwidths, for instance, within which deviations are allowed. A supplier can look for the limits. For example, if an order comprises €1,000 and the invoice is €1,100, that might still just fall within the 10% bandwidth. But ten times a hundred euros is also a thousand huh!’

A second form of fraud is internal, where, for example, goods disappear from the warehouse or company purchases are delivered privately. A third form is fraud by criminals, via phishing or identity fraud. ‘You can recreate an invoice from a particular company and change the bank account number and submit invoices with it. The checks on this are not always conclusive. Believe me, you almost have to be an IT guy to see through all the fraud possibilities.’

But e-invoicing does not solve all problems, Schouten acknowledges. ‘For example, it does not prevent invoice fraud.’ ISPnext has set itself the goal of ensuring secure transactions and thereby implicitly increasing trust in the digital world. To further eliminate fraud, the software company is therefore adding AI elements to its BSM platform.

For instance, the solution includes AP Automation algorithms that detect fraud risks. ‘With the increasing number of transactions and complexity of data, traditional control mechanisms such as sampling and the four-eye principle are increasingly difficult to apply. New techniques, such as AI, are needed to recognise patterns. Our software automatically links invoices to purchase orders or contracts, recognises patterns and discrepancies and submits discrepancies for checking. If Finance then gives feedback back to the system, it can further improve itself via machine learning. In time, this allows the system to process more and more completely on its own.’