Minimising the risks of invoice fraud using algorithms and AI

One corollary of the digital transformation of the Finance function is that paper invoices are virtually a thing of the past. "The share in the Dutch market is less than one per cent. Invoice processing has been extensively digitised; which, incidentally, more than 90% is still in PDF form."

As ISPnext's Director Product Management for Business Spend Management, he naturally welcomes digitisation. "But not only me. I think every Finance professional recognises the benefits. But, the coin has another side: it brings new issues. A digital invoice processing process is also vulnerable to errors. These could be technical or human errors, or deliberate fraud."

‘After cybercrime and corruption, Procurement fraud is the biggest financial risk within organisations,’ Schouten states, referring to research by PWC (Global Economic Crime Survey 2024). ‘The damage involved can be significant and directly affects an organisation's profitability or even livelihood.’

A common form is invoice fraud. This can involve fake invoices or duplicate invoices, but also a supplier or own employee adjusting invoices. A digital invoice processing system can recognise this, but fraudsters are getting smarter. Schouten: "An automated system uses bandwidths, for instance, within which deviations are allowed. A supplier can look for the limits. For example, if an order comprises €1,000 and the invoice is €1,100, that might still just fall within the 10% bandwidth. But ten times a hundred euros is also a thousand huh!"

A second form of fraud is internal, where, for example, goods disappear from the warehouse or company purchases are delivered privately. A third form is fraud by criminals, via phishing or identity fraud. "You can recreate an invoice from a particular company and change the bank account number and submit invoices with it. The checks on this are not always conclusive. Believe me, you almost have to be an IT guy to see through all the fraud possibilities."

Part of the solution, according to Schouten, lies in switching to e-invoicing. "In this, invoices follow a certain protocol and platform. In the Netherlands, for example, Peppol is such a system for distributing e-invoices. To access that, you have to be validated as a sender. Unauthorised persons have no access to Peppol, significantly reducing the risk of fraud. E-mails (with PDF invoices) can be intercepted and manipulated, Peppol cannot. So you exclude fraud from outside with this."

Influenced by the European directive Vida, every organisation within the EU will eventually be required to use e-invoicing. "In neighbouring countries like Belgium and Germany, they are already going to make it compulsory in 2025 and 2026, in Italy it is already happening. In the Netherlands, no introduction date has been set yet, but you can of course anticipate this," he advises. "You immediately eliminate the necessary fraud risks with it."

With fraud prevention, ISPnext initially focuses on duplicate invoices, deviations within certain ranges and identity fraud. Step by step, the algorithms will be further expanded. "That will be necessary, because - as mentioned - fraudsters are getting smarter too. And for humans, especially given the labour shortage, it will become impossible to detect all that."

Schouten dares to dream one step further. "Hundreds of organisations use our platform. What if we were to analyse this process for all those customers, with all their suppliers, and thus be able to spot fraud patterns even more sharply? That would be the ultimate data volume advantage. With that, we could really help customers further in understanding and preventing fraud."

This article was produced with VMN media.