Supplier Invoice Verification: Detect Fraud and Errors
Complete guide to supplier invoice verification in Australia: fraud types, red flags, three-way matching, GST compliance
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokSupplier invoice verification is the process of confirming, before payment, that an invoice corresponds to a genuine order, that the supplier is legitimate, and that all financial data is accurate. According to the ACCC's Scamwatch data, Australian businesses lost over AUD 200 million to payment redirection scams and business email compromise in 2024 -- and invoice fraud is one of the fastest-growing categories. The financial and operational consequences extend beyond the immediate loss: paying a fraudulent invoice does not cancel the debt owed to the real supplier.
Our platform's analysis of fraud trends across 2.4 million verified documents shows a 23% year-on-year increase in document fraud, with payslips (31%) and proof of address (22%) leading the categories -- but invoice-related fraud is accelerating fastest, driven by a rise in AI-generated forgeries from 3% to 12% of all detected cases. A structured verification process -- ideally automated -- is the only reliable defence against this growing threat.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
Common Types of Supplier Invoice Fraud
Invoice fraud exploits four main weaknesses: overloaded accounts payable teams, weak internal controls, manual processes, and insufficient supplier onboarding.
Ghost vendors are entirely fictitious suppliers created within a company's payment system, often by an internal employee who then approves payments to themselves or an accomplice. These phantom entities appear in accounting systems with complete documentation but no actual business operations behind them.
Duplicate invoicing occurs when the same invoice is submitted multiple times with slightly modified reference numbers, exploiting AP backlogs and the assumption that the previous submission was an error. A vendor may resubmit an invoice from months prior, claiming it was unpaid.
Business Email Compromise (BEC) involves cybercriminals hacking or spoofing business email accounts to redirect payments. They may impersonate executives requesting urgent transfers, or suppliers notifying of account changes. BEC attacks have cost businesses over $43 billion globally since 2016 (FBI IC3 2024 Annual Report).
Bank detail substitution is the most operationally damaging variant in Australia: fraudsters intercept a genuine invoice and replace the BSB and account number with their own -- often so subtly that a visual check misses it entirely.
| Fraud type | Mechanism | Primary red flag |
|---|---|---|
| Ghost vendor | Fictitious supplier in system | No verifiable trading history or ABN |
| Duplicate invoice | Slightly altered reference number | Same amount, same supplier, close dates |
| BEC / impersonation | Spoofed executive or supplier email | Urgent payment request outside normal process |
| Bank detail substitution | Modified BSB / account number on genuine invoice | Sudden request to update payment details |
Red Flags: How to Spot a Suspicious Invoice
Any invoice displaying one or more of the following indicators should be held pending deeper verification before payment is authorised.
Unexpected bank detail changes: any request to update BSB numbers or account numbers received by email, without independent telephone confirmation via a known number already on file, is a high-risk signal. The Australian Cyber Security Centre (ACSC) explicitly warns that verifying bank changes via a trusted number -- not the one on the incoming communication -- is the single most effective prevention step.
Unjustified urgency: invoices accompanied by threats of service suspension, penalty clauses, or demands for same-day settlement deviate from normal commercial practice. Fraudsters create urgency precisely to bypass standard approval workflows.
Documentary inconsistencies: an invalid ABN, an address differing from the one on file, an unusual format, or a total amount not corresponding to any existing purchase order.
Unverifiable or newly created supplier: in Australia, every registered business can be verified free of charge at the ABN Lookup service. An ABN registered within the last six months presenting a high-value invoice warrants enhanced due diligence. Company details can be verified through ASIC Connect.
Calculation errors: a net amount plus GST not matching the gross total indicates document manipulation, or potentially a GST fraud scheme. Under the ATO's GST provisions, a business that claims GST credits on a fraudulent tax invoice may be liable for the incorrectly claimed amount.
The Three-Step Verification Process
Effective invoice verification follows three sequential checks: formal, substantive, and financial.
Formal Check: Mandatory Tax Invoice Fields
Every Australian tax invoice must include the fields required under the GST Act (A New Tax System (Goods and Services Tax) Act 1999) (ATO Tax Invoice Requirements): supplier's name, ABN, invoice date, description of goods or services, GST amount (or a statement that the total includes GST), and the total price. For invoices of AUD 1,000 or more (including GST), the buyer's identity or ABN must also be included. A missing field is grounds to reject the invoice pending correction -- and a potential indicator of fraud.
Three-Way Matching
Three-way matching systematically compares:
- The purchase order (PO) -- what was ordered
- The goods receipt note (GRN) -- what was received
- The invoice -- what is being claimed
Any mismatch between these three documents blocks payment until resolved. Standard ERP systems (SAP, Oracle, Microsoft Dynamics, MYOB, Xero) automate this comparison, detecting duplicates, quantity discrepancies, and invoices with no corresponding order.
Independent Bank Detail Verification
Before any first payment or following a bank detail change request, verify the BSB and account number directly with the supplier using a telephone number already held on record -- never the number provided in the request itself. This single control, recommended by both the ACSC and the CPA Australia, eliminates the majority of bank detail substitution fraud.
Automated BSB and account verification integrates this check into the payment workflow, cross-referencing every new bank detail against supplier master data in real time.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotAutomating Supplier Invoice Verification
Automation removes the human bottleneck -- the primary reason fraudulent invoices get through is not malice but overload. AP teams approving hundreds of invoices weekly cannot perform manual three-way matching on every document. On the CheckFile platform, automated verification reduces processing time by 83% and achieves an average document check in 4.2 seconds, freeing AP teams to focus on the genuinely ambiguous cases.
Modern invoice verification platforms apply multiple simultaneous controls:
- OCR extraction and structuring: invoice data (amounts, BSB/account number, ABN, GST details) is extracted automatically and compared against supplier master data.
- AI-powered anomaly detection: algorithms identify unusual patterns -- unknown supplier, amounts outside normal range, PDF metadata showing modification after the stated issue date.
- Automated cross-referencing: every invoice is matched against open POs and GRNs in the ERP before reaching the approver queue.
- Real-time alerts: any discrepancy triggers a hold and escalation before payment, with a structured approval request for high-risk cases.
CheckFile's document verification platform integrates these controls directly into your existing approval workflow, without replacing your ERP. Detection rates for anomalies exceed 99% across deployed configurations, reducing manual review to genuinely ambiguous edge cases. For a comprehensive view of automated verification workflows, see the complete guide to verification automation.
For a broader view of how automation changes accounts payable processes, the guide on invoice processing automation covers implementation steps and ROI benchmarks.
Building a Culture of Invoice Vigilance
Finance forums and internal auditors consistently identify two practical failures: pressure to approve invoices quickly to maintain supplier relationships, and the absence of a formal procedure for bank detail changes. Both are exploited by fraudsters.
Effective mitigation requires three organisational controls:
Written, binding procedures: every bank detail change must follow a formalised process -- written confirmation plus telephone call via a known number plus sign-off from a different manager than the one receiving the request.
Segregation of duties: the person who sets up a supplier in the system must not be the same person who approves that supplier's invoices, or who authorises payments. This principle is a fundamental internal control under the ASX Corporate Governance Principles and Recommendations.
Regular staff training: fraud techniques evolve rapidly. Accounts payable teams need at least biannual training covering current BEC tactics, AI-generated invoices, and synthetic identity fraud targeting supplier onboarding.
Explore anti-fraud best practices for document processing teams for implementation templates and training frameworks.
Take action
CheckFile verifies 180,000 documents per month with 98.7% OCR accuracy. Test the platform with your own documents โ results within 48h.
FAQ
How do I verify that a supplier invoice is genuine in Australia?
Cross-reference the invoice against the purchase order and goods receipt note (three-way matching). Verify the supplier's ABN at ABN Lookup and their company registration via ASIC Connect. If the bank details have changed, call the supplier on a known number -- not the one on the invoice -- before updating your records.
What mandatory fields must an Australian tax invoice include?
Under the GST Act, a valid tax invoice requires: supplier's name and ABN, invoice date, description of goods or services, GST amount (or statement that total includes GST), and total price. For invoices of AUD 1,000 or more (including GST), the buyer's identity or ABN must also appear. Missing fields give grounds to withhold payment and request a corrected invoice.
What is three-way matching and why does it matter?
Three-way matching compares the purchase order (what was ordered), the goods receipt note (what was delivered), and the invoice (what is claimed) before authorising payment. Any mismatch blocks the invoice. It is the most reliable operational control against duplicate invoicing, ghost vendors, and inflated billing -- and it is most effective when automated within an ERP system.
What should I do if a supplier asks to change their bank details?
Never update bank details based on a single email or phone call. Call the supplier using the number already held in your supplier master data -- not the contact details on the incoming request. Document the verbal confirmation and obtain written sign-off from a second authorised person before making the change. Report suspected fraud attempts to Scamwatch (ACCC) and your local police.
Does the ATO's Single Touch Payroll reduce invoice fraud?
Single Touch Payroll (STP) digitises payroll reporting and reduces some manipulation opportunities in the employment context. However, it addresses payroll compliance, not supplier invoice fraud directly. Three-way matching, bank detail verification, and segregation of duties remain essential complementary controls for accounts payable.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice. Consult a qualified professional for your specific circumstances.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.