Supplier Invoice Verification: Detect Fraud and Errors
Complete guide to supplier invoice verification in Canada: fraud types, red flags, three-way matching, CRA GST/HST validation
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokSupplier invoice verification is the process of confirming, before payment, that an invoice corresponds to a genuine order, that the supplier is legitimate, and that all financial data is accurate. According to the Canadian Anti-Fraud Centre, Canadian businesses lost $569 million to fraud in 2023 โ and invoice fraud is among the fastest-growing categories. The financial and operational consequences extend beyond the immediate loss: paying a fraudulent invoice does not cancel the debt owed to the real supplier.
Our platform's analysis of fraud trends across 2.4 million verified documents shows a 23% year-on-year increase in document fraud, with invoice-related fraud accelerating fastest, driven by a rise in AI-generated forgeries. A structured verification process โ ideally automated โ is the only reliable defence against this growing threat.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
Common Types of Supplier Invoice Fraud
Invoice fraud exploits four main weaknesses: overloaded accounts payable teams, weak internal controls, manual processes, and insufficient supplier onboarding.
Ghost vendors are entirely fictitious suppliers created within a company's payment system, often by an internal employee who then approves payments to themselves or an accomplice.
Duplicate invoicing occurs when the same invoice is submitted multiple times with slightly modified reference numbers, exploiting AP backlogs.
Business Email Compromise (BEC) involves cybercriminals hacking or spoofing business email accounts to redirect payments. BEC attacks have cost businesses over $43 billion globally since 2016 (FBI IC3 2024 Annual Report).
Bank detail substitution is operationally damaging: fraudsters intercept a genuine invoice and replace the transit number, institution number, and account number with their own โ often so subtly that a visual check misses it entirely.
| Fraud type | Mechanism | Primary red flag |
|---|---|---|
| Ghost vendor | Fictitious supplier in system | No verifiable trading history |
| Duplicate invoice | Slightly altered reference number | Same amount, same supplier, close dates |
| BEC / impersonation | Spoofed executive or supplier email | Urgent payment request outside normal process |
| Bank detail substitution | Modified transit/account numbers on genuine invoice | Sudden request to update payment details |
Red Flags: How to Spot a Suspicious Invoice
Unexpected bank detail changes: any request to update bank routing information received by email, without independent telephone confirmation via a known number already on file, is a high-risk signal. The Canadian Centre for Cyber Security warns that verifying bank changes via a trusted number is the single most effective prevention step.
Unjustified urgency: invoices accompanied by threats of service suspension or demands for same-day settlement deviate from normal commercial practice.
Documentary inconsistencies: an invalid GST/HST registration number, an address differing from the one on file, or a total amount not corresponding to any existing purchase order.
Unverifiable or newly created supplier: in Canada, every federally incorporated company can be verified at Corporations Canada, and provincial registries provide searchable databases for provincial corporations. A supplier incorporated within the last six months presenting a high-value invoice warrants enhanced due diligence.
Calculation errors: a net amount plus GST/HST not matching the gross total indicates document manipulation. Under the Excise Tax Act, businesses that claim input tax credits on fraudulent invoices may be held liable for the tax amount. The Criminal Code of Canada provides for prosecution of invoice fraud under fraud and forgery provisions.
The Three-Step Verification Process
Formal Check: Mandatory Invoice Fields
Every Canadian invoice claiming GST/HST must include the fields required under the Excise Tax Act and CRA guidelines (CRA GST/HST Information for Registrants): supplier's name and GST/HST registration number, invoice date and unique number, description of goods or services, net amount, applicable tax rates and amounts, and gross total. A missing field is grounds to reject the invoice pending correction.
Three-Way Matching
Three-way matching systematically compares:
- The purchase order (PO) โ what was ordered
- The goods receipt note (GRN) โ what was received
- The invoice โ what is being claimed
Any mismatch blocks payment until resolved. Standard ERP systems (SAP, Oracle, Microsoft Dynamics) automate this comparison.
Independent Bank Detail Verification
Before any first payment or following a bank detail change request, verify the transit number, institution number, and account number directly with the supplier using a telephone number already held on record โ never the number provided in the request itself. This single control eliminates the majority of bank detail substitution fraud.
Automated bank account verification integrates this check into the payment workflow, cross-referencing bank details against supplier master data in real time.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotAutomating Supplier Invoice Verification
Automation removes the human bottleneck โ the primary reason fraudulent invoices get through is not malice but overload. On the CheckFile platform, automated verification reduces processing time by 83% and achieves an average document check in 4.2 seconds.
Modern invoice verification platforms apply multiple simultaneous controls:
- OCR extraction and structuring: invoice data (amounts, bank details, GST/HST number, Business Number) is extracted automatically and compared against supplier master data
- AI-powered anomaly detection: algorithms identify unusual patterns โ unknown supplier, amounts outside normal range, PDF metadata showing modification after the stated issue date
- Automated cross-referencing: every invoice is matched against open POs and GRNs in the ERP before reaching the approver queue
- Real-time alerts: any discrepancy triggers a hold and escalation before payment
CheckFile's document verification platform integrates these controls directly into your existing approval workflow. For a comprehensive view of automated verification workflows, see the complete guide to verification automation.
Building a Culture of Invoice Vigilance
Written, binding procedures: every bank detail change must follow a formalised process โ written confirmation plus telephone call via a known number plus sign-off from a different manager.
Segregation of duties: the person who sets up a supplier in the system must not be the same person who approves that supplier's invoices or authorises payments.
Regular staff training: fraud techniques evolve rapidly. Accounts payable teams need at least biannual training covering current BEC tactics and AI-generated invoices.
Take action
CheckFile verifies 180,000 documents per month with 98.7% OCR accuracy. Test the platform with your own documents โ results within 48h.
FAQ
How do I verify that a supplier invoice is genuine?
Cross-reference the invoice against the purchase order and goods receipt note (three-way matching). Verify the supplier's Business Number at Corporations Canada or the applicable provincial corporate registry, and their GST/HST number via the CRA GST/HST Registry. If bank details have changed, call the supplier on a known number before updating your records.
What mandatory fields must a Canadian GST/HST invoice include?
Under CRA guidelines, a valid GST/HST invoice requires: supplier name and GST/HST registration number, invoice date, description of goods or services, net amount, applicable GST/HST rate and amount, and gross total. Simplified invoices (for amounts under $150 including tax) have a reduced field set.
What is three-way matching and why does it matter?
Three-way matching compares the purchase order, the goods receipt note, and the invoice before authorising payment. Any mismatch blocks the invoice. It is the most reliable operational control against duplicate invoicing, ghost vendors, and inflated billing.
What should I do if a supplier asks to change their bank details?
Never update bank details based on a single email or phone call. Call the supplier using the number already held in your supplier master data. Document the verbal confirmation and obtain written sign-off from a second authorised person before making the change. Report suspected fraud attempts to the Canadian Anti-Fraud Centre (1-888-495-8501).
Does CRA's digital filing reduce invoice fraud?
CRA's digital filing requirements for GST/HST returns and the move toward e-invoicing digitise tax submissions and reduce some manipulation opportunities. However, they address tax compliance, not supplier fraud directly. Three-way matching, bank detail verification, and segregation of duties remain essential complementary controls.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.