A Guide To The Detection and Prevention of Vendor Fraud

Vendor fraud

Fraud rates are down by as much as 22.6% in 2022, thanks to businesses taking additional measures to prevent it. However, the fraudulent activities that do happen are getting increasingly expensive, as fraudsters learn new ways to effectively scam more from consumers. 

Unfortunately, regardless of how much technology advances, vendor fraud is still an issue that merchants have to grapple with. If scammers can’t successfully break into an industry, they simply move on the next most vulnerable one on the list. 

It’s for that reason that being informed on the ins and outs of vendor fraud is a must—especially as a business owner. The more vendor fraud know-how they have, the better businesses can protect their customers—as well as the trust they’ve built with them—from scammers. 

What is vendor fraud?

Vendor fraud is the manipulation of a business’s payments system for personal gain. It’s malpractice committed with the intent of stealing goods—in most cases money—at the expense of business owners or consumers.

Any organization can be a victim of vendor fraud, as it differs widely in how simple or complex a scheme can be. Vendor fraud can happen through collusion from outside parties and employees, or even a group of employees within an organization. 

Some simple examples of vendor fraud include:

  • A hacker manipulating a business’s accounts payable system to illegally extract money
  • A vendor falsifies receipts or documents to slowly steal money from a business through their ongoing transactions
  • A group of employees collude to skim money from company accounts before closing them out without detection
  • An employee secretly steals company checks to deposit funds in a personal account

All these examples beg the question: What businesses are most vulnerable to vendor fraud? 

Who is at risk of vendor fraud

According to the AICPA, vendor fraud is most likely to happen to businesses that don’t have robust security measures in place. These businesses tend to be small and medium-sized businesses (SMBs). 

It makes sense. Smaller businesses depend more on smaller employee teams to manage financial transactions. Without a robust checks-and-balances framework that deters vendor fraud—whether because they don’t have a budget for it or they disregard the idea of it happening—small businesses are most vulnerable to vendor fraud. 

As organizations grow and comply with laws and regulations by setting fail-safes to prevent fraud, it gets increasingly harder to successfully pull off fraudulent schemes, whether digital, through employee collusion, or the help of outside scammers. Yet it’s important to remember that fraudsters grow more sophisticated by the day, so a complex fraud scheme against a big organization isn’t out of the question. 


Try Shopify POS for omnichannel selling

Bring your in-store and online sales together with Shopify POS. Gain insights about your business from one view so you can work smarter, move faster, and think bigger.


Vendor fraud schemes

  • Billing schemes
  • Check tampering
  • Cyberfraud
  • Bribes and kickbacks
  • Price fixing
  • Employee skimming
  • Bid rigging

Here are some of the most prevalent vendor fraud schemes to be aware of, as well as what they are. 

Billing schemes

Billing schemes involve falsifying invoice documents so payments that aren’t actually owed are made unknowingly. This can happen by completely falsifying an invoice or altering a valid one. 

Check tampering

Check tampering is happening more than ever. It takes place when an employee or third party intercepts a check and either alters it to successfully deposit the funds in their own account or sells it on the darknet. Check tampering can often happen by intercepting a business’s mail. 

Cyberfraud

The list of ways knowledgeable fraudsters leverage cyber fraud to steal funds is long. Malware, malicious emails, hijacked software, and complex phishing attempts are all ways cyberfraud can happen. If your business manages transactions through a computer of any kind, it’s a possible gateway for cybercriminals. 

Bribes and kickbacks

Bribes and kickbacks, commonly known as procurement fraud, happens when employees, vendors, or a mix of both work together to execute a fraudulent scheme through any phase of the procurement process.

This can look like:

  • The buyer not receiving the agreed upon number of goods
  • Overbilling for a good or service 
  • Vendors colluding with each other to rig the bidding process
  • Vendors bribing employees during the contract negotiation process in exchange for kickbacks
  • Duplicating invoices to charge twice for a good or service

Price fixing

In a price fixing scheme, vendors collude amongst themselves to set minimum contract prices. That way, businesses end up paying more regardless of who they choose to do business with. It isn’t uncommon for a price fixing scheme to be informed by internal employees. 

Employee skimming

Employee skimming can take many forms—some more complex than others. Fraudulent skimming can be anything from: 

  • Payroll theft
  • Writing false checks
  • Cashing coworker checks
  • Pocketing the money from a sale
  • Stealing debit or credit card information
  • Stealing a few dollars each time a sale is made

💡 PRO TIP: With Shopify POS, you can assign different roles and permissions and set boundaries on what store staff can do in your POS system without manager approval—like changing a product’s price or applying a custom discount to a sale.

Bid rigging

The bid rigging process can happen several ways. Generally, competitors agree on who will win the contract in a bidding process. Competitors can take turns being the lowest or highest bidder as a way to cover the scheme. 

Yet another way bid rigging happens is when the winning competitor promises to subcontract the main contract to the colluding losing bidders. Bid rigging is illegal and, depending on the severity, can be investigated by the FBI with lengthy penalties and large fines. 

How to detect and prevent vendor fraud

  • Separate and rotate employee duties
  • Anti-fraud training
  • Due diligence on vendors
  • Leverage technology
  • Regularly audit internal controls
  • Create an anonymous tip line

Staying alert to minimize vendor fraud requires knowing what to look for as well as what measures you can put in place to prevent it. Consider the following: 

Separate and rotate employee duties

Some of the best ways to minimize the chances of vendor fraud are: 

  • Separate payroll duties and check signer duties
  • Rotate procurement tasks among employees
  • Routinely conduct check-ins and audits at random
  • Segregate the tasks most vulnerable to vendor fraud (e. g., closing registers, delivering checks to employees)
  • Replace outdated POS (point-of-sale) systems

💡 PRO TIP: Want to control which staff can count, receive, and adjust inventory quantities? Set roles and permissions to set boundaries on what staff can and can’t do when logged in to your POS system, like accessing its inventory management tools.

Anti-fraud training

Anti-fraud training can be especially helpful for procurement teams. But the more that employees, regardless of their rank in the company, are trained in anti-fraud practices, the better chances businesses have of creating and maintaining a company culture that’s ethical, with minimal theft or collusion. 

How can businesses conduct anti-fraud training? Businesses can choose to create their own internal process and use learning management software to make it part of the onboarding process. 

There are also third-party anti-theft educators that can fill in employees on how to detect phishing attempts through email, how to conduct audits properly if they’re in a managerial role, or even how to properly report suspicious activity. 

Due diligence on vendors

Not all vendors are what they present to be. This is where it’s critical for procurement teams to do their due diligence on what vendors they work with and what their track record is with previous or existing relationships. 

Doing due diligence on vendors to ensure they aren’t fictitious or fraudulent can look like: 

  • Establishing a checks-and-balances system for vendor transactions that uphold company ethics
  • Verifying vendor business names and tax identification number (TIN)
  • Creating a dual review process for vendor documents and contracts
  • Checking names of the accounts payable employees or that vendor

Leverage technology

There’s a long list of ways to leverage tech to lower instances of vendor fraud. 

Vendor management software: Onboarding vendor management software is a great way to establish vendor deal visibility. Who is creating and submitting purchase orders? Who is outlining contracts and finalizing negotiations? 

Questions like these are easier to answer when your vendor dealings are conducted in one centralized solution built to mitigate fraud, create visibility within the company, and streamline the contract management process. 

Admin access controls: Payroll software with admin access controls is yet another way to segregate payroll duties. 

Data mining: Businesses can also engage in data mining, which is when a system is used to audit large amounts of vendor data through a series of methodologies—like neural networks, regression, or multiple predictive models—to pinpoint transactions that are consistent with fraud patterns. From there, it’s a matter of enacting fraud audit procedures to identify fraudulent vendors. 

💡 PRO TIP: Only Shopify POS unifies your online and retail store data into one back office–customer data, inventory, sales, and more. View easy to understand reports to spot trends faster, capitalize on opportunities, and jumpstart your brand’s growth.

Regularly audit internal controls

Establishing internal controls alone isn’t enough. It’s critical that businesses regularly audit the controls themselves to ensure compliance and minimize the chances of successful fraud schemes. 

To regularly audit internal controls: 

  • Leverage external auditors to uphold ethical transactions and recommend better internal control methods (but keep in mind they aren’t trained to detect actual fraud)
  • Diligently reconcile bank accounts every month
  • Restrict use of business credit cards to a few key users
  • Establish clear policies and procedures and have employees review and sign them at least once a year

Create an anonymous tip line

According to the Association of Certified Fraud Examiners, establishing an anonymous tip line accounted for 43% of cases detected since 2010. Organizations with tiplines detected fraud by tip about half the time and lower fraud losses by just as much. Conversely, organizations without a tip line saw significantly lower fraud detection numbers. 

This statistic alone is more than enough justification for establishing one in your own business. There’s plenty of tipline software businesses can onboard and provide to employees as a way to safely and anonymously submit vendor fraud tips. 

Common vendor fraud red flags to look out for

Some red flags may be more obvious than others—like the cash register coming up short on cash during an opening shift. Consider looking out for these additional red flags in your own business:

  • Missing documents
  • Multiple payments
  • Inventory shrinkage
  • Vendors with lack of internal regulatory compliance systems
  • Product substitution
  • Split purchases
  • Duplicate invoices
  • Credit card fraud

What to do if fraud is discovered

You know what the signs are, you have checks and balances in place, yet you discovered fraudulent activity. What now? 

Hopefully by the time you’ve discovered fraudulent activity, your business will have long established a fraud detection and response plan. At times of fraud detection, it provides a detailed outline of procedures, policies, and possible courses of action.

However, the general steps to take if and when fraud is discovered include: 

  1. Act fast and alert the appointment anti-fraud party confidentially
  2. Collect and document all evidence
  3. Identify potential witnesses
  4. Remove access from person in question

You can also detect fraud within your state. For instance, if you operate in the state of California, you’d need to report fraud to the California Attorney General and the Federal Trade Commission, where you’d fill out a complaint form. You can also report fraud of any kind to the Federal Trade Commission.

Protect your store from vendor fraud

Instances of vendor fraud aren’t going away anytime soon. Still, there’s a lot SMBs as well as huge organizations can do to deter, detect, and report fraud when it happens. Once businesses establish a preliminary course of action, plenty of checks and balances, and audit controls, they’re bound to see fewer instances of costly fraudulent activity. 

However, this requires being proactive about establishing fail-safes and conducting due diligence with all important vendor transactions.

Sell online and in-person with Shopify

Shopify POS is the easiest way to unify ecommerce and store sales and data. Have all the tools you need to manage inventory, track performance, understand customers, and sell everywhere in one easy-to-understand back office.

Topics: