The Growing Threat of Invoice Fraud: Here’s How To Prevent It Within SAP

September 19, 2023


Paul Dixon



Here's a jaw-dropping statistic enough to knock the wind out of any CFO: In the last three years, invoice fraud has skyrocketed by 75%. Why? One reason is that it's become easier for external and internal nefarious actors to scam companies in the post-pandemic world.

In this VOQUZ Labs article, we discuss how the invoice fraud problem manifests within your SAP ERP and S/4HANA environment - and crucially, we also reveal ways to thwart it.

The Sneaky World of Invoice Fraud: How Does It Work?

Before we delve into how to combat the problem within SAP, let's quickly remind ourselves what it is. Put simply, it's when a company or organization (the victim of the crime) pays invoices that are:

  • Duplicated
  • ictitious
  • Impersonated
  • With inflated amounts
  • With altered bank details

The list could go on and on - but you get the gist. Essentially, what's happening is either an external actor (such as a vendor) or an internal individual (like an employee), or both working together, rip off a company by getting them to pay invoices with the abovementioned characteristics.

And do you know what these criminals often have on their side? Time. Lots of time.

Astonishingly, it takes 18 months for companies to discover these fraudulent schemes on average. And according to a study by the Association of Certified Fraud Examiners (ACFE), 50% of all fraud attempts were due to poor internal systems and controls.

But now for the good news.

SAP users can prevent and detect invoice fraud highly effectively. How? By moving away from antiquated manual internal controls - which fraudsters and scammers love - towards automated ones with continuous monitoring.

In the following sections, we will reveal all you need to know. And to make it easier and more illustrative, we'll examine a real-life invoice fraud example that hit the headlines in recent years.

BROSCHÜRE - die Vorteile unserer Produkte!

remQ - Stoppe den betrugsbedingten Geldverlust!

remQ ist eine Software zur kontinuierlichen Überwachung von SAP-ERP und S/4HANA mit einer großen Bibliothek an integrierten Kontrollen, die bei der Überprüfung von Stammdaten und Geschäftsprozessen hilft, um finanzielle Verluste durch Fehler und Betrug zu vermeiden. remQ kann in weniger als einem Tag eingerichtet werden, funktioniert unabhängig von der Größe und Branche des Unternehmens, erfordert kein Beratungsprojekt und reduziert die Kosten für die Einhaltung von Compliance-Regeln durch Automatisierung.

Tablet mit dem Deckblatt des Dokuments

A Real-World Example of Invoice Fraud Explored

This real-world example of invoice fraud comes from one of the world's financial capitals: London.

The victim was the NEX Group, an inter-broker dealer in the UK whose parent company, the Nasdaq-listed CME Group, has more than 3000 employees and revenues of around $5 Billion (2022). So what happened? In 2017, a NEX employee in London processed 29 fake invoices totaling £668,000 (around $830,000).

But the employee wasn't working alone.

The accomplice in the fraud, whom the company did not employ, submitted fake invoices to the NEX Group from companies that weren't legitimate.

Digging into the details of the crime, it reportedly worked like this:

  • Fake invoices were created from non-existent companies
  • The fake invoices were sent to the NEX Group's AP (Accounts Payable) department by the external perpetrator
  • The fake invoices appeared to come from the email account of the PA to the NEX Group CEO (as an attachment)
  • The fake invoices were signed fraudulently by what seemed to be the signature of the NEX Group CEO
  • The internal perpetrator (the member of staff) approved the false invoices, which were then paid

After recovering what they could, the total loss to the NEX Group was, according to the City of London Police, calculated at around £365,000 (around $450,000). The offenders were sentenced in 2021 and 2023 - both were sent to jail.

What SAP Users Need in Their Toolkit To Battle Invoice Fraud

Firstly, it's important to remember this: We don't have access to the exact circumstances at the NEX Group - or if they use SAP. However, according to reports, the company discovered the fraud within a month.

Considering the statistic mentioned earlier (it takes, on average, companies 18 months to discover fraud) this one-month time frame was fast.

Again, we don't know the details of the case. But we can share with you how companies that use SAP as their enterprise resource planning (ERP) system can achieve even better results when battling the foe that is invoice fraud.

And what do they do?

They arm their internal controls toolkit with real-time auditing and monitoring of master and business process data within SAP.

You can learn more about this system in our guide. But in a nutshell, automated and continuous data monitoring means suspicious activity red flags are created when potentially fraudulent action occurs.

Instead of waiting months (even more than a year) in a manual audit to discover something is wrong, an internal controls officer will receive a red flag alert to check the suspicious activity immediately - increasing the likelihood of recovering stolen money and halting the actions of the bad actors.

For example, VOQUZ Labs remQ Business Inspector software operates as a SAP add-on, and in situations like invoice fraud, it can do the following:

  • Continuous Monitoring of Invoice Data (Transactional)
  • Anomaly Detection
  • Alert Generation (Red Flags)
  • Case Management
  • Automated Reporting

And the bottom line is this: If your internal controls toolkit within SAP has yet to deploy the above systems, you may be leaving your organization vulnerable to the persistent threat of invoice fraud.

WHITE PAPER - erweitere Dein Wissen!

Reduce Fraud & Boost Cost Savings by Automating Internal Controls

Our White Paper explains how using robust controls and automation, organizations can better manage fraud risks, comply with regulations, improve operational efficiency, and save substantial costs.

Tablet mit dem Deckblatt des Dokuments
Keine Artikel gefunden.

Bonus Example of Invoice Fraud: Amazon

This article explored an invoice fraud case involving hundreds of thousands of dollars at the NEX Group.

But here is another shocking case involving e-commerce giant Amazon. In 2023, an ex-Amazon employee was jailed for 16 years for masterminding a $10 million Amazon fraud scheme. And you guessed it: Fake invoices were at the heart of the scam. If you'd like to read more about how it worked, our white paper is highly recommended: Reduce Fraud & Boost Cost Savings by Automating Internal Controls.

The white paper dives deep into the Amazon case and reveals how automating internal control processes helps reduce fraud, such as invoice scams.

Closing Thoughts and How remQ Can Help

In the last three years, invoice fraud has increased by 75% - with companies globally getting stung. If your business or organization uses SAP ERP or S/4HANA and is concerned about the growing threat of invoice fraud, you have a tremendous opportunity to set up a system that detects the problem in real-time through automated continuous monitoring.

This is where remQ can help you.

VOQUZ Labs remQ Business Inspector software operates as a SAP add-on with a library of 100+ pre-built shipped controls ready to run. You can click here to learn more about how remQ can assist your business with its goals to cut audit errors, reduce fraud, and stay compliant within your SAP ERP or S/4HANA environment.

Recommended reading: Enjoyed this article? Now read: Is Ghost Employee Fraud Draining Money From Your Business? How To Detect and Prevent It in SAP


Paul Dixon

Paul ist Autor und Stratege für RegTech-Inhalte und verfügt über umfangreiche Erfahrungen im digitalen Marketing und Journalismus. Seine Arbeiten sind in der Zeitung „Guardian“ erschienen. Er hat einen Abschluss in „International Relations“, wo er die Einhaltung globaler Sanktionen und grenzüberschreitende Finanzen studierte.


Hast Du Fragen oder möchtest Du etwas hinzufügen? Hinterlasse  uns bitte eine Nachricht! Deine Nachricht wird per E-Mail an uns übermittelt und nicht veröffentlicht.

Danke! Deine Anfrage wurde empfangen!
Ups! Beim Absenden des Formulars ist etwas schief gelaufen.
Illustration of a woman editing documents

Melde Dich für unseren Newsletter an!
Bleib auf dem Laufenden!

Thank you! Your successfully signed up for our newsletter.
Ups! Beim Absenden des Formulars ist etwas schief gelaufen.


Vorschaubild mit Link zum Beitrag unten

The Crucial Role of Internal Controls Automation: Complying With These 4 Types of Regulation




Vorschaubild mit Link zum Beitrag unten

3 Bizarre Fraud Cases Explained (and What Internal Controls Pros Can Learn)




Vorschaubild mit Link zum Beitrag unten

How Internal Controls Automation Is a Game Changer for ESG Management