Invoice fraud prevention checklist: 10 controls every small business should have

Most invoice fraud prevention advice is either too vague to act on (“stay vigilant”) or assumes you’ve got a dedicated fraud team to implement it. Here are 10 concrete controls a small or mid-sized business can put in place this week, without buying anything.

1. Verify every bank detail change by phone

Never action a change based on the email or invoice that requested it. Call the supplier using a number you already had on file before the request arrived.

2. Keep a separate, trusted record of supplier contact details

Store verified phone numbers somewhere other than the email thread itself, so a compromised inbox can’t quietly rewrite your only reference point.

3. Require a second person to approve any payment-detail change

One person spotting something “off” is luck. Two people independently checking is a control. This doesn’t need software — a simple sign-off step is enough.

4. Check new invoice numbers against payment history

A duplicate or resubmitted invoice number, even from what looks like a different supplier, is one of the most reliable signs of a cloned invoice.

5. Flag amounts that don’t match a supplier’s normal pattern

A supplier who typically bills a few hundred pounds suddenly invoicing several thousand deserves a second look, regardless of how legitimate the invoice looks otherwise.

6. Treat new suppliers with no delivery history as higher risk

A supplier that’s been set up in your system but never actually delivered anything is a common pattern behind shell-company fraud. Hold first payments to a slightly higher bar of checking.

7. Be suspicious of urgency

“This needs to be paid today” is a pressure tactic, not a reason to skip verification. Build a rule that urgency triggers extra scrutiny, not less.

8. Train your whole finance and ops team, not just senior staff

Fraudsters often target whoever’s most likely to be rushed or least likely to push back — which isn’t always the most senior person in the process.

9. Keep a record of why every invoice was approved

Even a simple note — not just “approved,” but the reason — gives you something to check against if a pattern of fraud only becomes obvious in hindsight.

10. Automate the checks that don’t need human judgement

Duplicate detection, supplier-history checks, and amount-anomaly flags are exactly the kind of repetitive pattern-matching that’s easy for a person to get tired of doing 400 times a month, and easy for software to do consistently every time. That’s the gap a tool like Invixa is built to close — not to replace your team’s judgement, but to make sure it’s only spent on the invoices that actually need it.