Vendor Intelligence

The Vendor You're Paying Might Not Exist

Why AP teams can't rely on manual vendor verification, and how automated intelligence catches what spreadsheets miss.

15 min read January 2025 AP Fraud Prevention

Key Takeaways

30% of businesses have paid a fraudulent or non-existent vendor at least once
2-4 hours per vendor manual verification time, and it still misses shell companies
Under 30 seconds automated enrichment with real-time sanctions screening
Point-of-invoice scoring prevents payment to high-risk vendors before money leaves

The $2.1M Wire That Never Should Have Been Sent

The invoice looked perfectly normal. "Precision Industrial Supply LLC" had been in the vendor master for three months. Tax ID: verified. W-9: on file. Bank account: confirmed via phone callback.

Sarah, a senior AP specialist at a mid-market manufacturer, processed the invoice like hundreds of others that month. $347,000 for industrial components. PO matched. Receipt confirmed. Three-way match: passed.

The Discovery

Six months and $2.1M later, the FBI informed them: Precision Industrial Supply LLC didn't manufacture anything. It was a shell company registered in Delaware with a rented mailbox address. The "phone callback" went to a burner phone.

Here's what nobody caught: the vendor master already had 47 variations of industrial supply vendors. "Precision Industrial" was close enough to "Precision Industries" (a legitimate vendor) that nobody questioned it.

The shell company used a valid EIN, purchased for $50 online. Everything checked out because nobody had the tools to check what actually mattered.

79%
Orgs hit by payment fraud
$145K
Average loss per incident
40%
Fraudulent invoices marked "urgent"

The Vendor Master Problem

Open your ERP right now and search for any major vendor. You'll find something like this:

Vendor Master Data
ACME Corp V-00412
Acme Corporation V-01847
ACME CORP. V-02103
Acme Corp Inc V-03291
ACME CORPORATION LLC V-04455

Same company. Five vendor IDs. And this is one of the "clean" examples. The average mid-market company has 15-20% vendor duplication in their master data.

Why does this matter for fraud?

  • Duplicate payments: You've paid the same invoice twice to two "different" vendors
  • Missed volume discounts: Your spend is fragmented across 5 vendor IDs
  • Impossible risk tracking: How do you assess risk when the vendor appears 47 times?
  • The shell company vector: Adding "Acme Supplies LLC" doesn't trigger alerts
Why ERPs Don't Solve This

ERPs do exact-match only. "ACME Corp" and "Acme Corporation" are different strings, so they're different vendors. Period.

Why Manual Verification Fails

The typical vendor onboarding process:

  1. Collect W-9 form
  2. Verify tax ID against IRS database
  3. Call the phone number on the invoice to "verify" bank details
  4. Maybe a quick Google search
  5. Add to vendor master

Time investment: 2-4 hours per new vendor. Cost: $50-100 in labor. And it still misses:

Shell companies with valid tax IDs

You can register an LLC in Delaware and get an EIN in 15 minutes. Total cost: $50-200. The tax ID will verify as legitimate because it IS legitimate.

Recently sanctioned entities

OFAC updates their sanctions list weekly. Your vendor passed verification six months ago. Last Tuesday, their parent company was added to the SDN list.

Ownership conflicts

Your "new" vendor is actually owned by the same person who owns an existing vendor. Or worse, by someone on your AP team's family.

The "Urgent Invoice" Problem

40% of fraudulent invoices arrive marked "urgent" or "payment due immediately." This social engineering specifically targets the fact that AP teams will skip verification steps under time pressure.

What Automated Vendor Intelligence Does

Automated vendor intelligence isn't "better Google searching." It's a multi-stage system that runs in seconds, not hours.

1. Normalization: Finding the Real Vendor

1
Exact Match Check
Does this exact string exist in vendor master?
2
Alias Matching
Does it match any known alias for existing vendors?
3
Fuzzy Matching
SQL trigram similarity scoring (80%+ threshold)
4
AI Reasoning
For edge cases, LLM analyzes context to determine match
5
Tax ID Conflict Detection
Same name but different tax ID = different legal entity

2. Enrichment: Company Intelligence

For each vendor, automated research pulls:

  • Corporate basics: Headquarters, industry, employee count, revenue
  • Ownership structure: Parent company, subsidiaries, ultimate beneficial owner
  • Financial events: Bankruptcy filings, acquisition announcements, funding rounds
  • Certifications: ISO, SOC 2, industry-specific compliance
  • Recent news: Last 12 months, sentiment-analyzed

3. Risk Scoring

Low 0-40 Established company, clean record, stable finances
Medium 40-60 Some concerns identified. Worth reviewing.
High 60-80 Multiple red flags. Requires manager approval.
Critical 80-100 Do not pay without investigation.

4. Sanctions Screening

Every invoice triggers real-time checks against OFAC SDN list, EU consolidated sanctions, UN Security Council sanctions, and adverse media detection. This happens at invoice time, not in quarterly batch.

The ROI Math

Annual Cost Avoidance
Average fraudulent payment prevented $125,000
Duplicate payments eliminated (1% of spend) $50,000
Manual verification labor saved $37,500
Volume discounts recovered $25,000
Total Annual Value $237,500

The math is simple: catching ONE fraud attempt pays for years of automation.

How It Works With Invoice Processing

1
Invoice Arrives
OCR extracts vendor name, address, tax ID
2
Vendor Normalization
Match to canonical vendor_id or flag as new
3
Risk Score Pull
Get current risk level and specific factors
4
Sanctions Screen
Real-time check against OFAC, EU, UN lists
5
Routing Decision
Low risk: auto-approve. High risk: flag for review.

Total time: milliseconds. This connects directly to the fraud patterns covered in 12 Invoice Fraud Patterns Your AP Tool Doesn't Catch.

Getting Started

You don't need to replace your ERP. Vendor intelligence sits alongside existing systems:

  1. Start with high-spend vendors: Your top 100 vendors probably represent 80% of AP spend
  2. Enable new vendor screening: Every new vendor goes through automated verification
  3. Set risk thresholds: Decide what requires human review vs. auto-approval
  4. Integrate with approval workflows: High-risk invoices route automatically

Within a week, you'll have a clean vendor master and risk visibility you've never had before.

Related Reading

12 Invoice Fraud Patterns Your AP Tool Doesn't Catch

Invoice-level fraud patterns that slip through validation

Why 3-Way Matching Isn't Enough

5-way matching with PO acknowledgment validation

See Vendor Intelligence in Action

Upload an invoice and watch the system normalize, enrich, and score the vendor in real-time.

Start Free Trial