How to reduce invoice fraud risk?

Invoice fraud is manifold, in all cases the fraudsters will change the banking details of the company which issued the invoice to their own, and as a result, receive the invoiced amounts.

What happens?

  • The criminals intercept the invoice between the time it is posted and its receipt, or by hacking the mail accounts used for sending invoices by e-mail.
  • The fraudsters change the invoice to reflect their own banking details on it. They can do this in different ways: a new invoice is compiled with the new details, a sticker (often fluorescent) with the fraudsters' banking details and mentioning a change of bank is placed on the real banking details, etc. Then the invoice is sent again.
  • The invoice is received and paid to the new bank account number. It is highly likely that the following invoices will also be paid to the wrong account until the real issuer of the invoice realises that their invoices have not been paid and contacts the debiting company.

Variants of such fraud

Invoicing fraud comes in several varieties. For instance, the debiting company receives an e-mail from what it thinks is its supplier, stating a change of bank and consequently of account number. This message will bear the supplier’s letterhead and seem legitimate. In such cases, no invoices are intercepted, but an ordinary message with the new banking details is sent. All pending invoices as well as subsequent invoices will be paid to the new account number. Whatever the scenario, the aim of the criminals is to make a change to what we call the supplier’s details (phone number, bank references, e-mail address) in order to steal funds.

What safeguards can you take?

  • Validate the invoice: Did you expect the invoice? For this amount? Are the supplier details unchanged compared to previous payments?
  • Any change in your supplier’s details (address, phone number, e-mail address, account number, etc.) must result in a phone call to a verified number (not to the number indicated on the invoice itself), to check the validity of the requested change.


The information on this page is provided to you solely for informational purposes in order to make you aware of the most frequent cases of fraud and provide you with recommendations to protect yourself against it. This information does not ensure that your company, acting upon these recommendations is or will be protected against any occurrence of fraud detailed on this website. No rights can be derived from the use of and reliance on the safeguards you take by following up these recommendations. ING does not accept any responsibility or liability with respect to your reliance on and the actions you take as a result of these recommendations. This disclaimer is governed by Dutch law.