Who typically commits ghost vendor fraud?

Ghost vendor fraud is almost always an insider threat. It's most commonly committed by accounts payable staff, finance team members, or anyone with access to create or modify vendor records in accounting software. It can also be done by external attackers who gain access to your systems.

How long does ghost vendor fraud go undetected?

The median detection time for ghost vendor fraud is 18 months, according to the Association of Certified Fraud Examiners. Many cases are only discovered during audits, staff turnover, or by accident. The longer it runs, the larger the total loss.

How does ezyshield prevent ghost vendor fraud?

ezyshield requires every vendor to pass identity verification, ABN/ASIC validation, and bank account ownership checks before they can receive payments. A ghost vendor can't pass these checks because it doesn't exist as a real, registered business with a matching bank account.

THREAT GUIDE

Ghost Vendor Fraud

Fictitious suppliers that exist only in your accounting system, created to siphon money to accounts controlled by insiders or external attackers. They don't deliver goods. They don't provide services. They just get paid.

Up to 25% of vendor files contain anomalies

18-month median detection time

Typically an inside job

Source: ACFE, industry vendor risk reports

What is ghost vendor fraud?

Ghost vendor fraud is the creation of fictitious supplier records in your accounting or ERP system, designed to route payments to bank accounts controlled by the fraudster. The vendor doesn't exist as a real business. There are no goods delivered, no services rendered. It's a shell designed to look legitimate enough to pass a payment run.

Unlike fake invoice scams where an external party sends you a bogus bill, ghost vendor fraud is almost always an insider threat. The person creating the vendor record is typically someone in your finance or accounts payable team with the access and knowledge to make it look legitimate.

According to the Association of Certified Fraud Examiners (ACFE), billing schemes (which include ghost vendors) are the most common form of occupational fraud, accounting for 22% of all cases. The median loss is significant, and the median detection time is 18 months. That's 18 months of payments flowing to an account that shouldn't exist.

The risk is highest in organisations where one person can create a vendor, submit an invoice, and approve a payment without independent oversight.

How ghost vendor fraud works

Ghost vendor schemes are patient and systematic. The fraudster uses their legitimate access to build a convincing paper trail.

Create the ghost vendor

The insider creates a new vendor record in the accounting system. The name sounds plausible: "National Office Maintenance" or "Metro Consulting Services". They use a PO Box or virtual office address, a prepaid phone number, and a bank account they control.

Submit invoices against the vendor

Invoices are generated for vague, hard-to-verify services: consulting, maintenance, cleaning, IT support. The amounts are kept below approval thresholds or within expected ranges so they don't trigger review.

Approve and process payments

If the insider has approval authority (or the organisation lacks segregation of duties), they approve the invoices themselves. The payments are processed in normal payment runs, blending in with hundreds of legitimate transactions.

Extract and repeat

Money flows to the fraudster's account. The scheme continues for months or years, with the insider adjusting amounts and timing to avoid detection. Many ghost vendor schemes are only discovered during audits, staff changes, or by accident.

Warning signs of ghost vendors

Ghost vendor records often leave traces. Regular vendor master file reviews can catch these patterns before the losses compound.

Vendors with PO Box or virtual office addresses

Ghost vendors rarely use real business premises. Watch for addresses that can't be physically verified or that match the employee's personal details.

No purchase orders or contracts

Legitimate suppliers typically have purchase orders, contracts, or agreed engagement terms. Ghost vendors have invoices and nothing else.

Vague service descriptions

"Consulting services", "maintenance", "professional services" with no specifics. The descriptions are deliberately vague because there's nothing real to describe.

Vendor bank details matching employee accounts

The most direct red flag. If a vendor's BSB and account number match or relate to an employee's personal banking details, that's a serious concern.

Invoices just below approval thresholds

Consistently landing at $4,900 when the approval threshold is $5,000. The amounts are calibrated to avoid triggering management review.

Single-contact vendors

Only one person in the organisation ever deals with this vendor. No one else has met them, spoken to them, or verified their work.

How ezyshield prevents ghost vendor fraud

A ghost vendor can't pass verification because it doesn't exist. ezyshield checks the real world, not just your accounting system.

ABN/ASIC validation

Every vendor's ABN is checked against the Australian Business Register and ASIC records in real time. Fictitious businesses don't have valid registrations.

Bank account ownership

The bank account must belong to the verified business entity. An employee's personal account won't match the vendor's ABN, and the verification fails.

Identity verification

A real person behind the vendor must complete biometric identity verification. Ghost vendors have no real person to verify.

See How ezyshield Works

Ghost vendors can't survive verification

ezyshield checks every vendor against real-world identity, business registration, and bank account ownership. Fictitious suppliers can't pass.

Book a Demo View Statistics