How to Verify Invoice Authenticity and Handle Suspected Billing Fraud

A Philippine legal-practice guide for businesses, professionals, and consumers

I. Overview and scope

Invoices are commercial documents used to demand payment for goods or services. Because invoices trigger cash disbursements, VAT claims, income tax deductions, and accounting entries, they are common tools for fraud—ranging from simple overbilling to sophisticated schemes involving forged documents, fake suppliers, and manipulated banking instructions.

This article explains (1) how to verify invoice authenticity, (2) how to respond when fraud is suspected, and (3) the key Philippine laws, liabilities, and remedies that commonly apply.

II. Common invoice fraud schemes in the Philippines

A. “Fake supplier” or “ghost supplier” invoicing

A fraudster issues an invoice under a non-existent business, or uses a shell entity to invoice for goods/services never delivered. Sometimes insiders create these vendors in the company’s system.

B. Altered invoices (amount, quantity, payee, or bank details)

Legitimate invoices are intercepted, edited, and resent—often changing the bank account details or increasing the amount due.

C. Duplicate invoicing

The same invoice number/date is billed multiple times, or the same goods/services are billed under different invoice numbers.

D. Overbilling and padding

Inflated quantities, unauthorized add-ons, excessive labor hours, or charging for premium items while delivering standard ones.

E. “Invoice redirection” and business email compromise (BEC)

Fraudsters impersonate a supplier/employee via email and urgently instruct payment to a new bank account. The “invoice” may look real and match a genuine transaction history.

F. VAT invoice/receipt abuse and input VAT fraud

Invoices or receipts are used to support fictitious purchases to claim input VAT or inflate expenses. This can expose the buyer to serious tax assessments and penalties if due diligence is weak.

III. What makes an invoice “authentic” in practice

Authenticity is not only about the paper looking legitimate. A defensible invoice should be traceable to a real transaction and issued by the proper party, with consistent supporting documents and verifiable tax registration (when applicable).

Key authenticity dimensions:

  1. Identity authenticity: the issuer is a real person/entity authorized to bill.
  2. Transactional authenticity: the underlying sale/service occurred.
  3. Document integrity: invoice details were not altered.
  4. Authority and approval: invoice was approved under your controls.
  5. Tax compliance plausibility: official receipt/invoice details align with tax rules and business reality.

IV. Invoice verification checklist (Philippine context)

A. Verify the supplier’s identity and authority

  1. Business registration and legal name

    • Match invoice header with vendor master file and contracts.
    • For corporations/partnerships: confirm SEC registration details (internally stored records, supplier-provided certified copies, prior onboarding docs).
    • For sole proprietors: confirm DTI registration details on file.

  2. Tax identification

    • Confirm the supplier TIN and registered address match your onboarding records and prior documents.

  3. Authorized signatories and contacts

    • Require official supplier contact list and escalation channels.
    • Flag changes in contact persons, phone numbers, or email domains (e.g., “.co” instead of “.com”).

  4. Bank account ownership

    • Treat bank detail changes as high risk.
    • Require formal change request on letterhead, signed by authorized signatory, supported by bank certification or account name proof, and verified via out-of-band call to a known number.

B. Verify invoice form and numbering integrity

  1. Invoice number pattern

    • Check for gaps, duplicates, reused numbers, or inconsistent formats.

  2. Date logic

    • Invoice date should follow delivery/performance milestones and be consistent with purchase order/contract terms.

  3. Mandatory commercial details

    • Correct legal name, address, description, unit price, quantity, terms, and total.

  4. Tax details (if VAT-registered supplier)

    • VAT breakdown should be internally consistent (e.g., vatable sales × 12% VAT, unless zero-rated/exempt with basis).
    • Ensure VAT classification is consistent with the supplier’s status and the nature of the transaction.

  5. Attachments

    • Require supporting documents appropriate to the transaction type (see below).

C. Match the invoice to source documents (“three-way match”)

A strong control is the three-way match:

  • Purchase Order (PO)/Contract: what you agreed to buy, at what price/terms
  • Receiving Report/Service Acceptance: what was actually received/performed
  • Supplier Invoice: what is being billed

Minimum supports by transaction type:

  1. Goods

    • PO/contract, delivery receipt, receiving report, inspection report (if relevant), warehouse logs, gate pass, proof of delivery, supplier sales invoice/OR as required.

  2. Services

    • Contract/engagement letter, scope of work, time sheets or progress reports, service completion certificate/acceptance, deliverables (reports/files), sign-off by end-user department.

  3. Construction/repairs

    • BOQ, accomplishment report, site inspection, engineer certification, variation orders, photos, materials receipts, retention computations, punchlist clearance.

D. Red flags that require escalation

  • Payment instructions suddenly change (new bank account, urgent deadline).
  • Invoice amount differs from PO/contract without approved change order.
  • Descriptions are vague (“consulting services” with no scope/deliverables).
  • Invoice issued by an email domain that is slightly altered (typosquatting).
  • Supplier refuses to provide supporting documents or insists on secrecy.
  • Repeated “round-number” invoices or always just below approval thresholds.
  • Multiple invoices split to evade approval limits.
  • Delivery receipts appear recycled or have inconsistent handwriting/format.
  • Address, TIN, or business name differs from prior transactions.
  • Overly aggressive follow-ups and threats inconsistent with supplier history.
  • Newly created vendor with immediate high-value billing.

E. Digital integrity checks (practical)

  • Inspect PDF metadata (creation date, author tool) for anomalies.
  • Compare the invoice PDF hash/checksum if you maintain secure supplier portals.
  • Require invoices submitted only through official channels (vendor portal, designated AP mailbox) with controlled access.
  • Implement email security (SPF/DKIM/DMARC) and internal warning banners for external emails.

V. Strengthening internal controls to prevent invoice fraud

A. Governance and segregation of duties

  • Separate roles for vendor onboarding, PO issuance, receiving/acceptance, invoice processing, and payment release.

  • Require dual approvals for:

    • New vendor creation
    • Changes to vendor bank details
    • First payment to a new vendor
    • High-value or exception payments

B. Vendor onboarding controls

  • Collect and store:

    • Registration documents (SEC/DTI), IDs of owners/signatories
    • BIR registration details (as applicable), business address proof
    • Bank account proof under the supplier’s legal name

  • Conduct periodic vendor master file cleansing (duplicate vendors, inactive vendors, suspicious similarities).

C. Payment controls

  • Positive pay / payee verification with banks (where available).
  • Call-back verification for bank detail changes using known contact information.
  • Payment holds for exceptions until documented resolution.
  • Use beneficiary name matching (account name must equal vendor legal name).

D. Procurement and receiving controls

  • Use PO-based purchasing; discourage non-PO invoices.
  • Require receiving reports signed by independent receiving personnel.
  • Enforce clear acceptance criteria for services.

E. Audit, analytics, and continuous monitoring

  • Duplicate invoice detection (same amount/date/vendor).
  • Outlier analysis (spikes in frequency, split invoices, threshold dodging).
  • Vendor-bank account reuse detection (multiple vendors sharing a bank account).
  • Random spot checks and surprise audits.

VI. Immediate response protocol when fraud is suspected

Speed matters because fraud losses often become unrecoverable after funds are withdrawn or laundered.

Step 1: Preserve evidence (do not tip off suspected insiders)

  • Secure copies of invoices, emails, attachments, chat logs, call records, delivery receipts, approvals, and system logs.
  • Preserve original electronic files (do not “resave” and overwrite metadata).
  • Maintain a chain-of-custody log: who collected what, when, and from where.

Step 2: Freeze payment and access

  • Place the invoice and related vendor on payment hold.
  • Suspend vendor record changes.
  • Restrict system access for accounts involved, if appropriate (least disruption, highest protection).

Step 3: Verify independently (out-of-band)

  • Contact supplier using previously known numbers/emails from your master records—not from the suspicious invoice.

  • Require written confirmation of:

    • invoice number and amount
    • covered goods/services
    • authorized bank account details

Step 4: Escalate internally

  • Notify: finance/AP head, legal, internal audit, information security, and management.
  • Start a documented internal investigation.

Step 5: If payment already occurred—attempt recovery fast

  • Immediately inform your bank and request:

    • recall/chargeback options (where feasible)
    • freezing of recipient account (subject to bank processes and legal constraints)

  • Send written notice to the recipient bank if identifiable, and document all communications.

  • Report to law enforcement and prepare for judicial remedies if needed.

VII. Philippine legal framework commonly implicated

Invoice fraud can trigger criminal, civil, and regulatory consequences. Which law applies depends on the conduct and evidence.

A. Revised Penal Code (RPC) — falsification, estafa, and related offenses

  1. Estafa (swindling) Commonly used where deception causes another to part with money or property (e.g., paying a fake invoice, paying more than due, paying to a fraudster’s account).
  2. Falsification of documents If invoices, receipts, delivery documents, or certifications are forged or materially altered.
  3. Use of falsified documents Liability may attach to those who knowingly use fake/altered invoices to obtain payment or other benefits.

B. Cybercrime Prevention Act (RA 10175)

Applicable when fraud involves:

  • hacking or unauthorized access,
  • email compromise,
  • online impersonation,
  • digital alteration and transmission of falsified documents,
  • computer-related fraud and identity-related offenses.

C. E-Commerce Act (RA 8792)

Supports legal recognition of electronic data messages and electronic documents, and can be relevant when invoices and approvals are electronic and you need to establish evidentiary foundations.

D. Anti-Money Laundering Act (AMLA) (as amended)

Invoice fraud proceeds can move through the banking system. In some cases, suspicious transaction reporting frameworks and coordination with banks become relevant. For victims, AMLA is often practical in understanding why banks have strict processes before freezing accounts or disclosing information.

E. Data Privacy Act (RA 10173)

Investigations often involve employee data, emails, CCTV, access logs, and personal information. Employers must:

  • observe proportionality and legitimate purpose,
  • secure data, limit access, and document the investigation basis,
  • avoid unnecessary disclosure.

F. Tax compliance risk (BIR implications)

Using fake invoices/receipts to support deductions or input VAT can lead to:

  • disallowance of deductions/input VAT,
  • deficiency tax assessments,
  • surcharge and interest,
  • potential criminal exposure in serious cases (especially where willful falsity is shown). Even as a buyer, weak due diligence can create audit vulnerability.

VIII. Civil liabilities and remedies

A. Recovery of funds (civil action)

Possible causes of action depend on facts:

  • Unjust enrichment / solutio indebiti (payment by mistake): where money was paid without a valid obligation.
  • Damages: actual damages (loss), moral/exemplary damages in appropriate cases, attorney’s fees when allowed.
  • Breach of contract: if a legitimate supplier or internal party violated contractual duties (e.g., security clauses, notice obligations).

B. Provisional remedies (urgent court tools)

When identifiable defendants and assets exist, consider:

  • Preliminary attachment (to secure assets),
  • Injunction (to prevent dissipation or continued fraud), subject to legal requirements, evidence strength, and posting of bond.

C. Employer remedies vs employees/insiders

  • Administrative discipline (company code of conduct).
  • Civil claims for damages.
  • Criminal complaints where warranted.

IX. Criminal case handling and evidence essentials

A. Practical evidentiary building blocks

  • Original invoice and file metadata (for digital documents).
  • Email headers and server logs (for BEC and impersonation).
  • Procurement trail: PO, receiving reports, approvals, vendor creation logs.
  • Bank records and transaction references.
  • Witness statements: receiving personnel, approvers, vendor contacts.

B. Maintaining admissibility and credibility

  • Keep originals and preserve digital integrity.
  • Document who accessed evidence and when.
  • For electronic evidence, maintain reliable extraction methods and preserve headers/logs; avoid screenshots as the only proof when better artifacts exist.

C. Coordinating with law enforcement and prosecutors

  • Prepare a clear timeline, persons involved, amounts, and documents.
  • Identify the deception method and the resulting loss.
  • Be ready to support requests for bank-related information via lawful processes.

X. Handling disputes with legitimate suppliers

Not all problems are fraud; some are billing disputes. A controlled approach prevents relationship damage while protecting the company.

A. If the supplier is legitimate but billing is questionable

  • Issue a written notice disputing the invoice and stating the basis: mismatch in quantity, pricing, unauthorized charges, lack of acceptance.
  • Request corrected invoice/credit memo.
  • Pay undisputed portions where appropriate, to show good faith, subject to your contract terms.

B. Contract clauses that reduce risk

  • Invoice submission rules (official email/portal, required attachments).
  • No payment for unapproved change orders.
  • Audit rights and right to withhold payment pending verification.
  • Warranty and indemnity for fraud/misrepresentation.
  • Bank detail change protocol and liability allocation.

XI. Special issues: VAT invoices/official receipts and tax audit defensibility

A. Business reality and documentation

Tax risk is reduced when you can prove:

  • the supplier exists and is engaged in business,
  • goods/services were actually received,
  • payment was made to the proper party,
  • withholding taxes (if applicable) were correctly handled,
  • documentation is complete and consistent.

B. Internal “tax due diligence” controls

  • Require tax registration details during onboarding.
  • Match invoicing to delivery/acceptance.
  • Maintain organized files (physical or electronic) for audit readiness.

XII. Sector-specific considerations

A. SMEs and family businesses

Higher risk often arises from concentrated roles and informal approvals. Prioritize:

  • separation between purchasing, receiving, and payment,
  • standardized vendor onboarding,
  • mandatory documentation for services.

B. Condo corporations, HOAs, and NGOs

Common vulnerabilities include:

  • committee-led purchasing without formal procurement controls,
  • reliance on volunteers, and
  • weak segregation. Adopt:
  • bidding/quotation rules,
  • minutes documenting approvals,
  • external audit or independent review.

C. Professionals (law firms, clinics, small practices)

Focus on:

  • approved supplier list,
  • engagement letters and acceptance sign-offs,
  • strict bank detail verification.

XIII. Practical templates and decision tools (text form)

A. “Stop-Pay” internal notice (key content)

  • Invoice number/date/vendor
  • Amount and reason for hold
  • Required documents for release
  • Approver for exception resolution
  • Evidence preservation instruction

B. Vendor bank change verification script (minimum)

  • Confirm invoice numbers and amounts in process
  • Confirm reason for bank change
  • Confirm account name and bank branch
  • Confirm change request signer authority
  • Confirm via secondary channel (call + written confirmation)

C. Fraud triage matrix (fast classification)

  1. High likelihood of fraud: altered bank details + urgency + out-of-band verification fails → freeze + bank escalation + legal review
  2. Moderate: documentation gaps + unusual amount → hold + require supports + internal audit
  3. Low: clerical error likely → request correction + document resolution

XIV. Key takeaways

  1. Authenticity is proven by end-to-end traceability, not by appearance.
  2. The strongest control is a disciplined three-way match and strict vendor/bank-change governance.
  3. Treat sudden payment instruction changes and urgency as high-risk fraud indicators.
  4. When suspicious, act fast: preserve evidence, freeze payment, verify out-of-band, escalate, and attempt bank recovery immediately if funds moved.
  5. In the Philippines, invoice fraud commonly implicates estafa, falsification, and where digital methods are used, cybercrime—with parallel civil recovery and tax compliance consequences.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login