You have 0 free articles left this month.
Register for a free account to access unlimited free content.
accountants daily logo

Who pays when scammers redirect an invoice?


Customer due diligence has to be balanced against a supplier’s duty of care.

By Robin Sands 13 minute read

Businesses increasingly rely on electronic communication, including email, to conduct transactions. While this brings convenience and efficiency, it also introduces vulnerabilities that fraudsters can exploit.

One such vulnerability is invoice interception, where fraudsters intercept invoices sent via email and alter the bank details to divert payments into their own accounts. This can leave both the supplier and customer in a quandary as to who ultimately bears the financial loss.

Let's take a typical scenario to understand the situation at hand better.


Supplier A sends an invoice to customer B via email, but it is intercepted by a fraudster who changes the bank details on the invoice before it reaches the customer B. Customer B pays the invoice to the fraudster's account, thinking it is the supplier A's account details.

In this scenario, who pays?

  • Does the customer need to pay again so the bill is settled with the supplier?
  • Does the supplier write it off as a loss?
  • Do both sides agree to split the bill and share the pain?

The complex legal landscape

The question of who bears the financial burden in invoice interception scams is complex and often depends on the specific circumstances of each case. In some jurisdictions, the customer is considered liable for verifying the authenticity of an invoice before making payment. This is based on the principle of customer due diligence, which holds that customers have a responsibility to exercise reasonable care to ensure they are paying the correct supplier.

However, there are also cases where the supplier may be held liable, particularly if they were negligent in protecting their payment information or failed to implement adequate security measures to prevent invoice interception. In the above scenario for example, it is the supplier's email that is intercepted and they should have used a safer method to send their invoice (e-invoicing), protecting their business as well as their customer. In such instances, the supplier may be deemed to have breached their duty of care to the customer.

Research indicates there are various approaches to who can really be held responsible when facing an invoice interception scam:

  • The supplier might demand the customer to pay again.
  • The customer might demand that their bank repays the funds transferred.
  • The person who commits invoice fraud is liable for their actions.
  • The supplier has a duty to the customer to ensure that they were not the victim of fraudulent emails.
  • In an invoice scam, the customer is typically liable for the intercepted payment.
  • In some cases, the supplier may be liable for an intercepted payment, too.

The role of e-invoicing

The rise of invoice interception scams has prompted a growing movement towards e-invoicing – a secure electronic invoicing system that uses the Peppol network. Peppol is a pan-European e-invoicing infrastructure that provides a standardised and safe platform for exchanging invoices between businesses.

E-invoicing offers several advantages over traditional email-based invoicing, including:

  • Enhanced security: e-invoices are digitally signed and encrypted, ensuring their authenticity and integrity.
  • Verification process: invoices are verified by the Peppol access point before being sent to the customer, guaranteeing that they originate from a legitimate supplier and contain accurate data.
  • Reduced risk of fraud: The secure nature of e-invoicing significantly reduces the risk of invoice interception and fraudulent alterations.
  • Improved efficiency: e-invoicing streamlines the invoicing process, eliminating the need for manual data entry and paper handling.

The verification of an e-invoice from an access point provider ensures that:

  • The invoice is from a legitimate supplier.
  • The invoice data is accurate.

In turn, this gives the customer confidence that they are paying the correct supplier for the correct invoice amount and that their payment will be processed securely.

A fraud-resistant future?

As businesses increasingly embrace the digital transformation, e-invoicing emerges as a critical tool for safeguarding financial transactions and ensuring business continuity. By adopting e-invoicing, businesses can protect themselves from the financial and reputational damage caused by invoice interception scams.

Moreover, e-invoicing offers a range of operational benefits, including reduced processing costs, improved data accuracy and enhanced visibility into the invoicing process.

In a world where fraudsters are constantly evolving their tactics, e-invoicing provides a robust defence against invoice interception scams, safeguarding the financial interests of both suppliers and customers.

The adoption of e-invoicing is not merely a technological advancement; it represents a shift towards a more secure and efficient business landscape. By embracing e-invoicing, businesses can protect themselves from fraud, streamline their operations and enhance their overall financial wellbeing.

Robin Sands is CEO of Link4.

You need to be a member to post comments. Become a member for free today!
You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.