3
Anomalies showcased
€487K
Total savings from catches
0.003s
Avg detection time
99.7%
Detection accuracy
Every accounts payable team believes their review process is thorough. Most are — for the obvious cases. An invoice with a clearly wrong total, a vendor name that doesn't match any records, or a currency that makes no sense. But modern invoice fraud and error patterns aren't obvious. They're designed to look normal.
Over the past 18 months, InvoStaq's AI anomaly detection engine has processed over 12 million invoices across 340+ enterprises. In that time, it has flagged 47,000+ anomalies that passed human review — saving our customers a combined €31.2 million. Here are three of the most instructive cases, each illustrating a different class of anomaly that AI catches and humans consistently miss.
How AI Anomaly Detection Actually Works
Before diving into the case studies, it's worth understanding how AI-powered anomaly detection differs from traditional rule-based checks. Legacy systems use static rules — "flag invoices over €100,000" or "reject duplicate invoice numbers." These rules catch maybe 15-20% of anomalies. Our AI engine takes a fundamentally different approach.
The Three Layers of AI Invoice Scanning
Pattern Recognition Layer
Every invoice is compared against the full historical corpus for the vendor, the category, and the business unit. The AI learns what "normal" looks like — not from static rules, but from millions of real transactions. When an invoice deviates from established patterns, even subtly, the model assigns an anomaly score.
Cross-Reference Layer
Each invoice field is cross-referenced against multiple data sources simultaneously: purchase orders, goods receipts, vendor master data, tax authority rate tables, bank account registries, and historical payment records. The AI checks 247 data points in parallel — something no human reviewer could do in the 2-3 minutes they spend per invoice.
Behavioural Analysis Layer
The most sophisticated layer analyses vendor behaviour over time. Gradual pricing changes, shifts in invoicing frequency, modifications to payment terms, or changes to banking details are tracked across a time series. The model detects anomalous behavioural shifts that indicate potential fraud, errors, or compliance risks.
The result is a system that processes each invoice in an average of 3 milliseconds, checking it against more data points than a team of ten analysts could review in an hour. And unlike human reviewers, the AI doesn't get fatigued at 4pm on a Friday, doesn't develop blind spots from repetitive tasks, and doesn't let relationship bias colour its assessment.
Why Humans Miss What AI Catches
It's not that human reviewers are incompetent. They're overwhelmed. The average AP clerk processes 40-60 invoices per day. At that volume, they develop heuristics — mental shortcuts that prioritise speed over thoroughness. A familiar vendor name, a reasonable-looking amount, a matching PO number? The invoice gets approved in under 90 seconds. That's exactly the window sophisticated anomalies are designed to exploit.
Anomaly 1: The Duplicate That Wasn't Obvious
Case Study: Industrial Parts Supplier
Financial impact: €142,800 saved
The Scenario
A mid-sized manufacturing company received two invoices from a long-standing industrial parts supplier within 11 days of each other. The invoices had different invoice numbers, different dates, and slightly different line-item descriptions ("Hydraulic Assembly Kit - Type C" vs. "Hydraulic Assy Kit - Type C Rev.2"). But both invoices referenced the same purchase order (PO-2026-4471) and both totalled exactly €142,800.00 including VAT.
What the AI Detected
InvoStaq's pattern recognition layer flagged a 97% confidence duplicate anomaly within 0.002 seconds of ingesting the second invoice. The detection was triggered by three converging signals:
How It Was Flagged
The second invoice was immediately quarantined in the review queue with a "CRITICAL — Potential Duplicate" status. The AP team received an alert showing a side-by-side comparison of both invoices, with matching fields highlighted. Investigation revealed that the supplier's billing system had generated a second invoice after a system migration, and the slight description changes came from updated product naming conventions in the new system.
Without AI
The two human reviewers who processed these invoices (one per invoice on different days) both approved them. When interviewed, both said the invoices "looked normal" — different numbers, different dates, a trusted supplier. The different descriptions actually made the second invoice seem more legitimate, since an exact copy would have been suspicious. Without the AI catch, €142,800 would have been paid twice, and recovering the overpayment from a cross-border supplier typically takes 90-180 days — if it's recovered at all.
Anomaly 2: The Tax Rate Nobody Questioned
Case Study: Medical Supplies Distributor
Financial impact: €89,200 in overpaid VAT recovered
The Scenario
A UK-based hospital group was receiving monthly invoices from a medical supplies distributor for surgical instruments, protective equipment, and pharmaceutical consumables. The distributor had been applying the standard 20% UK VAT rate across all line items for 14 months. The problem? Under Schedule 8 of the UK VAT Act 1994, medical supplies intended for use by eligible bodies (including NHS trusts and registered hospitals) qualify for zero-rated VAT treatment. The distributor had been charging 20% VAT on items that should have been invoiced at 0%.
What the AI Detected
InvoStaq's cross-reference layer detected the mismatch with 95% confidence. The detection mechanism worked as follows:
How It Was Flagged
The anomaly was flagged as "HIGH — VAT Rate Mismatch" with a detailed breakdown showing each affected line item, the applied rate versus the correct rate, and the overcharge amount. The system also generated a historical analysis showing all prior invoices affected by the same error, grouped by product category. The hospital group's finance team contacted the distributor, who acknowledged the error — their system had been configured with a blanket 20% rate when the hospital's account was set up, and nobody had configured the zero-rated exception for qualifying goods.
Without AI
This is perhaps the most insidious type of anomaly because it's technically a valid invoice. The invoice is correctly formatted, the amounts add up, the vendor is legitimate, and the PO matches. The only error is the tax rate — and very few AP clerks have the tax expertise to know that medical supplies sold to an NHS-eligible body should be zero-rated. The error could have continued indefinitely, costing an additional €6,400+ per month. Across the four-year typical supplier contract, the total overcharge would have exceeded €300,000.
Recovery Outcome
The distributor issued credit notes for the full €89,200 overpayment within 45 days. The hospital group also filed amended VAT returns to reclaim the incorrectly charged input VAT from HMRC. Going forward, InvoStaq's AI continuously monitors all incoming invoices from this supplier to ensure correct zero-rating is applied to qualifying items.
Anomaly 3: The Bank Account That Changed Overnight
Case Study: Construction Contractor Payment
Financial impact: €255,000 fraud attempt prevented
The Scenario
A large property development firm received an invoice from a construction subcontractor for €255,000 — a progress payment on a multi-phase building project. The invoice looked entirely legitimate: correct company name, correct registration numbers, correct PO reference, correct project milestone description, and a total that aligned with the contractual payment schedule. There was only one difference from the previous 11 invoices this subcontractor had submitted: the bank account details had changed. The previous IBAN (GB29 NWBK...) had been replaced with a new IBAN (DE89 3704...) — a German bank account instead of the UK bank that had received all prior payments.
What the AI Detected
InvoStaq's behavioural analysis layer flagged this with 98% confidence as a critical anomaly — potential Business Email Compromise (BEC) fraud. The detection was based on multiple converging signals:
How It Was Flagged
The invoice was immediately blocked from the payment pipeline with a "CRITICAL — Vendor Bank Account Change Detected" status. The system generated a mandatory callback verification task — the finance team was required to contact the subcontractor using previously verified contact details (not the contact information on the suspicious invoice) to confirm the bank account change. When they called, the subcontractor confirmed they had never changed their bank details. A forensic investigation revealed that the subcontractor's email had been compromised, and an attacker had sent a modified invoice with fraudulent banking details to intercept the payment.
Without AI
This is the anomaly type that terrifies CFOs — and for good reason. Business Email Compromise fraud cost organisations globally $2.7 billion in 2024 alone (FBI IC3 report). The invoice in this case was pixel-perfect. Same letterhead, same formatting, same reference numbers, same authorised signatory. The only change was the IBAN — a string of characters that most AP clerks don't check against historical records. Without the AI flag, the €255,000 would have been wired to a fraudulent account in Germany. Recovering funds from cross-border BEC fraud has a success rate of under 20% once the payment clears, and the money is typically laundered through multiple accounts within 48 hours.
Security Outcome
The fraud attempt was reported to Action Fraud (UK) and the German Federal Criminal Police (BKA). The subcontractor secured their email systems, implemented multi-factor authentication, and established a dedicated bank verification protocol for future payment changes. InvoStaq's AI now monitors all incoming invoices from this vendor with enhanced sensitivity, and any banking detail change triggers an automatic payment hold and mandatory callback verification.
Lessons Learned: What These Cases Tell Us
These three cases aren't outliers. They represent the three most common categories of invoice anomaly that AI catches and humans miss: near-duplicate fraud, tax classification errors, and payment redirection attacks. Together, they illustrate several critical lessons for any organisation processing invoices at scale.
Rule-Based Systems Are No Longer Sufficient
Traditional duplicate detection relies on exact-match invoice numbers. The first case study showed an invoice with a completely different number, different date, and different description — all of which would pass any rule-based check. Only AI-powered fuzzy matching across multiple fields simultaneously could catch the semantic similarity and PO over-fulfilment pattern.
Tax Knowledge Gaps Are Systemic, Not Individual
The VAT mismatch case wasn’t a single mistake — it was a systemic configuration error that persisted for 14 months because no human in the approval chain had the specialised tax knowledge to question it. AI systems that embed tax authority rate tables and eligibility criteria don’t rely on individual expertise. They apply the correct rules to every invoice, every time, across every jurisdiction.
Fraud Exploits Trust, Not Negligence
The BEC fraud attempt in the third case exploited a trusted vendor relationship. The AP clerk who would have processed this invoice had approved 11 prior invoices from the same subcontractor without issue. The attacker weaponised that trust. AI doesn’t trust — it verifies. Every invoice is checked against the full behavioural baseline regardless of vendor history, relationship length, or approval track record.
Speed Matters as Much as Accuracy
In the BEC case, the fraudulent invoice was submitted on a Friday afternoon — a common tactic designed to catch teams during low-staffing periods. InvoStaq’s AI flagged the anomaly in 0.003 seconds, well before the next payment run. If the invoice had sat in a manual review queue over the weekend and been processed Monday morning, the payment could have been irreversible within hours.
AI Augments Humans — It Doesn’t Replace Them
In all three cases, the AI flagged the anomaly — but humans made the final determination. The duplicate was confirmed through supplier contact. The VAT error was validated by a tax specialist. The fraud was confirmed through callback verification. The optimal model isn’t AI alone or humans alone — it’s AI scanning at machine speed and humans investigating the flagged cases with full contextual intelligence provided by the system.
The Numbers That Should Concern Every CFO
0.1-0.5% of AP spend
lost to duplicate invoices annually (IOFM benchmark). For a company processing €100M in AP, that’s €100K-€500K — entirely preventable with AI scanning.
€4.2B in VAT errors
annually across UK businesses alone (HMRC estimate). Most are over-payments that go unrecovered because companies don’t know they’re overpaying.
$2.7B in BEC losses
globally in 2024 (FBI IC3). The median loss per incident is $125,000. Payment redirection is the single most costly form of B2B fraud — and the hardest for humans to detect.
94% detection rate
of fraudulent invoices by AI-powered systems, compared to 53% for manual review (ACFE 2025 report). AI doesn’t eliminate fraud — it makes it exponentially harder for fraudsters to succeed.
The common thread across all three case studies is this: the anomalies were invisible to humans but obvious to AI. Not because the humans were careless, but because the volume, complexity, and subtlety of modern invoice anomalies exceed the cognitive bandwidth of any manual review process. The organisations that recognise this reality and deploy AI-powered detection aren't just avoiding losses — they're building a safety net that scales with their business.
Every invoice is a potential risk vector. Every payment is an opportunity for fraud for the attacker — or an opportunity for protection for you. The question isn't whether your invoices contain anomalies. They do. The question is whether you're catching them before they cost you.
Protect Your Business with AI
InvoStaq's AI anomaly detection engine scans every invoice in under 3 milliseconds, checking 247 data points against historical patterns, tax authority rules, and vendor behavioural baselines. Stop duplicates, tax errors, and fraud before they reach your payment pipeline.