Duplicate Invoice Detection

A duplicate invoice is an invoice that has already been received and processed -- intentionally resubmitted to obtain a second payment, or accidentally submitted twice through different channels. A duplicate payment is the result: the same liability paid twice. The two concepts are closely linked but distinct. Some duplicate payments stem from genuine supplier error; others are deliberate fraud. Both cost money and require a recovery process that is slower and more expensive than prevention.

Duplicate invoices and payments are more prevalent than most businesses realise. Research from the Institute of Financial Operations consistently finds that between 0.1 and 0.8 percent of all invoices processed by mid-market businesses result in a duplicate payment. At AU$10,000 average invoice value and 500 invoices per month, that is between AU$5,000 and AU$40,000 per month in overpayments -- most of which sit unrecovered until the next supplier statement reconciliation, if one is done at all.

How duplicates enter the AP process

The most common source of accidental duplicate invoices is multichannel invoice submission. Suppliers send invoices by email, then follow up with a copy when they have not heard back, then submit again through a supplier portal. Without centralised duplicate detection, each submission enters the AP queue as a separate item. If different team members process different channels without cross-checking, the same invoice can be approved and paid multiple times before anyone notices.

Deliberate duplicate fraud typically exploits gaps in the detection process more specifically. A fraudster submitting duplicate invoices intentionally may vary the invoice number slightly (INV-1001 vs. INV1001 vs. Invoice 1001), change the date, or wait several months between submissions to reduce the chance of a manual match. If the business's duplicate check relies on exact string matching of invoice numbers, these small variations bypass it entirely.

Internal staff processing invoices can also create duplicates accidentally through data entry errors -- keying an invoice number incorrectly, processing the same email attachment twice, or failing to mark an invoice as processed in a shared spreadsheet before a colleague picks it up.

Detection approaches

Manual duplicate detection relies on AP staff checking each new invoice against recent payment records before processing. This works at very low volumes but fails quickly as invoice volumes grow -- a team processing 200 invoices per week cannot realistically cross-check each one against thousands of historical records.

Automated duplicate detection uses fuzzy matching algorithms to flag invoices where the supplier, amount, date, and invoice number combination is identical or near-identical to an invoice already in the system. "Near-identical" matching is critical: exact matching misses the small variations that deliberate fraud uses to evade detection. A well-configured duplicate detection rule should flag invoices where two or more of the following match within a tolerance: supplier name or ABN, invoice amount within a rounding threshold, invoice number with minor variations, and invoice date within a defined window.

Flagged duplicates should enter a review queue rather than being automatically rejected, because legitimate situations do exist -- a credit note followed by a re-invoice at the same amount, for example. The review process should document why a flagged invoice was cleared or rejected, creating an audit trail that supports both fraud investigation and process improvement.

Recovery when duplicates are paid

Recovering a duplicate payment from a supplier is usually straightforward if the relationship is ongoing and the supplier is cooperative. The payment can be offset against the next invoice. Where the supplier disputes the overpayment, a formal claim supported by payment records and the original invoice is typically required. For cases where the "supplier" is a fraudster with no ongoing relationship, recovery through the business's bank via a recall request is possible if initiated quickly -- Australian banks generally have a 10-business-day window for effective payment recall -- but success rates decline sharply after the funds have been transferred out of the receiving account.