Ghost Vendor and Phantom Suppliers

A ghost vendor is a supplier record in the accounts payable or vendor master file that does not correspond to a real, legitimate business relationship. Invoices submitted under a ghost vendor are paid to a bank account controlled by the fraudster -- typically an employee with access to the vendor master file, or someone colluding with such an employee. The terms ghost vendor and phantom supplier are used interchangeably, though phantom supplier sometimes specifically refers to vendors created to receive payments for goods that were never delivered rather than vendors that are entirely fictitious.

Ghost vendor fraud is one of the most consistently reported forms of AP fraud in Australian businesses. It is effective because it works through normal-looking AP processes: an invoice arrives, it is approved, and it is paid. The problem is that the supplier behind the invoice does not exist in any meaningful commercial sense, and the bank account receiving the payment belongs to the fraudster.

How ghost vendors are created

The creation of a ghost vendor requires access to the vendor master file -- the database of approved suppliers in the accounting system. In organisations with weak vendor master controls, adding a new supplier is straightforward: a name, an ABN (which can be a real but dormant ABN found on the public ABN lookup), banking details, and a contact email are typically all that is required. Once the supplier is created, invoices can be submitted against it and routed through normal approval channels.

Ghost vendors are often created to look like legitimate suppliers in the same category as vendors the business already uses. If the business regularly pays invoices from IT equipment suppliers, a ghost vendor in the same category will attract less scrutiny than a new supplier in an unfamiliar category. Invoice values are typically kept below approval thresholds that would require a second sign-off, and the frequency of invoices is calibrated to avoid triggering unusual payment pattern alerts.

Shell company variants

A more sophisticated variant of ghost vendor fraud uses a real registered company as the vehicle. In Australia, registering a company with ASIC costs AU$597 for a standard proprietary limited company. The fraudster registers a company, obtains an ABN, opens a bank account, and begins submitting invoices. The company passes basic legitimacy checks -- it has an ABN, an ASIC registration, and a bank account -- but it has no real employees, no physical premises, and no genuine commercial relationship with the business paying its invoices.

Shell company schemes are particularly difficult to detect through standard invoice review processes. The detection triggers that catch crude ghost vendor fraud -- mismatched ABNs, obviously fake supplier names -- do not fire when the shell company has legitimate credentials. Detection in these cases typically comes from supplier statement reconciliation (the supplier cannot provide statements because no real transactions exist), from data analytics identifying unusual payment patterns, or from tips from other employees who notice the relationship.

Vendor master controls that prevent ghost vendors

The foundational control is separating vendor creation from invoice approval and payment authorisation. If the person who can add a supplier to the system is different from the person who approves invoices and different again from the person who releases payments, a ghost vendor scheme requires collusion between at least two people -- which significantly reduces the likelihood of success.

New vendor onboarding should require supporting documentation: a copy of the supplier's ABN registration, bank account confirmation letter, and evidence of a genuine commercial relationship (a quote, contract, or signed terms). All of these requirements can be bypassed by a determined fraudster with enough access, but they create friction that stops opportunistic schemes.

Independent periodic reviews of the vendor master file -- comparing new suppliers added in the period against purchase orders and contracts, and looking for suppliers with addresses or ABNs that match employee records -- are the most effective ongoing detection control. For businesses using AP automation platforms, automated ABN validation and bank account verification during onboarding removes the manual step that most ghost vendor schemes exploit.