Vendor Fraud Detection: Benford’s Law & Shell Company Analysis

Why Vendor Fraud Is the Highest-Risk Category

Per the ACFE’s 2024 Report to the Nations, billing schemes (a subset of vendor fraud) account for 22% of all occupational fraud cases and cause a median loss of USD 100,000 per case. In Indian manufacturing, infrastructure, and government contracting sectors, procurement spend often represents 50-70% of total expenditure — making the accounts payable function the single largest fraud risk area.

The risk is compounded in India by several structural factors:

• Large vendor base: Mid-sized Indian manufacturers often have 500-2,000 active vendors. Manual oversight is practically impossible.
• Cash economy interface: Many Tier 2/3 suppliers transact partially in cash, reducing the audit trail.
• Weak vendor onboarding: Many companies lack formal vendor verification processes — no MCA search, no GST validation, no site inspection.
• Employee-vendor collusion: Purchase department employees create fictitious vendors or route business to related-party suppliers for kickbacks.

The Five Major Vendor Fraud Schemes

1. Fictitious Vendor / Shell Company Billing

An employee (typically in procurement or accounts payable) creates a fake vendor in the vendor master. Invoices are generated for goods or services never delivered. Payments flow to a bank account controlled by the employee or an accomplice. The vendor entity may be a dormant company, a sole proprietorship with a rented GST number, or a shell company incorporated solely for this purpose.

Detection approach: Cross-reference vendor master against MCA records (via MCA21 portal), GST registration database, PAN verification, and physical address validation. Flag vendors where the registered address matches an employee’s residential address, where the bank account is in a different city from the registered office, or where the entity has no income tax filing history.

2. Overbilling and Inflated Invoicing

A real vendor charges prices above market rates, often splitting the excess with a colluding employee. Alternatively, invoices reflect higher quantities than actually delivered. This scheme is difficult to detect without independent price benchmarking and goods-receipt reconciliation.

Detection approach: Three-way match analysis (purchase order vs. goods receipt note vs. invoice). Price trend analysis across vendors supplying the same item category. Comparison against published commodity indices and market rates.

3. Duplicate Payment Fraud

The same invoice is paid twice — either through deliberate resubmission or through manipulation of different payment channels (one via NEFT, another via cheque). Duplicate payments are common in organisations with poor invoice tracking and multiple payment approval workflows.

Detection approach: Algorithmic duplicate detection testing invoice number, amount, date, and vendor combinations. Fuzzy matching for near-duplicates where invoice numbers are slightly altered (e.g., INV-2025-001 vs. INV/2025/001).

4. Kickback and Bid-Rigging Schemes

Vendor selection is manipulated to favour a specific supplier in exchange for personal payments to the decision-maker. Bid rigging may involve sharing competitor bid information, tailoring specifications to exclude competitors, or splitting purchases to stay below approval thresholds.

Detection approach: Analysis of bid patterns — if the same vendor wins above a certain percentage of competitive bids, or if losing bids are consistently close to the winning bid. Purchase-splitting analysis to identify transactions deliberately structured below approval limits. Relationship mapping between employees and vendor owners.

5. Quality Substitution Fraud

The vendor delivers goods of lower specification than invoiced and retains the cost difference. Common in construction materials, raw materials, and IT hardware procurement. Often requires physical inspection to detect.

Detection approach: Analysis of rejection rates, warranty claims, and quality complaints by vendor. Comparison of specification sheets against actual delivery documentation.

Benford’s Law Testing: Methodology and Application

How Benford’s Law Works in Practice

We extract all accounts payable transactions for the review period (typically 3-5 years) and perform the following tests:

First-Digit Test: Compare the frequency of the first digit (1-9) across all invoice amounts against the expected Benford’s distribution. A chi-square test or Z-test determines statistical significance of deviations. For example, if digit 5 appears as the leading digit in 15% of invoices (expected: 7.9%), this signals a concentration of fabricated invoices in the ₹5,000-₹5,999 or ₹50,000-₹59,999 ranges.

First-Two-Digit Test: More granular — tests the frequency of the first two digits (10-99). This narrows the anomaly to specific amount ranges. If invoices beginning with “48” appear far more frequently than expected, investigation focuses on that specific amount band.

Second-Digit Test: Tests only the second digit (0-9). Useful for detecting psychological pricing patterns — fraudsters often round amounts or use specific second digits habitually.

Summation Test (Mark Nigrini method): Instead of counting transactions, this sums the total rupee value beginning with each first digit. Expected: each first digit should sum to approximately 11.1% of the total. Spikes indicate that large-value transactions are concentrated in specific digit ranges.

When Benford’s Law Does Not Apply

Benford’s testing is unreliable for: datasets with assigned numbers (employee IDs, sequential invoice numbers), datasets with built-in minimums or maximums (per diem allowances capped at ₹2,500), and very small datasets (below 500 transactions). We always validate that the dataset is suitable before drawing conclusions.

Shell Company Identification: MCA, GST, and IT Verification

Shell companies are the delivery mechanism for vendor fraud. Identifying them requires cross-referencing multiple government databases:

MCA Verification (Companies Act, 2013)

• Section 248 — Striking off: Check if the vendor company has been struck off by the Registrar of Companies for not filing annual returns for two or more consecutive years.
• Paid-up capital: Shell companies typically have the minimum paid-up capital (₹1 lakh for private companies). No subsequent capital infusion.
• Director analysis: Cross-reference directors against the company’s employees, their relatives, or known associates. Check DIN (Director Identification Number) history for directorship in multiple dormant companies — a hallmark of shell company operators.
• Registered office: Verify via Google Maps and physical inspection. Shell companies often use co-working spaces, virtual offices, or residential addresses.
• Financial statements: If available on MCA21, check for revenue concentration (100% revenue from the defrauded company), minimal expenses, no employees, and no fixed assets.

GST Verification

• Verify GSTIN on the GST portal. Check registration date — if the vendor started issuing invoices before its GST registration, this is a red flag.
• Check GST filing compliance — shell companies often file nil returns or file erratically.
• Verify the principal place of business declared in GST registration against the address on invoices.

Income Tax and PAN Verification

• PAN-based verification confirms entity existence and type (company, firm, individual).
• Cross-reference with TDS returns (Form 26AS/AIS) — if the company is claiming to supply goods worth crores but has minimal TDS credits, the business activity is suspect.

Data Analytics Techniques Beyond Benford’s Law

Duplicate Payment Detection Algorithm

We run multi-parameter matching across the accounts payable ledger:

• Exact match: Same vendor + same invoice number + same amount = definite duplicate
• Near match: Same vendor + same amount + invoice date within 7 days = probable duplicate
• Fuzzy match: Same amount + similar vendor name (Levenshtein distance ≤ 2) = possible duplicate requiring investigation
• Cross-entity match: For group companies — same invoice submitted to two different group entities

Round-Number Analysis

Genuine commercial invoices rarely result in perfectly round numbers because they include tax calculations, odd quantities, and varying unit prices. An unusually high proportion of round-number invoices (₹1,00,000, ₹50,000, ₹25,000) from a specific vendor signals fabrication.

Approval Threshold Testing

Many organisations have tiered approval limits — for example, invoices below ₹50,000 require only one signature, while those above require two. Fraudsters structure invoices just below approval thresholds. We test for clustering of invoice amounts immediately below each approval limit.

Weekend and Holiday Invoice Analysis

Invoices dated on Sundays, public holidays, or company shutdown periods are anomalous. While not conclusive proof of fraud, they indicate potential backdating or fabrication.

Legal Framework for Vendor Fraud in India

Indian Penal Code (IPC) Provisions

• Section 420 — Cheating: Whoever cheats and thereby dishonestly induces the person deceived to deliver any property. Punishment: imprisonment up to 7 years and fine.
• Section 468 — Forgery for purpose of cheating: Making a false document with intent to cheat. Punishment: imprisonment up to 7 years and fine.
• Section 471 — Using as genuine a forged document: Relevant when fabricated invoices are used. Punishment: same as for forgery.
• Section 409 — Criminal breach of trust by agent: Applicable when employees misappropriate company funds through vendor schemes. Punishment: imprisonment up to life and fine.
• Section 120B — Criminal conspiracy: When employee-vendor collusion is established. Punishment: same as the substantive offence.

Companies Act, 2013

• Section 447 — Fraud: Any act, omission, concealment, or abuse of position with intent to deceive, gain undue advantage, or injure the interests of the company. Punishment: imprisonment from 6 months to 10 years and fine not less than the amount involved in the fraud, extending to three times the amount.
• Section 447 proviso: Where the fraud involves public interest, the term of imprisonment shall not be less than 3 years.
• Section 245 — Class action suit: Shareholders can file class action before NCLT if the company’s affairs are being conducted in a fraudulent manner.

Prevention of Corruption Act, 1988

Where vendor fraud involves government procurement or public sector companies, Section 7 (offence relating to public servant being bribed) and Section 8 (offence relating to bribing a public servant) apply. The Lokpal and Lokayuktas Act, 2013 may also be invoked for senior government officials.

Our Vendor Fraud Investigation Process

At Virtual Auditor, we follow a structured four-phase investigation methodology:

Phase 1: Data Acquisition and Preparation (Week 1-2)

• Extract complete accounts payable ledger from ERP (Tally, SAP, Oracle, custom systems)
• Obtain vendor master file with all registered vendors
• Collect purchase orders, goods receipt notes, and invoice images
• Obtain bank payment records (NEFT/RTGS/cheque details)
• Data cleansing and normalisation for analytics

Phase 2: Automated Analytics (Week 2-3)

• Benford’s Law first-digit, second-digit, and first-two-digit tests
• Duplicate payment detection (exact, near, and fuzzy matching)
• Round-number concentration analysis
• Approval threshold clustering test
• Vendor master anomaly screening (common addresses, phone numbers, bank accounts)
• Weekend/holiday invoice dating analysis
• Price variance analysis by item category

Phase 3: Targeted Investigation (Week 3-6)

• Shell company verification for flagged vendors (MCA, GST, PAN, physical verification)
• Employee-vendor relationship mapping
• Structured interviews with procurement and AP staff (following CFE interview methodology)
• Three-way match testing for flagged transactions
• Bank account analysis for suspicious payment beneficiaries

Phase 4: Reporting and Litigation Support (Week 6-8)

• Forensic report structured for legal admissibility (Indian Evidence Act, Section 45)
• Loss quantification with supporting evidence chain
• Expert witness testimony before NCLT, civil courts, or criminal courts
• Support for FIR filing under IPC Section 420/468/409
• Recommendations for internal control strengthening

Preventive Controls: Vendor Fraud Risk Mitigation

Beyond detection, we recommend the following controls to our clients:

• Vendor onboarding verification: Mandatory MCA search, GST validation, PAN verification, and physical site inspection for all new vendors above ₹5 lakh annual spend.
• Segregation of duties: The person who creates a vendor in the master file should not be the person who approves payments to that vendor.
• Periodic vendor master review: Annual audit of the vendor master to identify dormant vendors, duplicate entries, and vendors with incomplete KYC documentation.
• Continuous Benford’s monitoring: Quarterly Benford’s Law testing on accounts payable data as a preventive screening tool.
• Whistleblower mechanism: Per Companies Act Section 177(9), listed companies and prescribed classes of companies must establish a vigil mechanism. Read our detailed guide: Whistleblower Investigation: Vigil Mechanism & SEBI.
• Surprise audits: Unannounced vendor site visits and stock verification for high-value suppliers.

Pricing for Vendor Fraud Investigation

Service	Scope	Starts From
Benford’s Law Screening	Full AP ledger analysis, anomaly report	₹75,000
Duplicate Payment Detection	Full AP ledger, multi-parameter matching	₹50,000
Shell Company Investigation	Per entity: MCA + GST + PAN + physical verification	₹50,000 per entity
Comprehensive Vendor Forensic	Full analytics + targeted investigation + report	₹2,00,000
Expert Witness Testimony	NCLT / civil court / criminal court	Separate engagement

For a custom quote, contact us at Virtual Auditor Pricing or call +91 99622 60333.

Frequently Asked Questions

What is vendor fraud and how common is it in India?

Vendor fraud involves a supplier — sometimes in collusion with company employees — overbilling, delivering substandard goods, submitting fictitious invoices, or operating as a shell entity. Per ACFE’s 2024 Report to the Nations, billing schemes account for 22% of occupational fraud cases globally. In Indian procurement-heavy sectors (manufacturing, infrastructure, government contracting), vendor fraud is among the top three fraud categories.

How does Benford’s Law help detect vendor fraud?

Benford’s Law predicts the expected frequency distribution of leading digits in naturally occurring numerical datasets. Invoice amounts, purchase orders, and expense claims should follow this distribution. When fraudsters fabricate or manipulate amounts, the distribution deviates — for example, an unusually high frequency of invoices beginning with 4 or 7 indicates potential manipulation. We apply first-digit, second-digit, and first-two-digit Benford’s tests across the entire accounts payable ledger.

What are red flags of a shell company vendor?

Key red flags include: registered address is a residential premises or virtual office; no website or online presence; GST registration is recent relative to invoice dates; bank account opened shortly before first invoice; common directors or shareholders with the purchasing company; no employees listed in PF/ESI returns; no income tax return history; and the MCA filings show nominal paid-up capital with no real business activity.

What legal action can be taken against vendor fraud in India?

Criminal: FIR under Section 420 IPC (cheating and dishonestly inducing delivery of property) and Section 468 IPC (forgery for purpose of cheating). If employees colluded: Section 409 IPC (criminal breach of trust by agent). Civil: Recovery suit under Order VII Rule 1 of CPC. For companies: Section 447 of the Companies Act, 2013 covers fraud with punishment of imprisonment from 6 months to 10 years and a fine not less than the amount involved.

How much does a vendor fraud investigation cost?

Targeted vendor analysis (single vendor, data analytics + background check): from ₹75,000. Comprehensive accounts payable forensic (Benford’s analysis + duplicate testing + vendor background screening across full ledger): from ₹2,00,000. Shell company deep-dive with MCA/GST/IT verification: from ₹50,000 per entity. Contact Virtual Auditor at +91 99622 60333 or visit our contact page.

Can forensic vendor analysis be done remotely using data analytics?

Yes. At Virtual Auditor, we perform remote forensic analytics on accounts payable data exported from Tally, SAP, Oracle, or any ERP. Benford’s Law testing, duplicate payment detection, round-number analysis, and vendor master anomaly screening are all data-driven. Physical verification is needed only for site visits to vendor premises during shell company confirmation.

Virtual Auditor — AI-Powered CA & IBBI Registered Valuer Firm
Valuer: V. VISWANATHAN, FCA, ACS, CFE, IBBI/RV/03/2019/12333
Chennai (HQ): G-131, Phase III, Spencer Plaza, Anna Salai, Chennai 600002
Bangalore: 7th Floor, Mahalakshmi Chambers, 29, MG Road, Bangalore 560001
Mumbai: Workafella, Goregaon West, Mumbai 400062
Phone: +91 99622 60333 | Email: support@virtualauditor.in
Book a Free Consultation