Internal Fraud Detection and Investigation

Internal fraud remains one of the most persistent and financially damaging risks facing commerce organizations. The Association of Certified Fraud Examiners (ACFE) 2024 Report to the Nations, based on 1,921 investigated cases across 138 countries, estimates that a typical organization loses 5% of annual revenue to occupational fraud, with a global median loss of $145,000 per incident. Median losses rose 24% from 2022 to 2024, and the median scheme took 12 months to uncover, accumulating an average of $9,900 in losses per month. Wholesale trade and manufacturing organizations face especially severe exposure, with the ACFE reporting median per-incident losses of $361,000 and $267,000, respectively.

Traditional audit methods compound the problem by relying on sample-based reviews that examine only 10% to 20% of transactions, leaving the majority of activity unmonitored. The ACFE 2024 study found that more than half of occupational fraud cases were correlated with a lack of internal controls or management override of existing controls. Asset misappropriation accounted for 89% of cases, while corruption schemes involving kickbacks and bribes appeared in 48% of cases. Organizations undergoing rapid growth, mergers and acquisitions, or international expansion face heightened risk as control environments lag behind operational complexity.

The 2024 ACFE and SAS Anti-Fraud Technology Benchmarking Report, drawing on a survey of nearly 1,200 anti-fraud professionals, found that only 18% of organizations currently deploy AI or machine learning in anti-fraud programs, though another 32% anticipate implementation within two years. This gap between intent and adoption underscores the opportunity for commerce enterprises to gain a measurable advantage through AI-enabled fraud detection.

AI-driven internal fraud detection systems operate across multiple analytical layers to move organizations from reactive, sample-based auditing to continuous, full-population monitoring. At the foundation, supervised and unsupervised machine learning models ingest transaction data from enterprise resource planning systems, accounts payable and receivable ledgers, expense management platforms, and procurement databases. Supervised models trained on historical fraud cases learn to classify transactions by risk level, while unsupervised techniques such as clustering algorithms identify anomalous patterns that deviate from established behavioral baselines for individual employees, vendors, or cost centers.

Graph neural networks add a relational analysis layer that maps connections among employees, vendors, bank accounts, and transaction flows. These network-based models can surface collusion rings, shell company structures, and kickback schemes that appear normal when individual transactions are examined in isolation but reveal suspicious patterns when viewed as interconnected nodes. Natural language processing further extends detection capability by analyzing unstructured data sources such as invoice text, email communications, and approval notes for language patterns associated with falsified documentation or coercion.

Predictive risk scoring consolidates signals from these analytical layers into a unified score for each transaction, vendor, or employee, enabling investigation teams to prioritize the highest-risk cases. Automated workflows then route flagged items to appropriate reviewers, attach supporting evidence, and track resolution through case management systems. Generative AI capabilities are beginning to assist investigators by summarizing case evidence and drafting preliminary findings.

Organizations should approach implementation with realistic expectations. The 2024 ACFE and SAS Anti-Fraud Technology Benchmarking Report noted that despite strong interest, actual AI and machine learning adoption in anti-fraud programs grew only 5% from 2019 to 2023, constrained by budgetary restrictions, data quality challenges, and skills gaps. Model effectiveness depends on clean, comprehensive data, and algorithmic bias remains a concern when training sets reflect historical enforcement patterns rather than actual fraud prevalence.

A large Vietnamese bank serving nearly 14 million retail and corporate customers implemented a real-time data monitoring system using an enterprise fraud analytics solution, as reported during International Fraud Awareness Week 2024. The bank deployed the system proactively, before fraud issues escalated, and achieved fraud detection measured in seconds across multiple products and channels on a single platform while minimizing false positives. The implementation demonstrated how continuous AI-based monitoring can replace batch-oriented review processes in high-volume transaction environments.

In the expense management domain, enterprise finance teams are deploying AI-powered audit platforms that review 100% of expense submissions in real time, compared to the 10% to 20% coverage typical of manual auditing. These systems use computer vision, deep learning, and natural language processing to validate receipt authenticity, detect duplicates across reports and corporate card transactions, and flag policy violations before reimbursement occurs. One enterprise expense audit vendor reported that over 3.5 million fake receipts were created on the top four expense fraud websites in a six-month period alone, underscoring the scale of the emerging threat from AI-generated fraudulent documentation.

A U.S.-based payment systems company processing billions of dollars monthly deployed deep learning models for real-time fraud detection, working with a dataset of 160 million records and 1,500 features. The company estimated that each 1% reduction in fraud yielded $1 million in monthly savings, illustrating the direct financial impact of incremental model accuracy improvements in high-volume commerce environments.

The internal fraud detection market spans several overlapping segments, including enterprise fraud analytics platforms, AI-powered expense and spend monitoring tools, and broader governance, risk, and compliance suites. Organizations evaluating solutions should consider the breadth of data sources supported, the maturity of machine learning models for their specific fraud typologies, integration depth with existing enterprise resource planning and financial systems, and the availability of case management and investigation workflow capabilities.

Selection criteria should also account for explainability and audit-readiness of AI models, particularly for organizations subject to regulatory scrutiny. The ability to detect emerging threats such as AI-generated fake receipts and invoices is becoming a differentiating factor as generative AI tools lower the barrier for creating convincing fraudulent documentation. Organizations should evaluate vendor track records in reducing false positive rates, as excessive false alerts can erode investigator productivity and undermine confidence in the system.

• SAS (enterprise fraud analytics and anti-money laundering platform providing real-time detection, network analysis, and case management across financial crime domains)
• AppZen (AI-powered expense audit and accounts payable automation platform that reviews 100% of transactions for fraud, policy violations, and duplicate detection using computer vision and natural language processing)
• Oversight Systems (AI-driven spend monitoring platform providing continuous transaction analysis, anomaly detection, and risk scoring across procure-to-pay and travel and expense workflows)
• MindBridge (AI-powered audit analytics platform using ensemble machine learning to analyze financial transaction data for anomaly detection, risk scoring, and fraud identification)
• Feedzai (AI-based financial intelligence platform offering real-time fraud detection, risk scoring, and case management for transaction monitoring across banking and commerce)
• DataVisor (unsupervised machine learning platform specializing in detecting coordinated fraud attacks, synthetic identities, and collusion rings across digital commerce and financial services)
• LexisNexis Risk Solutions (digital identity and device intelligence platform leveraging a global identity graph and cross-industry consortium data for fraud pattern detection and entity linking)