Actus AssurTech / InsurTech
Expense fraud is nothing new; Finance directors and accounts payable managers have always known that a small proportion of expense claims are not entirely what they appear. A meal slightly inflated here, a personal journey submitted as a business trip there - all things that can be picked up relatively easily by the various instances of employee expense management software that exist for business use.
But something has changed, and the nature of the threat has shifted so quickly that the manual controls most finance teams rely on are no longer fit for purpose.
The change came in early 2025, when OpenAI released a significant upgrade to ChatGPT's image-generation capabilities. Almost immediately, expense management platforms began picking up something unusual in their data: a sharp rise in receipts that were technically perfect, visually convincing - and completely fake.
By September 2025, software provider AppZen reported that AI-generated receipts accounted for around 14% of all fraudulent documents submitted on its platform - up from effectively zero the year before. Fintech group Ramp flagged over $1 million (approximately £790,000) in fraudulent invoices within 90 days of deploying new detection software.
A further survey conducted across 1,000 finance professionals in the UK and US, found that 30% had already seen an increase in falsified receipts since the launch of GPT-4o in 2024.
The problem was easy to identify: AI platforms with image generation capabilities are now being used to falsify receipts for expense claims.
Expense fraud has traditionally relied on relatively crude methods, such as photocopied receipts with altered amounts, hand-drawn figures added to a taxi receipt or a meal receipt from a personal dinner submitted as a business one. These approaches had visible tells, and an experienced finance manager (or even a reasonably attentive approver) could usually spot something off.
AI-generated receipts are a different problem entirely. Modern image generation tools produce documents with realistic thermal paper texture, natural creasing, authentic fonts, and correctly formatted itemisation that matches real menus from real establishments. They include plausible VAT numbers, merchant addresses, and payment method references. Some even include watermarks.
In an October 2025 article published in the Financial Times, the ACFE's Mason Wilder put it plainly: "there is zero barrier for entry for people to do this. You don't need any kind of technological skills or aptitude like you maybe would have needed five years ago using Photoshop."
A SAP Concur survey published in early 2026 found that 67% of CFOs, 78% of travel managers, and 55% of business travellers now consider AI expense fraud likely in their organisations. Further research conducted across the UK and US, found that nearly a third of finance professionals (32%) admitted they would not recognise a fake expense report if it came across their desk.
The standard expense approval workflow was not designed with AI in mind. It was built on a reasonable assumption: that producing a convincing fake receipt required meaningful effort, specialist knowledge, or access to equipment that most employees simply did not have. That assumption shaped every stage of the process - the volume of claims a reviewer is expected to assess, the level of scrutiny applied to each one, and the controls placed around approval.
None of those calibrations hold anymore. A workflow that asks a finance manager to eyeball fifty receipts a week was never going to catch something that even trained reviewers, looking carefully, routinely miss.
The structural vulnerabilities compound each other. Manual review is slow, inconsistent, and scales poorly as headcount grows. Approvals that pass through line managers rely on contextual knowledge that may not exist - a remote employee's manager often has no way of knowing whether a given trip, meal, or purchase actually happened. And because most expense processes are still anchored to the receipt as the primary proof of spend, the entire chain of control rests on a document that can now be fabricated in seconds.
Detection tools help at the margins. AI-powered auditing software can analyse metadata anomalies and image generation artefacts, and some platforms have reported significant improvements in catch rates. But detection is inherently reactive - it operates after the claim has been submitted, after the approval has been sought, and often after the payment has been made. Building a fraud control strategy around better detection is a little like installing a better lock after the door has already been opened.
It's easy to think about expense fraud in terms of individual claim values, but the true cost of poor controls is considerably larger than any single fraudulent submission.
The ACFE estimates that the median loss per occupational fraud incident is $145,000 (approximately £115,000), with 20% of cases exceeding $1 million in losses. Fraud schemes, on average, continue undetected for 12 months before they are discovered. Every month of delay costs organisations an average of $9,900 in additional losses.
Beyond the direct financial loss, there are compounding costs that rarely appear in fraud risk registers: the management time spent investigating and resolving claims, the reputational damage of a fraud disclosure, the erosion of trust within teams when a colleague is found to have defrauded the business, and the increased scrutiny from auditors or insurers that typically follows.
For growing businesses, there is also a strategic cost. Finance teams that are overwhelmed with manual receipt checking and fraud queries are finance teams that are not focused on the higher-value analysis that helps a business make better decisions.
The instinctive response to a new type of document fraud is to invest in better document detection, and there is certainly a case for such tools. AI-powered detection software can analyse metadata anomalies and image generation artefacts, catching some AI-generated receipts that would pass human review.
But detection is inherently reactive. By the time a suspicious receipt has been flagged, the review process, the manager approval, and often the payment have already occurred. And as image generation continues to improve, the gap between what detection tools can catch and what fraudsters can produce will keep narrowing.
The more durable answer is structural - and it starts with a simple question: why is the receipt the primary proof of spend at all?
A receipt is, by nature, a document created by one party and submitted by another. It has always been vulnerable to manipulation. What has changed is the effort required to manipulate it convincingly. That effort used to act as a natural deterrent. It no longer does.
When card spend is the anchor instead, the dynamic changes entirely. A payment made on a company card creates a transaction record that is verified at the moment it occurs - by the merchant's payment processor, the card scheme, and the issuer. That record is real, multi-sourced, and cannot be retrospectively fabricated. The receipt, when submitted, is then matched against it. If no corresponding transaction exists, the claim fails - regardless of how convincing the receipt looks. The fraud isn't harder to commit; it's structurally pointless.
This is what makes card-anchored expense management categorically different from better detection. Detection asks: is this receipt real? A card-first process asks: did this transaction happen? Those are very different questions, and only one of them has an answer that cannot be faked.
Even without a full process overhaul, there are controls that meaningfully reduce exposure in the near term:
These controls add genuine layers of protection, but they are reinforcing measures. The structural solution - making the transaction record, not the receipt, the primary evidence of spend - is what removes the vulnerability at its root.
The fraud risk is heightened for organisations with employees working across multiple locations, particularly those with international teams.
When employees and their managers work in different cities or time zones, the informal oversight that exists in a shared office environment - the awareness of who was where, which client meetings happened, which trips were genuine - is simply absent. That context makes it easier for fraudulent claims to go unquestioned.
Physical receipt submission requirements do not solve this problem; they create a different one. Requiring international employees to post original receipts to a UK finance team creates delays that make timely reconciliation impossible, introduces significant administrative overhead, and still does not protect against sophisticated forgeries submitted digitally before the physical copy arrives.
The only approach that works consistently across a distributed workforce is one that does not depend on geographical proximity or physical documentation: digital transaction verification tied directly to card spend, with real-time visibility available to finance teams regardless of where they or their employees are based.
Most finance professionals cite chasing receipts as a major pain point in their operations. These are not peripheral complaints - they are indicators of a workflow that has not kept pace with how modern businesses actually operate.
Meanwhile, nearly 80% of organisations experienced attempted or actual payment fraud in 2024, according to the Association for Financial Professionals' 2025 Payments Fraud and Control Survey. More than half of all occupational fraud occurs due to a lack of internal controls or an override of existing controls, per the ACFE's 2024 findings.
The uncomfortable reality is that most SME and mid-market finance teams are still running expense processes designed for a pre-digital era. Paper receipts scanned on a phone. Approvals via email. Monthly reconciliation that reveals problems weeks after the money has left the business.
AI-generated fraud is not the cause of this gap. It is the latest thing to fall through it.
If you are a finance director, CFO, or business owner responsible for expense policy, these are the questions worth pressure-testing in your current process:
There's no escaping the fact that AI image generation tools will continue to improve, and the receipts they produce will become more convincing. Detection tools will improve in response, but the arms race will remain ongoing. The organisations that get ahead of this are the ones that stop asking "how do we get better at spotting fakes?" and start asking "how do we build a process where fakes don't matter?"
But something has changed, and the nature of the threat has shifted so quickly that the manual controls most finance teams rely on are no longer fit for purpose.
The change came in early 2025, when OpenAI released a significant upgrade to ChatGPT's image-generation capabilities. Almost immediately, expense management platforms began picking up something unusual in their data: a sharp rise in receipts that were technically perfect, visually convincing - and completely fake.
By September 2025, software provider AppZen reported that AI-generated receipts accounted for around 14% of all fraudulent documents submitted on its platform - up from effectively zero the year before. Fintech group Ramp flagged over $1 million (approximately £790,000) in fraudulent invoices within 90 days of deploying new detection software.
A further survey conducted across 1,000 finance professionals in the UK and US, found that 30% had already seen an increase in falsified receipts since the launch of GPT-4o in 2024.
The problem was easy to identify: AI platforms with image generation capabilities are now being used to falsify receipts for expense claims.
Why this is different from the fraud you know
Expense fraud has traditionally relied on relatively crude methods, such as photocopied receipts with altered amounts, hand-drawn figures added to a taxi receipt or a meal receipt from a personal dinner submitted as a business one. These approaches had visible tells, and an experienced finance manager (or even a reasonably attentive approver) could usually spot something off.
AI-generated receipts are a different problem entirely. Modern image generation tools produce documents with realistic thermal paper texture, natural creasing, authentic fonts, and correctly formatted itemisation that matches real menus from real establishments. They include plausible VAT numbers, merchant addresses, and payment method references. Some even include watermarks.
In an October 2025 article published in the Financial Times, the ACFE's Mason Wilder put it plainly: "there is zero barrier for entry for people to do this. You don't need any kind of technological skills or aptitude like you maybe would have needed five years ago using Photoshop."
A SAP Concur survey published in early 2026 found that 67% of CFOs, 78% of travel managers, and 55% of business travellers now consider AI expense fraud likely in their organisations. Further research conducted across the UK and US, found that nearly a third of finance professionals (32%) admitted they would not recognise a fake expense report if it came across their desk.
Why your current process is exposed
The standard expense approval workflow was not designed with AI in mind. It was built on a reasonable assumption: that producing a convincing fake receipt required meaningful effort, specialist knowledge, or access to equipment that most employees simply did not have. That assumption shaped every stage of the process - the volume of claims a reviewer is expected to assess, the level of scrutiny applied to each one, and the controls placed around approval.
None of those calibrations hold anymore. A workflow that asks a finance manager to eyeball fifty receipts a week was never going to catch something that even trained reviewers, looking carefully, routinely miss.
The structural vulnerabilities compound each other. Manual review is slow, inconsistent, and scales poorly as headcount grows. Approvals that pass through line managers rely on contextual knowledge that may not exist - a remote employee's manager often has no way of knowing whether a given trip, meal, or purchase actually happened. And because most expense processes are still anchored to the receipt as the primary proof of spend, the entire chain of control rests on a document that can now be fabricated in seconds.
Detection tools help at the margins. AI-powered auditing software can analyse metadata anomalies and image generation artefacts, and some platforms have reported significant improvements in catch rates. But detection is inherently reactive - it operates after the claim has been submitted, after the approval has been sought, and often after the payment has been made. Building a fraud control strategy around better detection is a little like installing a better lock after the door has already been opened.
Costs beyond the receipt
It's easy to think about expense fraud in terms of individual claim values, but the true cost of poor controls is considerably larger than any single fraudulent submission.
The ACFE estimates that the median loss per occupational fraud incident is $145,000 (approximately £115,000), with 20% of cases exceeding $1 million in losses. Fraud schemes, on average, continue undetected for 12 months before they are discovered. Every month of delay costs organisations an average of $9,900 in additional losses.
Beyond the direct financial loss, there are compounding costs that rarely appear in fraud risk registers: the management time spent investigating and resolving claims, the reputational damage of a fraud disclosure, the erosion of trust within teams when a colleague is found to have defrauded the business, and the increased scrutiny from auditors or insurers that typically follows.
For growing businesses, there is also a strategic cost. Finance teams that are overwhelmed with manual receipt checking and fraud queries are finance teams that are not focused on the higher-value analysis that helps a business make better decisions.
Deploying good fraud prevention in 2026
The instinctive response to a new type of document fraud is to invest in better document detection, and there is certainly a case for such tools. AI-powered detection software can analyse metadata anomalies and image generation artefacts, catching some AI-generated receipts that would pass human review.
But detection is inherently reactive. By the time a suspicious receipt has been flagged, the review process, the manager approval, and often the payment have already occurred. And as image generation continues to improve, the gap between what detection tools can catch and what fraudsters can produce will keep narrowing.
The more durable answer is structural - and it starts with a simple question: why is the receipt the primary proof of spend at all?
A receipt is, by nature, a document created by one party and submitted by another. It has always been vulnerable to manipulation. What has changed is the effort required to manipulate it convincingly. That effort used to act as a natural deterrent. It no longer does.
When card spend is the anchor instead, the dynamic changes entirely. A payment made on a company card creates a transaction record that is verified at the moment it occurs - by the merchant's payment processor, the card scheme, and the issuer. That record is real, multi-sourced, and cannot be retrospectively fabricated. The receipt, when submitted, is then matched against it. If no corresponding transaction exists, the claim fails - regardless of how convincing the receipt looks. The fraud isn't harder to commit; it's structurally pointless.
This is what makes card-anchored expense management categorically different from better detection. Detection asks: is this receipt real? A card-first process asks: did this transaction happen? Those are very different questions, and only one of them has an answer that cannot be faked.
Even without a full process overhaul, there are controls that meaningfully reduce exposure in the near term:
- Cross-reference submitted receipts against card transaction data. A receipt for a restaurant meal on a date when no card transaction exists at that merchant is an immediate red flag.
- Run systematic duplicate detection. The same receipt submitted twice - whether identical or slightly altered - should be automatically flagged before payment.
- Implement contextual anomaly checks. Does this receipt match the employee's travel itinerary? Is the spend category consistent with their role and previous claims history?
- Set pre-approved spend limits at the card level. Out-of-policy spend should be blocked or flagged at the point of transaction, not reviewed after the fact.
- Communicate clearly with employees. Arun Chauhan, a director at Tenet Law and Business Fraud Alliance board member, notes that a visible anti-fraud stance - one where employees understand that AI-generated fraud is actively being detected - acts as a deterrent in itself.
These controls add genuine layers of protection, but they are reinforcing measures. The structural solution - making the transaction record, not the receipt, the primary evidence of spend - is what removes the vulnerability at its root.
Distributed and Hybrid teams
The fraud risk is heightened for organisations with employees working across multiple locations, particularly those with international teams.
When employees and their managers work in different cities or time zones, the informal oversight that exists in a shared office environment - the awareness of who was where, which client meetings happened, which trips were genuine - is simply absent. That context makes it easier for fraudulent claims to go unquestioned.
Physical receipt submission requirements do not solve this problem; they create a different one. Requiring international employees to post original receipts to a UK finance team creates delays that make timely reconciliation impossible, introduces significant administrative overhead, and still does not protect against sophisticated forgeries submitted digitally before the physical copy arrives.
The only approach that works consistently across a distributed workforce is one that does not depend on geographical proximity or physical documentation: digital transaction verification tied directly to card spend, with real-time visibility available to finance teams regardless of where they or their employees are based.
The management gap most organisations still have
Most finance professionals cite chasing receipts as a major pain point in their operations. These are not peripheral complaints - they are indicators of a workflow that has not kept pace with how modern businesses actually operate.
Meanwhile, nearly 80% of organisations experienced attempted or actual payment fraud in 2024, according to the Association for Financial Professionals' 2025 Payments Fraud and Control Survey. More than half of all occupational fraud occurs due to a lack of internal controls or an override of existing controls, per the ACFE's 2024 findings.
The uncomfortable reality is that most SME and mid-market finance teams are still running expense processes designed for a pre-digital era. Paper receipts scanned on a phone. Approvals via email. Monthly reconciliation that reveals problems weeks after the money has left the business.
AI-generated fraud is not the cause of this gap. It is the latest thing to fall through it.
What finance leaders should be asking right now
If you are a finance director, CFO, or business owner responsible for expense policy, these are the questions worth pressure-testing in your current process:
- If an employee submitted a fabricated receipt today, at what stage would our process catch it - and how confident are we in that answer?
- Is our receipt review process genuinely able to distinguish an AI-generated document from a real one, or are we relying on human judgment that the evidence suggests is insufficient?
- Are our card controls set at a level that prevents out-of-policy spend, or do they flag it after the fact?
- If we have employees in multiple locations, do they face the same scrutiny and the same controls as those based at head office?
- Are we treating fraud prevention as a detection problem (catch it when it comes in) or a structural problem (design a process where fraud cannot succeed)?
There's no escaping the fact that AI image generation tools will continue to improve, and the receipts they produce will become more convincing. Detection tools will improve in response, but the arms race will remain ongoing. The organisations that get ahead of this are the ones that stop asking "how do we get better at spotting fakes?" and start asking "how do we build a process where fakes don't matter?"
Accueil
Envoyer à un ami
Version imprimable
Augmenter la taille du texte
Diminuer la taille du texte