You may have read recently that The City of Baltimore made more than $1.5 million worth of payments to a fraudster. What’s even more unfortunate is The City of Baltimore had been scammed previously and implemented higher security protocols to combat future fraud attempts, yet still fell short. There’s a few reasons this may have happened; insufficient payee verification measures, lack of safeguards for payment distribution, and lengthy protocol adoption from the team. In this article we will breakdown how their existing process failed and how the right technology and safety measures could help prevent instances like this.
The problem: Insufficient payee verification
Digging deeper into the costly AP errors, we’re going to first examine payee verification measures. For large entities with many vendors and contractors, such as The City of Baltimore, it’s very easy to lose sight of who is being paid what. Vendor needs change, names can change, bank accounts get updated, and things can get overlooked if your team is not taking the proper steps to know who the payee is. Without a scalable AP automation solution, businesses that process a high volume of payments would not be able to verify vendors.
Research from the Institute of Finance & Management suggests that manual, comprehensive vendor verification can increase AP workload by up to 25%. Let’s be honest here, no one has a spare day in their work week, every week, to manually verify each vendor. This is why many organizations have a process in place for verifying payees, but not all processes are built the same. Fraudsters are not working in silos only changing bank account details or just fudging invoices, they are approaching your business creatively, using AI any way they can to find a way into your bank account. But as a business, you can use AI as well. AI and automation can work in tandem to verify payees and identify risks.
The solution: Leverage AI to verify your payee
You may be familiar with Know Your Business (KYB) protocols which verify the legitimacy of a business; Know Your Payee (KYP) is a similar concept. KYP is a financial compliance measure that leverages AI and automation to drill down into specifics that weed out bad actors and ultimately protect your organization.
At the crux, KYP confirms:
- Who you are paying is a legitimate entity.
- Who you are sending money to is the right vendor or contractor.
How AI-powered KYP can help
AI can be used to verify your payee in real time against government databases for TIN validation, watchlist screening, fraud detection and more. When it comes to payment security, AI can continuously monitor for suspicious activity or account changes and automatically flag potential errors for review and manual approval. AI can go beyond flagging fraudulent errors as well. Some invoice errors are simply mistakes done manually. Did you know nearly 40% of invoices have errors?
Types of errors AI can catch:
- Incorrect billing addresses
- Overbilling
- Duplicate payments
- Typos
The problem: Lack of safeguards for payment distribution
The Baltimore fraudster was able to successfully get through several rounds of manual approvals despite not having a company-issued email address. Policy stated the finance department must independently verify any bank changes with an executive-level employee of the vendor, but in practice the team did not follow up with the vendor.
The solution: Improve payment distribution procedures
Having the right technology and processes in place can eliminate a lot of risks associated with fraud.
Bank account validation
Manually validating bank accounts can be annoying and time consuming but it can help you avoid costly errors. Leveraging a tool to assist with bank account validation is a great way to use technology to improve the efficiency and security of accounts payable.
Approval rules
Implementing custom approval workflows can act as an additional safeguard against fraud. Each organization is unique, but having the ability to add visibility over payment distribution can be another layer of protection.
Real-time monitoring
The inconsistent email address could have been an oversight. But a real-time monitoring tool would have been able to flag the inconsistency and prompt further investigation and manual approval.
Problem: Lengthy protocol adoption from the team
What’s interesting with the City of Baltimore case is following an incident in 2022, the city’s Director of Finance announced new protocols had been put in place to prevent future fraud attempts. However, following the 2025 incident, the Director of Accounts Payable reported that not all protocols had been fully institutionalized. This is not uncommon for organizations, even after fraud has occurred because structural change is sometimes hard to make inside an organization. Whether it’s improving cross-team collaboration, onboarding a new technology, or revisiting security training, these processes cannot be implemented overnight.
Solution: Align IT security with finance
Prioritizing technology implementation and adoption is critical. The bottom line is, there are really amazing tools available that are equipped to catch things humans may miss. Think through your business’s existing relationship between the IT team, and the finance team. While both teams are focused on protecting the business, competing priorities may weaken their unified defense against fraud.
Too often we hear of organizations approaching compliance as a required checkbox, not a proactive and protective measure. Correcting this doesn’t necessarily mean more meetings or more training modules, but instead ensuring every member understands the context of their role in the compliance ecosystem. Until these two teams identify the existing gaps, and actively work to close them, fraud risks will always be looming.
Conclusion
While this is an analysis of one specific case, Baltimore City is not alone in the ongoing battle against bad actors. According to The Trustmi 2025 Socially Engineered Fraud & Risk Report, 83% of businesses experienced at least one fraud attempt a year and 1 in 6 enterprises report multiple fraud attempts. But the good news is fraud is preventable.
Fraud prevention must be planned deliberately, this includes smart AP technology to help safeguard the business, thoughtful human touchpoints for final approval and visibility, and a fully aligned team prioritizing compliance. If you are interested in learning more about how Routable’s AP automation software can help strengthen your team’s defense against fraud, schedule a demo.
