Companies have been required to use e-invoicing since 1 January 2025. The aim is to promote the digitalisation of the German economy. All domestic companies and entrepreneurs - including freelancers who only have a permanent establishment in Germany - are affected.
An e-invoice is an invoice that is created in a structured electronic format that enables automatic and electronic processing. In contrast to conventional invoices, which are available as paper documents or unstructured files such as PDFs, e-invoices contain standardised data formats that facilitate the exchange and processing of invoice information.
The changeover promises efficiency, but also harbours new risks of fraud.
Fraud prevention for e-invoices: New risks, necessary protective measures
Companies must be technically and procedurally capable of receiving and processing e-invoices. Above all, this means preparing for the changeover and taking measures to protect themselves against fraud. The public sector has been gradually obliged to introduce e-invoices since 27 November 2018. This obligation has now been extended to all companies as of January 2025.
Fraudulent activities can no longer be easily identified in e-invoices on the basis of "suspicious-looking" physical or digitalised invoices. Instead, the anomalies in the data records must be recognised. Any documents accompanying the e-invoice data record, such as proof of performance and delivery notes, should also be checked for formal, visual and content-related irregularities. The security of the transmission channels and interfaces as well as the modifiability of the data should also be evaluated in order to identify manipulation risks.
The KPMG E-Invoice Fraud Check
We support you in recognising the dangers in e-invoices and establishing targeted prevention measures. With the KPMG E-Invoice Fraud Check, incoming e-invoices are automatically analysed for indications of fraud. In focus
- Internal consistency of the invoice
- Comparison with existing master data
- Comparison with purchasing and order data
During the check, the timing, content and logical aspects of the booking data in the company's ERP system are monitored and compared with the e-invoice data records. Significant indications of fraud may be contained in dates, automatically or manually created postings, payment terms and business hours, among other things. Conspicuous e-invoices are marked with red flags and the potential fraud categories are clearly displayed.
Verena Hinze
Partnerin, Audit, Regulatory Advisory, Forensic
KPMG AG Wirtschaftsprüfungsgesellschaft
Possible applications of the E-Invoice Fraud Check:
- Prevention: Examination of a selected number of e-invoices using the described analysis routines.
- Monitoring: Ongoing checking of incoming e-invoices for red flags.
- Reaction: analyses in response to specific suspicious cases.
Red Flags – A selection of fraud categories:
Possibly unknowingly participating in fraudulent practices in which companies from various EU countries do not pay VAT in order to obtain financial benefits.
Unauthorised use of company resources by internal employees to pay private bills.
Components of invoices, including amounts, quantities, IBAN or other details, were manipulated in order to either change the name of the payee, receive higher refunds or have to make lower payments.
Illegally acquired funds are brought into the legal economic cycle through manipulated invoices or fictitious transactions, which can inadvertently involve the company in criminal activities.
Invoices can be issued for corrupt payments, for example, i.e. invoice amounts that are not matched by any or no appropriate service.
Failures in the sanctions list check, manipulated or falsified invoices as well as payments or disguised transactions to sanctioned persons or countries, which can lead to high fines.
Invoices issued for services or goods not provided in order to embezzle money or obtain tax deductions.