It seems so simple. You receive an invoice. You pay the invoice. But somehow, the same invoice gets paid twice. And again with another. And again. By year-end, you've overpaid suppliers by hundreds of thousands of pounds—money that may never be recovered.

Duplicate payment prevention is one of those areas where a small amount of system discipline prevents substantial financial loss. Yet many organisations lack even basic controls, discovering duplicates only by accident or audit.

How Duplicates Happen

Duplicate payments don't result from single failures. They emerge from the interplay of multiple factors that, combined, allow the same payment obligation to be satisfied twice.

Supplier resends create the classic duplicate. The original invoice was delayed in post. The supplier sends a copy. Both are processed and paid. Without detection mechanisms, this is almost guaranteed to occur.

Different invoice formats confuse matching. The same invoice might arrive as paper, then as email PDF, then as EDI transmission. Each format might be processed through different channels, and the connection between them isn't recognised.

Multiple entry points create parallel processing. A supplier submits an invoice directly to accounts payable, while the project manager who ordered the goods submits another copy with their delivery paperwork. Both enter the system as apparently separate transactions.

Credit and reinvoice combinations obscure the picture. The original invoice had an error, so the supplier issues a credit and a corrected invoice. But the credit doesn't get processed, and both the original and corrected invoices get paid.

System migrations and consolidations are particularly risky. Historical payment records may not transfer cleanly. The same supplier may exist under multiple codes. The controls that worked in the old system may not exist in the new.

The Detection Mechanisms

Effective duplicate prevention requires multiple detection layers. No single mechanism catches everything.

Invoice number matching is the first line of defence. If invoice INV-12345 from Supplier X has already been paid, attempting to pay it again should trigger an alert. This catches the obvious duplicates, but fails when invoice numbers differ—as they often do with reissued or reformatted invoices.

Amount matching catches duplicates where invoice numbers differ but amounts are identical. Two invoices from the same supplier for exactly £4,327.18? That's suspicious and warrants investigation. This generates some false positives—legitimate repeat transactions for identical amounts—but catches duplicates that number matching would miss.

Date-amount combinations add precision. Same supplier, same amount, same invoice date? Almost certainly a duplicate, even if invoice numbers differ.

Fuzzy matching extends detection to near-matches. Amounts that differ by small percentages. Invoice numbers that are similar but not identical. Dates within a few days of each other. These may be duplicates with minor data entry variations.

Bank account monitoring catches an unexpected scenario. If payment details have been changed (potentially fraudulently) and both old and new details are paid, the fraud presents as duplicate payment to different accounts.

Process Controls

Detection mechanisms catch duplicates. Process controls prevent them from entering the system in the first place.

Single point of entry ensures invoices enter through one channel. Suppliers submit to one address or portal. Scatter-gun submission to multiple recipients is discouraged or refused. This is harder to enforce than it sounds, but the discipline is valuable.

Receipt verification before processing confirms that goods or services were actually received before invoices are processed. This catches invoices for deliveries that never happened—which includes duplicate invoices for single deliveries.

Three-way matching compares invoices against purchase orders and receiving documents. Discrepancies trigger review rather than automatic payment. This catches not only duplicates but a range of other errors and potential frauds.

Approval workflows ensure human review before significant payments. While not specifically targeting duplicates, human attention catches issues that automated systems miss.

Supplier Master Data

Duplicate suppliers in your vendor master file enable duplicate payments. If the same company exists under multiple supplier codes, payments can be made against each without connection.

Supplier deduplication should be ongoing housekeeping. How many variations exist? "ABC Ltd," "A.B.C. Limited," "ABC Company Ltd"—are these different entities or the same one recorded differently? Cleaning the master data reduces duplicate payment risk and improves spend visibility generally.

New supplier creation should require checking for existing records. Before adding a vendor, verify they don't already exist under a different name or code. This simple discipline prevents proliferation.

Bank account verification helps connect suppliers who might appear different. Two supplier codes with the same bank account are probably the same entity and should be investigated.

Recovery and Root Cause

When duplicates are discovered—and they will be, despite controls—recovery efforts should begin immediately.

Prompt notification to suppliers increases recovery likelihood. Most legitimate suppliers will refund overpayments when alerted. The longer you wait, the harder recovery becomes—staff change, records disappear, and good faith erodes.

Root cause analysis prevents recurrence. How did this specific duplicate happen? Was it a control gap, a process failure, or a data quality issue? Fixing the immediate case without addressing the underlying cause guarantees future duplicates.

Trend analysis identifies systemic problems. If duplicates cluster around certain supplier types, entry points, or process stages, those areas need particular attention. Pattern recognition guides improvement priorities.

Quantifying the Problem

How much is duplicate payment costing your organisation? The answer requires analysis that many organisations never perform.

Industry benchmarks suggest duplicate payments affect 0.5-3% of total payables value, depending on control maturity. For an organisation processing £100 million in supplier payments annually, that's £500,000 to £3 million in potential overpayment.

Recovery rates vary widely. Prompt action might recover 70-80% of identified duplicates. Delayed discovery might recover 20-30% or less. Some duplicates go entirely unrecovered, particularly when suppliers have gone out of business or relationships have ended.

The business case for better controls is usually straightforward. The investment in detection technology and process improvement pays for itself many times over in prevented and recovered duplicate payments.

Building the Control Framework

Effective duplicate prevention requires coordinated attention to technology, process, data, and people.

Technology provides detection mechanisms—matching algorithms, exception reporting, integration across systems. It automates what would otherwise be impossible to do manually at scale.

Process ensures invoices flow through controlled channels, receive appropriate verification, and undergo proper approval before payment. Technology alone cannot compensate for broken processes.

Data quality—clean supplier masters, consistent data entry, proper categorisation—enables detection mechanisms to work. Garbage data produces garbage results regardless of technological sophistication.

People remain essential. Final judgment on flagged exceptions requires human assessment. Process discipline requires human commitment. Continuous improvement requires human attention to patterns and root causes.

Organisations that coordinate all four elements prevent most duplicates before they occur and catch most remainder before they're paid. Those that focus on only some elements inevitably experience costly leakage.