FBI IC3 Methodology · NIST SP 800-177 · EU AI Act Compliant

Stop Invoice Fraud & BEC Attacks — Before Payment

13-Layer Invoice Forensics Engine + Anti-BEC Email Analysis

The only platform that combines document forensics (pixel-level forgery detection), email authentication to detect spoofed senders, business entity verification to confirm suppliers are real, and supplier intelligence — in a single pipeline.

Not Just Matching, But Forensics.

HT + TVA = TTC — deterministic math, never LLM-calculated

Anti-BEC: detects spoofed emails and fake suppliers before payment is sent

Verifies that the supplier is real and the payment details are legitimate

Supplier Intelligence — checks if the supplier actually exists, in real time

Request a Demo See Real Detection Results ↓

Anti-BEC · FBI IC3 EU AI Act GDPR / DORA 13 Forensic Layers Supplier Intelligence

The Problem

Invoice Fraud & BEC Cost Billions — Every Year

Business Email Compromise is the #1 cyber fraud by financial impact. Invoice fraud is the #1 internal fraud. Most companies detect neither until it's too late.

$55B

Total BEC losses worldwide since 2013 — FBI IC3 cumulative figure. $2.8B in 2024 alone.

79%

of organizations experienced payment fraud attempts in 2024. 63% targeted by BEC specifically.

300%

increase in AI-generated fake invoices since 2022. Deepfake documents are pixel-perfect and undetectable by eye.

The Solution

One Platform. Document + Email + Entity Verification.

DeepFrauds.AI analyzes every invoice across 13 independent layers — from pixel-level forgery to email authentication to live business entity verification.

🔬

Detects forged invoices

ELA, wavelet, TruFor deep learning, and font forensics detect manipulations invisible to the human eye — including AI-generated invoices.

📐

Verifies HT + TVA = TTC

Deterministic math verification against all EU VAT rates. Cross-check invoice vs purchase order vs payment. Python calculates — AI never touches arithmetic.

📧

Stops BEC before payment

Analyzes every incoming email for spoofed senders, fake domains, and payment diversion attempts — before anyone clicks "approve payment."

🏢

Verifies the supplier

Confirms the supplier actually exists, is still active, and the payment details are legitimate — across 34 countries, in real time.

Real Results

Real Fraud. Real Detection. No Mockups.

Forged French invoice (facture) — inflated amounts + VAT manipulation. Detected in under 3 seconds across 13 forensic layers.

VERDICT: FORGED 22% Authenticity

CRITICALInvoice HT €33,450 exceeds PO HT €17,000 — 96.8% inflation

CRITICALTVA rate 21.52% ≠ stated 20% — €510 excess extracted

CRITICALSupplier registration number is invalid — company does not exist

MAJORVAT number invalid per France format

MAJORPDF created with Adobe InDesign, not accounting software

MAJORSupplier not found in official registries

FORENSIC SIGNAL SCORES

Metadata

15%

Pixel Analysis

35%

Math (HT+TVA=TTC)

20%

Template Match

38%

IBAN / SIRET / VAT

25%

Supplier Intel

14%

Benford's Law

35%

Anti-BEC

0%BEC DETECTED

All findings generated automatically — no human review required. Full analysis completed in 2.4 seconds.

Anti-BEC · FBI IC3

Detect Business Email Compromise Before Payment

Our Anti-BEC engine analyzes the email that carries the invoice — not just the invoice itself. 7 layers of email forensics based on FBI IC3 guidelines.

CRITICAL

Email Authentication Failure

95% confidence

All three email authentication protocols failed. The sending server is not authorized, the signature is invalid, and domain alignment fails. This email is spoofed.

CRITICAL

Lookalike Domain

93% confidence

Sender domain techconsultinq.com is a single-character substitution of the real supplier domain techconsulting.com. Classic homoglyph/typosquatting technique.

CRITICAL

IBAN Mismatch — Payment Diversion

98% confidence

IBAN in email (Lithuania) differs from IBAN on invoice (France). The email is attempting to redirect €40,650 to a different account. This is the #1 BEC indicator.

MAJOR

Urgency + Secrecy + CEO Impersonation

88% confidence

"Strictement confidentiel — ne pas en parler à l'équipe." Display name contains CEO title. Email sent Saturday 23:45 from timezone +0300. Reply-To: Gmail address.

How It Works

From Email to Verdict in Seconds

Complete pipeline: email ingestion → BEC check → PDF extraction → 13-layer forensics → business verification → supplier intelligence → verdict.

Ingest

Email webhook, Gmail API, cloud bucket, or manual upload

→

BEC Check

Detects spoofed senders and fake domains

→

Forensics

13 independent signals on the PDF invoice

→

Verify

IBAN, SIRET, VAT, duplicate, supplier reputation

→

Verdict

APPROVE / INVESTIGATE / REJECT + forensic report

Enterprise Platform

Built for AP Teams & CFOs

Most tools match PO numbers. We detect forgeries, BEC attacks, phantom suppliers, and VAT manipulation — with full forensic evidence.

Email Ingestion

Connect your invoice inbox (Gmail, Mailgun webhook, or cloud bucket). Invoices automatically extracted and analyzed — zero manual upload needed.

Cloud Bucket Connector

Poll AWS S3, Google Cloud Storage, or Azure Blob for new invoices. Results written back to your bucket. Integrates with any ERP workflow.

Batch Processing

Upload 1-50 invoices at once. Aggregated risk metrics, flag rate, and morning briefing for your AP team.

Autonomous Agent

Overnight scanning of your invoice inbox. Pre-sorted by risk by morning. Critical invoices surfaced first. Clean invoices auto-approved.

Supplier Intelligence

Checks if the supplier actually exists — company age, website, sanctions, litigation — with source links you can verify in one click.

Duplicate Detection

Exact match, near-duplicate, and invoice number reuse across your entire history. Catches the #1 internal fraud scheme.

Compliance

Built for European Enterprises

Data never leaves the EU. Every decision traceable and auditable. Full compliance with European regulations.

FBI IC3 / NIST

Anti-BEC engine based on FBI IC3 BEC categories and NIST SP 800-177 email authentication standards. RFC 7489 (DMARC) compliant.

GDPR & DORA

Data processed in EU-Frankfurt. No data transfer outside EU borders. Structured audit trail for regulatory reporting.

Loi Sapin II

French anti-corruption compliance. Supplier due diligence automation. Sanctions screening integrated. Tracfin-ready reporting.

EU AI Act

Human-in-the-loop by design. Explainable verdicts with full reasoning chain. AI never makes autonomous payment decisions.

Business Impact

Measurable Impact — From Day One

Conservative estimate for a mid-market European enterprise processing 5,000+ invoices/month.

60K

Invoices / year

2.3%

Fraud rate

€18K

Average per fraud

€24.8M

Total exposure

If DeepFrauds.AI catches just 30 additional invoice frauds per year:

30 frauds × €18K = €540K in avoided losses + BEC attacks blocked at zero cost.

Processing cost reduced from €15-40/invoice (manual) to €2-5/invoice (automated). ROI within 90 days.

Get Started

See It on Your Own Invoices

Run DeepFrauds.AI on your real invoices and emails. Detect fraud, BEC attacks, and phantom suppliers in real time. Understand exactly why.

Request a 30-min Demo ← Back to DeepFrauds.AI

13-layer forensic engine · Anti-BEC · IBAN/SIRET/VAT verification · Supplier Intelligence · Cloud bucket integration