Use Cases

Detecting AI-powered expense fraud

Jennifer Reinert
published on
14.07.2026
-
min. estimated reading time
Share on
Table of Contents

Summary: Artificial intelligence makes it easy for perpetrators to create deceptively realistic receipts for small amounts. If a long-term employee submits inconspicuous, forged taxi or dining receipts over several years, it usually goes unnoticed in day-to-day accounting. Standard IT security controls do not raise an alarm because the payments are approved and authorized by the company's own team – yet Baobab's Crime fidelity insurance covers the financial loss because it explicitly includes intentional damage caused by employees.

Who is this relevant for? This scenario affects medium-sized companies with active travel requirements, large field sales forces, or consulting teams that process a high volume of expense reports each month. It is particularly relevant for businesses where small amounts below audit thresholds (e.g., under €50) are routinely approved without plausibility checks and that do not use automated digital payment systems.

The fraud

A medium-sized service company (450 employees) employs a long-term field staff member. This individual exploits a known control gap in the company: expense receipts under €50 are usually approved by accounting without verification due to time constraints.

Using publicly available AI tools, the employee generates hundreds of deceptively realistic but fictitious receipts for taxis, parking fees, or coffee meetings over a period of 8 years. Each month, they slip in an average of 9 of these fake €45 receipts (approx. €415 per month), which get lost in the volume of accounting documentation. When the fraud is finally uncovered by an internal audit, it becomes clear: the supposed petty fraud has quietly accumulated to €40,000 over the years.

Why cyber insurance doesn't pay

When the loss is discovered, standard cyber insurance policies and IT security solutions generally refuse to provide coverage:

  • No external system breach: There was no external hacker attack, no Trojan, and no extortion. The company's own IT infrastructure was not compromised, and the firewall functioned perfectly.
  • The insider exclusion: The financial loss was caused by the deliberate, intentional misconduct of a trusted internal party exploiting existing privileges. Standard cyber insurance policies consistently exclude such internal losses caused by employees.
  • Self-authorized payments: Since the payments were regularly approved and authorized in the system by the company's own staff as part of the daily process, no technical system triggers an alarm.

Without a cyberattack on the company's own IT, standard cyber policies generally do not apply to this type of insider fraud. The company is left to cover the €40,000 loss as well as the costs of the investigation (such as IT forensics or auditors).

The solution: Protected against fidelity losses with Crime

Fidelity insurance Crime Baobab was specifically developed to cushion financial losses where technical security concepts reach their limits: the abuse of internal trust.

  • Comprehensive protection against internal crimes: This coverage protects the company against all intentional and unlawful acts by trusted employees—regardless of whether it involves classic fraud, embezzlement, theft, or misappropriation.
  • Coverage of loss investigation costs: Since fraud within one's own company is often difficult to prove, Baobab also covers the costs for external auditors, IT forensic experts, or legal counsel to ensure a thorough investigation of the incident.
  • Maintaining liquidity: Through fast and unbureaucratic claims settlement, the unforeseen financial outflow is compensated without having to tap into reserves or postpone planned investments.

Minimize everyday risk through prevention

Technical filters cannot replace trust in your own employees, but organizational codes of conduct make abuse significantly more difficult:

  • Digital interfaces: Switching to digital corporate credit cards with automated transaction matching makes the retroactive manipulation of receipts nearly impossible.
  • Unannounced spot checks: Regular, random comparisons of expense receipts with actual appointment calendars quickly uncover discrepancies.

Protect your company from financial losses caused by internal perpetrators. Speak with your insurance broker about Baobab's crime protection now, or contact us for more information.

FAQ

1. Why don't conventional IT security systems detect expense fraud?

Because there is no technical attack on your systems. The accounting department approves the transfers themselves as part of their daily routine. Since the receipts are visually perfect forgeries and the payments are authorized regularly within the system, there is no reason for firewalls or antivirus programs to raise an alarm.

2. How are the loss amount and the timeframe related in this scenario?

With a total loss of €40,000 over a period of 8 years, the average monthly loss is around €415. This means the employee only needs to submit 9 fake receipts worth €45 each per month—which is just about two fake receipts per week. With 450 employees, this minimal frequency goes unnoticed, especially if the employee works in sales and travels frequently for business.

3. Does Crime fidelity insurance replace traditional cyber insurance?

No, it is a necessary supplement. While cyber insurance (such as Cyber Safe) covers technical attacks from the outside, business interruptions, and data recovery following a system breach, Crime fidelity insurance covers financial losses resulting from the abuse of internal trust. Together, both products form a seamless security architecture.

The blog post was written by