Most small businesses verify invoices manually — a visual scan, maybe a call if something looks off. PaySentinel runs a structured fraud check in under a minute. This page explains what each approach catches, what each misses, and when you need both.
Manual review works when the reviewer has time, familiarity with the vendor, and no urgency pressure. All three conditions are exactly what fraud attempts are designed to remove.
Runs the same systematic checks every time — routing number validation, domain analysis, vendor history comparison, BEC signals — regardless of how busy the reviewer is or how familiar the vendor looks.
This is the core comparison. Both approaches catch some fraud well. The gaps are different — and knowing the gaps is what matters.
| Fraud signal | Manual review | PaySentinel |
|---|---|---|
| Unfamiliar or unknown vendor | ✓ Usually caught | ✓ Checked |
| Invoice with no matching PO | ✓ Caught if process exists | ⚠ Flagged as signal |
| Routing number ABA validity | ✗ Rarely checked | ✓ Always validated |
| Routing number changed from prior invoice | ✗ Missed unless manually compared | ✓ Flagged automatically |
| Email domain typosquatting | ✗ Missed under time pressure | ✓ Character-level check |
| BEC urgency and secrecy language | ⚠ Depends on training | ✓ Pattern detection |
| Structuring amounts near $10,000 | ✗ Rarely noticed | ✓ Flagged as signal |
| Phantom vendor signals (vague scope, round amounts) | ⚠ Sometimes caught | ✓ Checked systematically |
| Consistency check with existing vendor | ✗ Requires pulling prior invoices | ✓ Automatic vendor memory |
| Phone verification of vendor | ✓ When done properly | ⚠ Recommended, not automated |
| PO / receipt three-way matching | ✓ When process exists | ⚠ Requires internal records |
| Documented audit trail | ✗ Rarely documented | ✓ Every check logged |
Manual review isn't unreliable because people are careless. It's unreliable because certain checks are hard to do consistently by hand — especially under time pressure.
acme-corp.com and acmecorp.com is one hyphen. Under time pressure, processing the 15th invoice of the day, this is not caught. PaySentinel checks every character."In every fraud case I've reviewed involving a small business, the victim did look at the invoice. The problem wasn't that they didn't check — it was that the checks they did were the wrong ones. They verified the vendor name. They didn't verify the routing number. They recognized the email display name. They didn't check the domain character by character. Manual review is not nothing. But it consistently misses the specific signals that matter most."
This matters. PaySentinel is a structured fraud check, not a complete AP process. These manual steps remain essential regardless of whether you use the tool.
| Situation | Best approach |
|---|---|
| New vendor, first invoice | PaySentinel check + phone verification + PO match |
| Known vendor, banking details unchanged | PaySentinel check (routing comparison automatic) + PO match |
| Known vendor, banking details changed | PaySentinel check + mandatory phone verification + signed authorization letter |
| Suspicious email requesting payment | PaySentinel email check + independent phone verification before any action |
| Urgent wire request from executive | PaySentinel check + call executive at known number + dual authorization |
| Small recurring payment, same vendor, same amount | PaySentinel check recommended; manual review acceptable if routing confirmed unchanged |
No. Manual review catches some fraud well — obvious red flags like unfamiliar vendors, missing PO matches, and suspicious amounts. But it consistently misses signals that require systematic checking: routing number validation, email domain typosquatting, vendor history comparison, and BEC language patterns. Under time pressure, manual review gets less thorough, not more — which is exactly when fraud attempts are most likely to succeed.
No. PaySentinel is designed to complement manual review, not replace it. The tool handles the systematic checks — routing number validation, domain typosquatting, vendor history, BEC signals — that are hard to do consistently by hand. The manual steps it doesn't replace: calling the vendor to confirm payment details, matching the invoice to a purchase order, and getting a second approver above your payment threshold.
A thorough manual verification of a single invoice — checking the vendor domain, looking up the routing number, comparing against prior invoices, reviewing the email for BEC signals — takes 10–20 minutes when done properly. PaySentinel runs the same checks in under a minute. The time difference matters most when processing multiple invoices per week or when urgency pressure makes manual shortcuts tempting.
Yes — vendor familiarity is actually a fraud risk factor, not a protection. The most costly BEC attacks target existing vendor relationships, where a changed routing number or compromised email account is harder to spot precisely because everything else looks familiar. PaySentinel's vendor memory specifically flags when a known vendor's banking details change — the signal most likely to be missed in a familiar vendor relationship.
Paste in a vendor, invoice, or email — PaySentinel runs the systematic checks in under a minute, before money leaves your business.
Run a free analysis →