I would like to bring to your attention a significant concern we’ve encountered with the Accounts Payable (A/P) module in Sage 300, which may allow for unintended duplicate payments — and potentially opens the door to fraudulent activity.

Specifically, the issue arises from how the system handles invoice number validation. While Sage 300 correctly flags exact duplicate invoice numbers (e.g., invoice #33456) to prevent reposting, it does not enforce restrictions on invoices that contain minor variations, such as trailing characters or punctuation (e.g., 33456. or 33456..). In our experience, the system treats these as entirely separate invoices, even when the amount and vendor are identical — only issuing a soft warning that can easily be bypassed.

While this may appear as a minor discrepancy in invoice number format, it can be very difficult for approvers to detect during review, especially when the amounts and vendors are the same. The risk increases when such duplicate

I'm not asking Sage to control vendors' invoice formats. but to

Recognize that some formats (like 12345..) are almost certainly user entry errors or manipulation, not legitimate vendor formats.

Offer configurable validation or restrictions to protect against obvious red flags — like invoice numbers ending in multiple dots, which no legitimate vendor would ever use entries are subtle and intentionally designed to avoid detection.

by: yuki l. | 21 hours ago | Setup / Environment