Reference

Dormant supplier alerts

Why bills to suppliers who have been inactive for 12+ months fire an amber banner — re-activated dormant suppliers are a common fraud signal.

2 min readLast updated 20 May 2026
Jump to section

Dormant supplier alerts

When a supplier hasn't been on a paid bill in 12+ months and someone raises a new bill against them, Blankitt fires an amber banner on the bill form: "Dormant supplier — last paid X months ago".

Why this matters

Dormant suppliers are a known fraud vector. Common patterns:

  • An attacker hijacks a long-quiet supplier relationship — emails arriving from a spoofed sender saying "we're back, here's the bank account for the new project". The legacy contact info still on your system makes the new bills look legitimate.
  • An insider re-uses a dormant supplier identity (lower scrutiny than creating a new supplier) to route a fraudulent payment.

In both cases, the previous bank details may be 12+ months stale — the attacker hopes you don't re-verify.

What the banner says

When you pick a dormant supplier on the New Bill form OR open an existing bill against a dormant supplier:

Dormant supplier — last paid 16 months ago. This supplier hasn't been on a bill since 2025-01-08. Double-check the bank details on the supplier record haven't been changed in the meantime — re-activated dormant suppliers are a common fraud signal.

How "dormant" is computed

The system uses a view fin_dormant_suppliers_v that joins suppliers to their purchase invoices and takes MAX(date) of sent / paid / overdue invoices. A supplier is dormant when:

  • Days since last invoice > 365 (12 months)
  • Supplier type IN ('supplier', 'both')

Suppliers with no historical bills at all (newly added) are NOT dormant — they're new. Suppliers who only had bills marked void / draft / pending_approval are dormant (those statuses don't count as paid activity).

What to do when the banner fires

  1. Verify the bank details via the callback flow. The bank-detail change verification is your strongest defence — phone the supplier on a number you already have on file and confirm.
  2. Check the contact details haven't been silently edited recently. The change log on the supplier record shows everything that has changed and who confirmed each change.
  3. Confirm the work / goods are real with whoever requested the supplier (if not you).

Still stuck? Email support or open the support widget in the bottom-right.