diff --git a/ihatemoney/models.py b/ihatemoney/models.py
index c591b85b6..af21994d8 100644
--- a/ihatemoney/models.py
+++ b/ihatemoney/models.py
@@ -447,6 +447,10 @@ def remove_member(self, member_id):
             db.session.commit()
         return person
 
+    def has_member(self, member_id):
+        person = Person.query.get(member_id, self)
+        return person is not None
+
     def remove_project(self):
         # We can't import at top level without circular dependencies
         from ihatemoney.history import purge_history
diff --git a/ihatemoney/tests/budget_test.py b/ihatemoney/tests/budget_test.py
index 30507d945..732535bc9 100644
--- a/ihatemoney/tests/budget_test.py
+++ b/ihatemoney/tests/budget_test.py
@@ -1470,8 +1470,8 @@ def test_access_other_projects(self):
         pirate = models.Person.query.filter(models.Person.id == 5).one()
         assert pirate.name == "pirate"
 
-        # Try to add a new bill in another project
-        self.client.post(
+        # Try to add a new bill to another project
+        resp = self.client.post(
             "/raclette/add",
             data={
                 "date": "2017-01-01",
@@ -1488,7 +1488,7 @@ def test_access_other_projects(self):
 
         # Try to add a new bill in our project that references members of another project.
         # First with invalid payed_for IDs.
-        self.client.post(
+        resp = self.client.post(
             "/tartiflette/add",
             data={
                 "date": "2017-01-01",
@@ -1630,7 +1630,7 @@ def test_access_other_projects(self):
         member = models.Person.query.filter(models.Person.id == 1).one_or_none()
         assert member is None
 
-        # test new settle endpoint to add bills with wrong payer / payed_for
+        # test new settle endpoint to add bills with wrong ids
         self.client.post("/exit")
         self.client.post(
             "/authenticate", data={"id": "tartiflette", "password": "tartiflette"}
diff --git a/ihatemoney/web.py b/ihatemoney/web.py
index 7ba24de10..8722872f8 100644
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@@ -874,13 +874,18 @@ def add_settlement_bill():
         )
         return redirect(url_for(".settle_bill"))
 
-    # TODO: check that sender and receiver ID are valid and part of this project
+    # Ensure that the sender and receiver ID are valid and part of this project
+    receiver_id = form.receiver_id.data
+    sender_id = form.sender_id.data
+
+    if not g.project.has_member(sender_id):
+        return redirect(url_for(".settle_bill"))
 
     settlement = Bill(
         amount=form.amount.data,
         date=datetime.datetime.today(),
-        owers=[Person.query.get(form.receiver_id.data)],
-        payer_id=form.sender_id.data,
+        owers=[Person.query.get(receiver_id, g.project.id)],
+        payer_id=sender_id,
         project_default_currency=g.project.default_currency,
         bill_type=BillType.REIMBURSEMENT,
         what=_("Settlement"),