youtube icon linkedin icon mail icon
Login Get Paid Blog Resources
Who We Serve
What We Do
Vendor Risk Management

Vendor Risk Management

Vendor Verification

Vendor Verification

Vendor Onboarding Software

Vendor Onboarding Software

Vendor Fraud

Vendor Fraud

Vendor Compliance

Vendor Compliance

B2B Electronic Payments

B2B Electronic Payments

Why Trust Us
Resources
Case Studies

Case Studies

Real-life examples of how organizations use PaymentWorks to improve compliance, reduce workload, and add value. Stuff to Watch

Stuff to Watch

Library of short and sweet videos featuring product demos, customer interviews, and sessions with experts. Podcasts

Podcasts

The perfect way to geek out on all things vendor management, and get tips from our guests, partners, and customers. Vendor Management Appreciation Day

Vendor Management Appreciation Day

Dedicated to celebrating the unsung heroes of vendor management and up-leveling your strategy. Events

Events

We go places. We do things. Join us!
Partnerships
About Us
Why We Built This

Why We Built This

Read the story of how PaymentWorks came to be. Who We Are

Who We Are

Get to know our management team. Release Radar

Release Radar

Up-to-date product news! Become a Partner

Become a Partner

Join our eco-system! Work With Us

Work With Us

Interested in solving a real-world problem that affects businesses of all sizes?
Demo

Vendor Verification: How NOT to Do it and What to Do Instead

3 Common Vendor Verification Methods That Put Your Organization in Danger

by Angela Sarno

by Angela Sarno

VP Marketing

Vendor Verification: How NOT to Do it and What to Do Instead

In the course of building our network and our platform, we did what product people do: we talked to the market, specifically about vendor verification and related topics.

When it comes to the risk associated with vendor onboarding, everyone we spoke to was united.

However, when it came to how to solve it, consensus was elusive. Vendor management, AP and Procurement personnel know they should not trust banking information that arrives via email.

That is a given. To solve this, teams seem to focus on verifying vendor banking information.

But what, exactly, does that mean? That’s exactly what this blog will cover.

Common Vendor Verification Processes

Generally, vendor bank account verification falls into three buckets:

  1. Collecting a voided check or account info on bank letterhead.
  2. Calling the vendor to confirm the change.
  3. Multi levels of internal approvals for changes.

On the surface, these tactics seem effective. However, they are not infallible in defending the vendor master from infiltration by fraudsters.

The devil, as they say, is in the details.

If your organization is relying on any of these three ways to conduct vendor validation, you are likely leaving holes wide enough for a fraudster to walk right in and cause damage.

Below are explanations of why these methods are no longer reliable. You can use these to critique your own process and build a case to leadership about why your process needs to change.


Onboard, Vet, and Pay Vendors With Confidence   Ready to eliminate your fraud risk and sleep better at night?   Take our self-guided demo to see how easy (and stress-free!) your vendor onboarding process can be.  

Collecting a Voided Check or Vendor Bank Account Information on Bank Letterhead

As a verification tool, this practice started before the digital age. That was when vendors needed to snail mail a W9 and their remit details.

And it largely worked.

The chances of a fraudster intercepting this piece of mail, steaming open the envelope, swapping out documents, and getting this back into the mail stream and delivered, undetected, were close to nil.

Vendor impersonation, as we know it today, was extremely difficult in this world.

Fast forward to today. In the age of digital communications, with email as our trusted delivery source, these documents are now so vulnerable we’d argue they are meaningless.

Why? Because it is so easy to forge them. Emails are easily hacked or spoofed.

Most importantly, a piece of paper does nothing to confirm the ownership of the bank account being offered to you.

For example, I can type any business name I want and put my personal banking details under it. Paper, quite simply, is not proof of the authenticity of the information on it.

For more on authenticity and why that matters, listen to our podcast with David Birch.

PaymentWorks Presents: Risky Business Episode 6: Identification, Authentication, and Authorization

If you are still collecting documents via email to confirm vendor banking changes, we urge you to stop this practice immediately.

It’s simply too easy to fall for a fraud this way.  Ask the cities of Peterborough or Albuquerque  or Rock Island County or Lucas County or this unnamed county in New Mexico or Toyota Boshoku or…you get the picture.

Calling the Vendor to Confirm the Change

How do your AP staff know they are speaking to the legitimate vendor when the returned call is from an unrecognized phone number?

These days, that’s the exact problem with relying on calling vendors directly to confirm a change they send to you.

Previously, in the pre-Covid world, this technique was pretty solid.

You could look online for an official corporate website, call that number, and ask for the Accounts Receivable (AR) folks to confirm (or not) the information you had on file. Simple.

However, in the Covid world, this is no longer a fail safe for the following reasons:

Increase in remote work

Consider all of the AR staff who are now working remotely. They may call to check voicemail, but when they call you back, it’s not from the official number that you used. It’s likely from a cell phone.

How do your AP staff know they are speaking to the legitimate vendor when the number is unrecognized?

If you cannot get the right person on the phone with an outbound call, and you cannot authenticate the number they are calling from, you cannot be certain the call is from the legitimate vendor.

Lack of documentation

Relying solely on phone calls may not provide a sufficient audit trail or documentation of the verification process.

In case of disputes or the need for future reference, having a documented record of verification is crucial for accountability and compliance purposes.

Phone calls alone can lack the necessary evidence to support the verification process and can make it difficult to track or provide proof of the confirmation.

Manual time and effort

Work is required for manual phone verifications. Contacting vendors individually to confirm changes can be a time-consuming task, especially for vendor desk teams who are already strapped.

As a result, vendor desk staff may speed through phone calls for the sake of time. This can lead to staff not fully vetting the person on the other end of the phone, and possibly routing funds to a fraudster.

Multiple Levels of Internal Approvals for Vendor Verification

More eyes on a problem can certainly help you protect your organization from business payments fraud.

That’s why we encourage you to always have multiple levels of approvals when it comes to any vendor validation and payment information.

However, using only internal approvals as your vendor verification process is borderline reckless.

First, with multiple levels of approval required, decision-making can become time-consuming and cumbersome. This can result in delays in onboarding new vendors or making time-sensitive payments, potentially impacting business operations or relationships with suppliers.

Second, more internal approvals typically means increased administrative burden and complexity. Each level of approval adds another layer of bureaucracy, involving coordination and communication among various stakeholders.

This can lead to inefficiencies, bottlenecks, and increased workload for both the procurement team and approvers.

Additionally, the process can become prone to internal politics and power struggles. Different levels of approvers may have varying priorities, preferences, or biases, leading to conflicts or delays in decision-making.

This can compromise the objective evaluation of vendors and potentially hinder the selection of the most suitable suppliers.

Finally, the pressure the people in these positions now have as your only defense is surely keeping them up at night.

To sum up, multiple levels of internal approvals in vendor verification can enhance control. However, they can also result in delays, administrative burden, reduced agility, and potential internal conflicts.

Finding the right balance between control and efficiency is key to effectively managing vendor verification processes and maintaining strong vendor relationships.

Best Method of Vendor Verification

None of these three methods solve your actual problem: the problem of paying a fraudster.

There is no peace of mind when you are not certain your process has done enough.

And we’ve seen it again and again. True peace of mind cannot be achieved with increasingly stringent means for your staff to verify every digit on every payee bank account with every payment being made.

True peace of mind is knowing your staff are no longer vulnerable to being tricked. Knowing your payments have security. Knowing you are paying who you intend to pay, and that you aren’t liable for any mistakes.

Here’s what we recommend that all vendor management teams do.

Re-examine your current vendor verification process. Ask yourself, “Are my employees losing sleep worrying about being tricked?”

If the answer is yes, invest some time and resources into shoring up your defenses–before it’s too late.

PaymentWorks can help you, by the way.

Want a Vendor Validation Process That Gives You True Peace of Mind?

Let’s start with some resources.

Case Study with Cabarrus County and Their $2.5M Problem with a Fraudster 

Social Engineering Fraud Never Sleeps: 3 Ways to Prevent It

Business Payments Fraud in Times of Chaos

Want Personalized Support For Your Organization’s Vender Verification?

Schedule some time to speak with our team

Want Regular Vendor Management Tips?

Subscribe to the PaymentWorks Blog

Let us show you how we can help

We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.

Request a Demo
empty space
PaymentWorks Logo

280 Moody Street, Unit #5
Waltham, MA 02453

Get help with registration.

Follow us on

youtube icon linkedin icon mail icon

Who We Serve

What We Do

Why Trust Us

About Us

Blog

Resources

Request a Demo

Get Paid

Jobs

Partnerships

Partner Referral

Events

© Copyright 2024 - PaymentWorks

Privacy Policy Terms of Service PaymentWorks EarlyPay Terms of Service Transparency in Coverage