4 Best Ways to Protect Your Vendors’ from Being Attacked by a Cybercriminal

In the public landscape, vendor bank account fraud is growing at an alarming rate. A vendor contacts the accounts team to tell them they haven’t received the payment. The accounts team then checks the data and finds out that they’ve paid the invoices. So, when more due diligence is done, it is found out that the money wasn’t sent to the Vendor’s account but to some other account altogether. What happened was that a fraudster got into the systems and changed the Vendor’s bank account information.

This situation has happened a lot in recent times. Most recently it happened with Scott County Schools where they lost $3.7M. Eventually, they were able to recover the funds. And they decided to put some safeguards to prevent something like this from happening again.

Another similar situation happened in the “City of El Paso, TX” where they uncovered $2.9M, and $300K payments were sent to a fraudster. Unfortunately, they were only able to recover $1.6M and $292K from the payments. To prevent this from happening again, they decided to verify vendor information before every single payment.

Regardless of the fact your company has been in a similar situation or not, there are 4 basic steps you can follow to prevent fraudsters from changing banking information.

Prevent Vendor Bank Account Fraud

1. Build Custom Vendor Banking Forms

The first and foremost thing you should do is to build a banking form for all the vendors. The reason for doing so are:

  • Don’t accept banking information in an email body. An email with banking details doesn’t provide authentication so that’s why you build the form.
  • Change the form every year. This way your team can distinguish between fake and real forms. If they receive an old form, they can ask the vendor if there’s a mistake.
  • Add vendor authentication on the form. Existing vendors will have to add some kind of information that’s unique to them. No one except the vendor should have that information as it helps in reducing the risk of fraud
  • Your form should require a digital signature. Be careful while building a PDF form with a digital signature built into the form. To avoid emails and calls from vendors saying they’re facing errors, let the vendors use their own digital signature tool.

2. Verify Bank Information

This is a vital step in preventing vendor bank account fraud. As you confirm a vendor’s Legal Name and Tax ID to match IRS records, you should also confirm the bank account information to match them against your records. Moreover, you can use DIRO’s bank account verification service to make sure the documents provided by your vendor are true.

3. Contact Vendor to Confirm Information Change

Once you’ve received the updated form, and confirmed all the data against your records, it’s time to contact the vendor. Call the Vendor to verify the change if there are any. This may seem cumbersome to both parties at first, but the benefits outweigh the pain. There won’t be any payment delays, and you won’t have to try to recover lost money.

While verifying the information, keep in mind that the vendors may not respond right away, so you need to find a way to keep track. If the Vendors don’t respond in time, don’t process the payment.

4. Send Notification to Vendor After Information Change

If there are any changes in the vendor banking information, you should build a system that sends an automatic notification system. Whenever the information is changed, the vendor will receive a notification.

How to Make This Process Efficient?

Building and setting up this process takes up a lot of time. But the process is crucial as it helps vendors and yourself be safe from fraudsters. Implement a vendor self-registration portal for vendors to authenticate themselves and prevent fraud. On the portal, vendors can authenticate themselves and also update their banking information as per their preference.