Good news: Many of your vendors moved from check payments to ACH. Bad news: Criminals will try to find a way to hijack money that’s supposed to go to them by changing or stealing their banking info.
Vulnerabilities that contribute to fraud include unencrypted email communication and A/P departments that are so busy that verifying vendor bank account numbers is a low priority.
To adequately protect against fraud, InvoiceInfo.com advises tightening up email security and double-checking all vendor bank account changes.
Steps to protect vendor bank accounts
One control measure your finance team can take is to stop communicating about sensitive vendor banking info using regular email.
Instead, provide vendors with a secure portal to submit data or insist on encrypted email.
Also, be sure Finance understands how email encryption works. Ask IT to clarify, if necessary. Then take all necessary steps to secure data transmitted that way.
Because experts estimate the average vendor bank account number changes once every four years, another key control is verifying all bank account info changes.
This includes confirming banking info updates with the vendor using a trusted contact phone number and calling the vendor’s bank.
Another option: using a verification service specializing in bank account verifications.