Meet us at Treasury 360° in Copenhagen on 23rd of May! Learn more

‹ Return to Insights

How to protect against fraudulent bank account change requests?

Payment frauds are getting more sophisticated and complex to spot as fraudsters attack day-to-day business processes. One common fraud is hacking into the supplier’s email, changing the bank details on the invoice and sending it for payment. Change requests coming from a credible source, including valid documentation, are hard to spot unless one has a prudent protection mechanism built for vendor frauds. 

Businesses can protect against fraudulent bank account change requests by implementing a process to authenticate any bank account change. In many cases, this process includes a call-back to a registered phone number of the supplier to confirm the bank account details modification requested by phone, email, letter or on the invoice. Importantly the verification process needs to rely on contact details authenticated earlier and not on the fake phone numbers and legitimate-looking email domains provided on the fraudulent invoice. Internal training plays a key role here. 

Often corporations demand bank certificates to prove the bank account belongs to the account holder — keeping banks busy as the certificates should not be older than three months. Some companies may ask for the certificates directly from banks, which might take some time if the request is answered at all. 

The cost of a fraudster fooling to change the payment instructions of a large supplier and getting these recorded to the victim’s vendor management system or ERP (Enterprise Resource Planning) can be enormous. Multiple invoices might go through the company’s weekly or bi-monthly payment run before the fraud gets discovered. The investigation costs are also huge, with suppliers’ and victims’ lawyers and banks’ investigation teams starting to work on the case. Not to mention the reputational hit. 

Beneficiary account validation services or IBAN checks offered by banks and third parties can ensure payments arrive at the intended beneficiary, preventing fraudulent activity. Validation confirms either ‘match’ or ‘mismatch’ that the instructed beneficiary is the rightful owner of the account. The check should be performed whenever a new supplier is added to the system or bank account details are modified for an existing vendor. Integrating the check into the internal processes and automating the workflow brings measurable efficiency gains for large businesses and reduces the risk of fraud. 

Another use case is an on-demand validation of the account status and owner every time before a payment is made, reducing the number of payment returns or failed payments caused by incorrect payment instructions. More on this later! 

With the help of FinanceKey you can embed account validation within your vendor management or payment operations or submit the requests via our intuitive UI. Customer end-users can monitor the requests and receive updates & notifications when the status of the IBAN check is updated. FinanceKey is currently live with Nordea’s Beneficiary Account Validation API, providing the service to Nordea bank’s corporate customers. We can also serve a broader clientele soon – contact us to learn more! 

Implementing beneficiary account validation has been a natural first step in building FinanceKey’s future-ready payment suite. We will keep you posted on more modules to come – and we are eager to listen to what requirements you have for tomorrow’s payment operations! 

Please contact us at hello[at] on how we can help your business to validate bank account details & automate treasury and payment operations.