Vendor payment change

Vendor bank-change check before you update AP master data

Vendor bank-change requests are where invoice fraud becomes expensive. A real-looking email asks AP to update ACH, wire, routing, bank country, or account details, and the next payment goes to the attacker.

Use this free client-side checklist before changing vendor master data. It returns red flags, an AP checklist, a verification call script, and an approval note your finance team can copy.

Check bank-change request Read FAQ

Quick answer

Email is not enough for vendor-master changes

Never update vendor bank details from email alone. Require callback on a known phone number, dual approval, and documentation of who verified the change.

InvoiceScamCheck

Run the vendor bank-change risk check

Enter sender, reply-to, amount, payment method, bank/country, and whether the change was verified. The rules engine flags BEC patterns without uploading files.

Source-backed risk model: FBI IC3 2025 BEC data FTC fake invoice guidance
Payment context

No file upload in this MVP. This rules check runs in your browser and does not store invoices or vendor text.

Risk indicators only - not forensic proof

Free AP Fraud SOP Kit

Turn this check into an AP policy

Get the vendor bank-change policy, callback script, approval note, incident checklist, and hold triggers for your finance team.

Get the SOP kit Future paid: saved checks, audit log, PDF reports, team templates - $19/mo teaser.

Minimum control loop

Make the change only after the control loop is complete and documented.

  • Call the vendor using a phone number already in your vendor master file.
  • Confirm with two named contacts at the vendor when possible.
  • Require internal dual approval for every payment-instruction change.
  • Document caller, number used, date, time, and outcome.
  • Hold payment if the requester resists phone verification.

When to escalate

Escalate to finance leadership, IT, and your bank when these are present.

  • Urgency plus new bank details.
  • Reply-to mismatch or free-mail finance contact.
  • New bank country differs from vendor history.
  • CEO, CFO, or finance director language pressures AP.
  • The vendor's normal contact is not responding through trusted channels.

Vendor Bank Change Check FAQ

Should AP accept a signed PDF bank-change letter?

Treat it as one document, not proof. PDFs can be forged. Callback on a known number is the key control.

What if the vendor says the change is urgent?

Urgency is a red flag, not a reason to skip controls. A legitimate vendor can wait for secure verification.

Does the checker validate the bank account owner?

No. It does not validate account ownership or vendor identity. It helps AP identify and document red flags.