Troubleshooting

How to Verify Vendor Banking Changes

Protect your company from payment fraud by properly verifying vendor banking changes. Step-by-step verification process and red flags to watch for.

3 min read · Updated February 2026

How to Verify Vendor Banking Changes

You just received an email from a vendor saying they’ve changed banks and need you to update their payment information. It looks legitimate—it has their logo, their usual contact’s name, and references a real invoice. But is it really from them?

Business Email Compromise (BEC) scams targeting vendor banking changes cost companies millions of dollars annually. The good news: a simple verification process can stop these attacks cold.

Why This Is a Critical Moment

When a vendor requests a banking change, you’re at a decision point with real consequences:

  • If it’s legitimate and you don’t update the information, your payments will fail and the vendor won’t get paid
  • If it’s fraudulent and you do update it, you’ll wire money directly to criminals—often irrecoverably

The stakes are high enough that every banking change deserves careful verification, no matter how routine it seems.

The Verification Process

Step 1: Stop and Assess

Never update banking information immediately, regardless of urgency claims. Legitimate vendors understand that verification takes time.

Ask yourself:

  • Were you expecting this change?
  • Does the request come through normal channels?
  • Is there any urgency pressure?

Step 2: Verify Through a Separate Channel

This is the critical step. Contact the vendor using information you already have on file—not the contact details in the change request.

Do use: - Phone numbers from your vendor master file - Email addresses you’ve used successfully before - Contact information from signed contracts

Don’t use: - Phone numbers included in the change request - Reply-to addresses in the email - Any new contact information provided

Step 3: Speak to a Known Contact

When you call, ask for someone you’ve worked with before. If that’s not possible, verify you’re speaking with someone authorized to confirm banking changes.

Sample verification call:

“Hi, this is [Your Name] from [Your Company]. We received a request to update your banking information. Before making any changes, I need to verify this request is legitimate. Can you confirm you’ve recently changed banks and the new account details?”

Step 4: Confirm Specific Details

Don’t just ask “Did you change your banking info?” Ask them to provide the new details, then compare against what you received:

  • Bank name
  • Account number (last 4 digits is often sufficient)
  • Routing number
  • Account type

If the details don’t match, you’ve likely caught a fraud attempt.

Step 5: Get Written Confirmation

After verbal verification, request written confirmation on company letterhead, including:

  • Statement that banking information has changed
  • New banking details
  • Signature of an authorized representative
  • Date of the change

Some companies require this letter to be notarized for high-value vendors.

Step 6: Implement a Waiting Period

Many companies require a 24-48 hour waiting period before activating new banking information. This provides time to:

  • Complete all verification steps
  • Have a second person review the change
  • Catch any last-minute red flags

Step 7: Send a Test Payment

For the first payment to new banking details, send a small test amount ($1-10) and verify with the vendor that they received it before processing larger payments.

Red Flags That Signal Fraud

Email-Based Red Flags

  • Urgency language: “Update immediately,” “Urgent,” “Time-sensitive”
  • Slight domain variations: vendor@acme-corp.com vs vendor@acme-c0rp.com
  • Generic greetings: “Dear Accounts Payable” instead of using your name
  • Reply-to mismatch: Display name shows one address, but reply goes elsewhere
  • Unusual sending time: Middle of the night in the vendor’s timezone

Content Red Flags

  • Vague explanations: “We’re updating our banking” without mentioning a specific bank
  • Pressure to skip verification: “Just update the system, we need payment today”
  • Changes during personnel transitions: Scammers research when key people leave companies
  • International banks for domestic vendors: A US vendor suddenly banking in Eastern Europe

Process Red Flags

  • First-time request from this contact: Someone you’ve never dealt with making the request
  • Refusal to verify: “Just update it, I don’t have time for this”
  • Changing story: Details that shift when you ask follow-up questions

What to Do If You Suspect Fraud

If You Haven’t Made Payment

  1. Do not update the banking information
  2. Document the fraudulent request (save emails, note phone calls)
  3. Alert your IT/security team immediately
  4. Contact the real vendor to warn them their identity is being used
  5. Report to the FBI’s IC3 (ic3.gov) and the FTC

If You’ve Already Made Payment

Time is critical. Money can sometimes be recovered if you act fast.

  1. Contact your bank immediately—within hours if possible. Request a wire recall or ACH reversal
  2. File a police report to document the crime
  3. Report to FBI IC3 at ic3.gov
  4. Document everything for insurance and legal purposes
  5. Contact the real vendor to explain what happened

Building Systematic Protections

Create a Verification Checklist

Document your verification requirements and make them mandatory:

□ Request received through official channels
□ Vendor contacted via phone number on file
□ Spoke with known/authorized contact
□ Banking details verbally confirmed
□ Written confirmation received
□ 48-hour waiting period completed
□ Second approver reviewed and approved
□ Test payment sent and confirmed

Dual Authorization for Changes

Require two people to approve any vendor banking changes. The second approver should independently verify using the same process.

Train Your Team

Regular training on BEC scams helps AP staff:

  • Recognize red flags
  • Feel empowered to slow down and verify
  • Know exactly what steps to follow

Control Your Communication Channels

When vendors can email anyone in your organization with banking change requests, fraud becomes harder to spot. A centralized vendor portal creates a controlled environment where you can:

  • Track all vendor communications
  • Require authentication for sensitive changes
  • Maintain an audit trail of who requested what and when

Key Takeaways

  • Never update banking information without verification through a separate channel
  • Use contact information from your records, not from the change request
  • Legitimate vendors understand and appreciate your verification process
  • Implement dual authorization and waiting periods for all banking changes
  • If you’ve already paid, contact your bank immediately—time is critical

Want to control how vendors communicate with your AP team? See how BillerPlus creates a secure vendor portal →

Tired of invoice chaos?

BillerPlus gives you a single, controlled front-door for all vendor invoices. No more email hunting.

Start free trial

More in Troubleshooting

Vendor Threatening Late Fees: What to Do

A vendor is threatening late fees or collection action. Here's how to respond professionally, protect your business, and resolve the situation.

Recovering Duplicate Payments - Step-by-Step Guide

Paid the same invoice twice? Learn how to identify, recover, and prevent duplicate payments with this comprehensive recovery guide.

AP Fraud Red Flags - What Every AP Professional Should Watch For

Learn the warning signs of accounts payable fraud. Spot internal and external fraud schemes before they cost your company money.

Vendor Double-Billed Us - What to Do Next

Received duplicate invoices from a vendor? Learn how to identify double billing, dispute the charges, and prevent it from happening again.