Vendor Payment and Direct Deposit Fraud on the Rise
Fraud is occurring in staggering numbers every day! Does your Company have a verification process in place for requested vendor or employee payment detail changes? If not, we strongly encourage you develop one immediately.
Companies are reporting an uptick in payments fraud whereby an email is received purportedly from the known vendor or employee indicating a new banking relationship has been established and future payments should be sent using new information (Routing and Account Numbers) listed within the email.
Create a fraud verification process
If your Company is making the change solely based on the received email, we encourage you to create a multi-step verification process to ensure you are sending payment to the appropriate account to mitigate losses in payments fraud.
Request to change payment information
- If you receive a request to change payment information for a Vendor or Employee via email we suggest you call the Company or Employee to verify they in fact sent the email, and truly have changed the banking relationship.
- Do not call the phone number listed in the email as this may be a call directly to the fraudster who will of course validate the change as being real.
- Do call the phone number listed in your accounting system for the Vendor or listed in the Employee file. This ensures you should be reaching the correct Company/Person to verbally validate the requested change. If a Vendor, have the person who negotiated the purchase contact their known company representative.
- Consider drafting a form that is sent to the Vendor or Employee that must be completed to effectuate the requested change.
- For Vendor Payment account change requests consider drafting a form that is sent to the contact who negotiated the purchase with your Company which must be completed and signed indicating the new payment details. Consider having it signed by two Company representatives, the purchase negotiator and someone in the finance area of the Company.
- For Direct Deposit of Payroll companies should receive a new signed Direct Deposit Authorization form indicating the new routing and account information and it should be signed by the employee. ACH Rules state these authorization forms must be kept for 2 years post termination of the authorization.
The bottom line is that payments fraud is increasing rapidly and we want to help ensure you are sending money to the appropriate place and not incurring losses due to fraud. The time is now to create a multi-step verification process. Though your network may be considered safe, the information technology infrastructure within the companies you do business with may not be. The same can be said for the email systems used by employees personally. NEVER change payment related information by email request only!
As always, contact the Nicolet National Bank Treasury Management Team or your Commercial Relationship Manager should you have any questions regarding this communication.
Have questions or need further clarification?