Bank account changes are the primary vector for payment fraud. When a vendor’s banking information changes, it represents both a legitimate business event and a potential fraud attempt. The challenge is distinguishing between the two—before the payment goes out.

The Bank Change Problem

Legitimate bank changes happen for many reasons:

  • Vendors switch banks for better rates or services
  • Companies consolidate accounts after acquisitions
  • Banking relationships change due to credit events
  • Regional operations may use different accounts

But fraudsters have learned that bank change requests are often processed without sufficient verification. A well-crafted email appearing to come from a known vendor can successfully redirect payments to fraudulent accounts.

How Bank Change Fraud Works

The typical bank change fraud follows this pattern:

Step 1: Information Gathering

Attackers identify the target organization and its vendors. This information may come from:

  • Public records and supplier directories
  • LinkedIn and company websites
  • Previous data breaches
  • Social engineering

Step 2: Impersonation

Using spoofed emails or compromised accounts, attackers pose as the vendor. Common techniques include:

  • Domain spoofing: Using lookalike domains (acme-corp.com vs acmecorp.com)
  • Display name spoofing: Showing a legitimate name with a different email address
  • Thread hijacking: Inserting messages into existing email threads

Step 3: The Request

The fraudulent message requests a bank account change, often:

  • Citing a routine business reason (“We’ve switched banks”)
  • Including a plausible-looking document
  • Creating urgency (“Please update before the next payment”)

Step 4: Payment Diversion

If the change is processed, subsequent payments go to the fraudulent account. Recovery is typically difficult or impossible.

Why Callbacks Aren’t Enough

Many organizations rely on callback verification for bank changes. While better than no verification, callbacks have limitations:

  • Volume: High invoice volumes make consistent callbacks impractical
  • Timing: Callbacks may be deprioritized when AP is busy
  • Contact information: If callbacks use contact info from the fraudulent message, they’re ineffective
  • Documentation: Many callbacks aren’t documented, creating audit gaps

Systematic Bank Change Detection

Effective bank change detection requires systematic controls:

1. Maintain Verified Bank Records

Every vendor should have verified banking information on file, including:

  • Account numbers
  • Routing numbers
  • Verification date
  • Verification method

2. Detect Changes Automatically

When an invoice contains banking information, compare it against verified records. Flag any discrepancy, including:

  • Different account number
  • Different routing number
  • First appearance of banking details
  • Change from domestic to international accounts

3. Verify Through Trusted Channels

When a change is detected:

  • Use contact information from your records, not the invoice
  • Verify through multiple channels when possible
  • Document the verification thoroughly

4. Enforce Payment Holds

Consider holding payments on flagged invoices until verification is complete. This creates a gate that fraud cannot bypass.

Building a Bank Change Timeline

The most effective protection comes from building a historical record of each vendor’s banking information. This timeline shows:

  • When accounts were first seen
  • How long they’ve been in use
  • Whether changes have occurred
  • How changes were verified

With this history, a new bank account becomes an obvious anomaly. A vendor that has used the same account for 50 invoices suddenly requesting a change should trigger immediate scrutiny.

Risk Indicators

Not all bank changes carry equal risk. Higher-risk indicators include:

  • First-time vendors: No history to compare against
  • Sudden urgency: Pressure to update quickly
  • Multiple changes: Bank and contact information changing together
  • Wire requests: Request to switch from ACH to wire transfer
  • International changes: Domestic vendor requesting payment to foreign account

Implementation Steps

Organizations looking to improve bank change detection should:

  1. Audit current records: Assess the quality of existing vendor banking data
  2. Establish verification procedures: Create consistent processes for verifying changes
  3. Implement detection: Automate comparison of invoice details against verified records
  4. Create payment controls: Build holds and approvals into the payment workflow
  5. Document everything: Maintain audit trails for compliance

Bank change fraud is preventable. The organizations that fall victim are typically those processing changes without systematic verification. By detecting changes automatically and verifying through trusted channels, you can protect your payments.

See TruePayables in action

Learn how TruePayables can help your organization prevent vendor fraud.

Book a Demo Join Waitlist