The most damaging business scams aren't technical break-ins. In CEO fraud, an attacker impersonates an executive and pressures finance into an 'urgent, confidential' transfer. In the fake-supplier-invoice scam (business email compromise), they intercept or spoof a real invoice and change only the bank details. The payment the business makes is one it intended to make — to the wrong account.
Why existing controls miss it
Purchase-order matching confirms the goods and the amount. A second approver confirms the payment should happen. Neither checks who owns the destination account. The IBAN is valid, the invoice looks real, the approval is genuine — so the money goes to the fraudster.
The swap is always the account
Whether it's CEO fraud or a doctored invoice, the constant is a changed IBAN that doesn't belong to the real payee. That's exactly the discrepancy Verification of Payee is built to surface.
How VoP breaks the scam
Verification of Payee checks the payee name against the IBAN at the moment of payment and shows the result before authorisation. A genuine supplier returns a match; a swapped IBAN returns a no match, because the fraudster's account isn't in the supplier's name. That single, well-timed signal interrupts the scam while the money is still yours.
- 1 Verify the payee name against the IBAN before releasing any new or changed bank details.
- 2 Treat a no match as a hard stop and confirm via a known phone number — never the contact details on the suspicious invoice.
- 3 Re-verify at payment time, not just at onboarding, to catch mid-cycle swaps.
RoxPay delivers this check via API and the RoxBusiness dashboard, so finance teams can put a payee name check in front of every business payment and shut down invoice-redirection and CEO fraud.