Practical guides 6 min read

Verify Supplier IBANs Before You Pay: A Practical Guide for Finance Teams

A single changed IBAN on a supplier invoice can divert a six-figure payment to a fraudster. For finance and treasury teams, verifying the payee name against the IBAN before a payment run is the most effective control you can add.

By Verification of Payee EU · powered by RoxPay

Key takeaways

  • Invoice-redirection and CEO fraud target business payments, where amounts are large and approvals are routine.
  • Verify the payee name against the IBAN at supplier onboarding and again before each payment run.
  • Verification of Payee can be run in bulk via API, so a whole payment file is checked before release.

Consumers get most of the headlines, but the biggest single losses from misdirected payments hit businesses. A fraudster emails a convincing 'updated bank details' notice, your accounts-payable team updates the supplier record, and the next payment run sends real money to the wrong account.

Where the risk lives

Two moments are especially exposed:

  • Supplier onboarding — when bank details are first captured, often from an email or PDF.
  • Bank-detail changes — the classic vector for invoice-redirection and CEO fraud.
  • Payroll changes — a redirected salary is easy to miss until the employee complains.

Approvals are not verification

A second approver checks that a payment should be made — not that the account belongs to the right payee. Verification of Payee answers the question approval can't: does this name match this IBAN?

A simple verification routine

  1. 1 At onboarding, verify each new supplier's name against the IBAN before the record is activated.
  2. 2 Re-verify whenever bank details change, and treat a 'no match' as a hard stop pending a call-back on a known number.
  3. 3 Before each payment run, batch-verify the file so any mismatched or unverifiable payee is flagged before release.

Doing it at scale

Checking IBANs by hand doesn't scale to hundreds of suppliers. Verification of Payee can be called per record through an API, so an entire payment file is verified automatically — match, close match, no match or not available — before anyone clicks 'release'.

RoxPay makes this available from the RoxBusiness dashboard for ad-hoc checks and via a REST API for bulk verification, so treasury teams can build a name check into their payment workflow without a heavy integration.

All articles
FAQ

Frequently asked

No. While the regulation targets PSPs, the same check is valuable to any business that pays suppliers or staff. RoxPay offers VoP to businesses via dashboard and API.

Yes. Through the API you can verify each record in a payment file before release, so mismatched or unverifiable payees are flagged in advance.

Treat it as a stop signal: pause the payment and confirm the details with the supplier on a previously known phone number, never using contact details from the suspicious invoice.

Keep reading

The Verification of Payee API Verify supplier IBANs in bulk via one REST call. APP fraud prevention How a name check stops invoice-redirection fraud.

Build a name check into every payment run

Talk to RoxPay about verifying supplier and payroll IBANs from the dashboard or in bulk via API.

Talk to an expert Explore the VoP API