Vendor Verification Checklist: How to Safely Check a Vendor Before Payment (2026)
Wire transfers are irreversible. Once the money leaves your account, recovering it is rare and slow. This guide gives AP clerks and office managers a step-by-step process to verify any vendor before payment — so you catch fraud before it costs you.
Why Wire Transfers Are the Highest-Risk Payment
Unlike checks, ACH, or credit cards — wire transfers cannot be reversed. Once confirmed, funds move immediately and are typically forwarded internationally within hours in fraud cases, making recovery nearly impossible.
This is exactly why fraudsters specifically target wire transfers. The three most common schemes hitting small businesses right now:
- Business Email Compromise (BEC) — Attacker impersonates an executive or vendor via a spoofed email, requesting an urgent wire to a new account.
- Invoice redirect fraud — A legitimate vendor's invoice is intercepted and altered with new bank routing details before it reaches you.
- Phantom vendor schemes — A fake company solicits business, collects payment, and disappears. Often targets new vendor onboarding processes.
What These Scams Actually Look Like
These aren't abstract threats. Here are examples of what each scam looks like in practice — and the red flags that give them away.
Example 1 — CEO Impersonation (BEC)
Example 2 — Invoice Redirect Fraud
6 Steps to Verify Any Vendor Before Payment
Use this process for any first payment, or any payment to a vendor you haven't paid in more than 90 days.
Search your state's Secretary of State business database — not the vendor's website. Confirm the company is registered, in good standing, and that the legal name matches the invoice.
- Check registration date — a company registered last month claiming years of experience is a red flag
- Verify physical address using Google Maps Street View
- Cross-reference with LinkedIn and BBB
Never call a number from the invoice or payment request. Look up the vendor's phone number from their official website or your existing records. Verbally confirm payment amount, routing number, and account number.
- If they say "don't call, just email" — stop and escalate
- Document who you spoke with, their title, and the time
Fraudsters register domains that look nearly identical to real ones. Check every character — transposed letters, added hyphens, different TLDs, and added words are all common tricks.
- acmecorp.com → acme-corp.com (added hyphen)
- northgate.com → northqate.com (transposed letter)
- billing@acme.com → billing@acme.net (different TLD)
- ceo@acme.com → ceo@ceo-acme.com (added prefix)
Pull up this vendor's previous invoices or payments in your accounting system. Any change to routing or account number requires a phone verification — no exceptions, regardless of how convincing the explanation sounds in an email.
A structured fraud analysis catches patterns that manual review misses — typosquat domains, ABA routing checksum failures, structuring amounts, and known BEC signals. This takes under a minute with the right tool.
Set a dollar threshold — many small businesses use $5,000 — above which a second person must independently approve. This single control stops most BEC fraud. The approver must verify independently, not just sign off on your work.
Manual Checks vs. Using PaySentinel
Here's what each step looks like doing it manually versus running it through PaySentinel:
| Verification step | Manual process | Time | PaySentinel | Time |
|---|---|---|---|---|
| Email domain check | Read character by character, Google the domain | 3–5 min | Automatically flags typosquat domains and free email | Instant |
| Routing number validation | Look up on Fed lookup tool manually | 5 min | ABA checksum validated automatically, flags changes from prior | Instant |
| Fraud pattern check | Relies on personal knowledge and gut feel | Variable | Checks 20+ fraud patterns including BEC signals and structuring | ~60 sec |
| Risk score | No structured output — judgment call | — | 1–10 risk score with specific red flags and recommended actions | Instant |
| Audit trail | Manual notes if remembered | 5 min | Automatic case history with investigation queue | Automatic |
| Phone verification Always required |
Call vendor using independently found number | 5–10 min | Still required — no tool replaces calling the vendor | Manual step |
No tool replaces calling the vendor directly using a number you found independently. PaySentinel catches the patterns that are easy to miss — but the phone call is still the one check that definitively confirms you're talking to the right person.
Curious how a structured tool compares to doing these checks manually? See exactly what each approach catches and what each misses →
Red Flags That Should Stop Any Payment
Each of these signals requires verification before proceeding. Multiple flags together warrant escalation to a manager before anything is sent.
- Urgency language — "Must be done today," "before end of business," "time-sensitive." Urgency bypasses your normal controls. Legitimate vendors understand payment timelines.
- Routing number changed from previous invoices — The #1 indicator of invoice redirect fraud. Always requires a phone call to a number you looked up independently, plus a signed bank authorization letter.
- Request to keep the payment confidential — No legitimate business transaction requires secrecy from your own colleagues or management.
- Free email address for business invoices — Gmail, Yahoo, Hotmail, or any consumer email for invoices over $1,000 is a serious red flag. Real companies have company domain emails.
- Invoice number is suspiciously low — INV-003 or INV-007 from a company claiming years in business. Established businesses have high invoice numbers.
- Amount is just under $10,000 — Amounts like $9,800, $9,750, or $9,900 may be deliberately structured to avoid Currency Transaction Report (CTR) thresholds. This is called structuring and is a federal crime — and a clear signal of fraudulent intent.
- Remittance address differs from company address — If the "pay to" address on an invoice is in a different state from the company's listed address, verify before paying.
- Executive bypasses normal process — Real executives don't typically circumvent AP workflows. A CEO requesting an urgent wire directly to you, bypassing normal channels, is the hallmark of impersonation fraud.
- Single point of contact via email only — Vendor has only one contact, reachable only by email, who discourages phone calls.
- Very new website or recently registered domain — A company website registered in the last 60 days combined with an invoice for a large amount is a phantom vendor signal.
- "Do not call" instruction — Any payment request that instructs you not to call, not to discuss, or to confirm only by email is attempting to prevent verification. Stop immediately.
Handling Routing Number Changes
Routing number changes are the most common vector for payment redirect fraud — and also something that legitimately happens when vendors switch banks. The right process:
- Never update banking details based on email or invoice alone — regardless of how official it looks.
- Call the vendor's AR department using a number from your existing records — not from the email requesting the change.
- Request a signed bank authorization letter on company letterhead — creates an audit trail most fraudsters won't produce.
- Document who you spoke with, when, and what they confirmed — name, title, callback number, and date.
- Consider a small test payment first — for large ongoing vendors, some businesses send a nominal amount to verify the account before the full payment.
A common follow-up tactic: an attacker calls you after sending a fake invoice, pretending to be from the vendor, to "confirm" the payment details. This pre-empts your own verification call. Always initiate the call yourself using a number you found independently. Never accept an inbound call as verification.
New Vendor Onboarding Checklist
Before processing any first payment, collect and file the following. Keep this on record for every new vendor relationship.
- Legal business name — confirmed matches invoice and any contracts.
- Business registration — verified via Secretary of State database, in good standing.
- Physical address — confirmed real, not P.O. box only. Checked via Google Maps.
- Named contact — person with company email and direct phone you've called and confirmed.
- W-9 form — required for any vendor paid over $600/year. EIN must match business registration.
- Signed bank authorization letter — on company letterhead, documenting their banking details for ACH or wire payments.
- Contract or statement of work — clear documentation of what you're paying for before the first invoice arrives.
- Fraud check completed — vendor details run through PaySentinel or equivalent tool, result documented.
When to Stop a Payment and Escalate
If you cannot independently verify the payment details using contact information you already have on file — the payment does not go out.
It is always better to delay a legitimate payment and apologize to a vendor than to process a fraudulent wire and lose the money permanently. Legitimate vendors have seen this before and understand.
Escalate immediately to your manager or owner if:
- An executive is requesting an urgent, confidential wire outside your normal process
- A vendor's banking details changed and you cannot reach anyone by phone at an independently verified number
- You believe an invoice may have been altered in transit
- You've already sent a payment and something now doesn't add up — contact your bank immediately, within the first hour
If you've sent a fraudulent payment: call your bank immediately, then file a report with the FBI's Internet Crime Complaint Center at ic3.gov.
Check a vendor in under 60 seconds
PaySentinel analyzes vendors, invoices, emails, and payment details for fraud patterns — free for small businesses, no account required.
Run a free check →