Fraud & security 6 min read

How Verification of Payee Stops Invoice Redirection Fraud

A fraudster emails 'updated bank details' that look like they came from your supplier. The invoice is real; the account is not. Verification of Payee is built to catch exactly this switch.

By Verification of Payee EU · powered by RoxPay

How Verification of Payee Stops Invoice Redirection Fraud

Key takeaways

  • Invoice redirection fraud changes a genuine supplier's bank details to an account the fraudster controls.
  • VoP flags when the account holder name does not match the supplier you expect to pay.
  • Pairing VoP with a change-of-details process closes the gap most fraudsters exploit.

Invoice redirection fraud — sometimes called mandate fraud — works because the invoice itself is genuine. A criminal intercepts or impersonates a supplier and sends 'new' bank details. The goods or services were really delivered, so the payment looks routine. Only the destination account is wrong.

Why it slips through

Finance teams are trained to check that an invoice is valid, not that an IBAN belongs to the right company. A convincing email and a plausible reason ('we changed banks') is often enough. Without a name-vs-IBAN check, nothing in the workflow catches the swap.

The invoice is real — the account is not

That is what makes invoice redirection so effective. Verifying the payee name against the IBAN is the control that targets the one thing the fraudster had to change.

Where VoP intervenes

  1. 1 When new or changed bank details arrive, run a Verification of Payee check on the IBAN.
  2. 2 A 'no match' or 'close match' against the expected supplier name is a stop-and-verify signal.
  3. 3 Confirm changes through a known phone number, never the contact details on the suspicious email.
  4. 4 Log the VoP outcome against the payment for audit and dispute evidence.

Building the check into payments

The strongest defence is automatic: verify the payee whenever bank details are added or changed, not just at onboarding. RoxPay's Verification of Payee API makes that a single call you can wire into your AP workflow or banking app.

All articles
FAQ

Frequently asked

It is a scam where a criminal changes a genuine supplier's bank details to an account they control, so a legitimate invoice gets paid to the fraudster.

VoP checks whether the account holder name matches the supplier you intend to pay. A mismatch on changed bank details is a strong signal to stop and verify before paying.

No. Most invoice redirection happens through a later 'change of details'. Verify whenever bank details are added or changed, not only when a supplier is first set up.

Keep reading

CEO fraud and fake invoices Another scam VoP helps catch. Verify a supplier IBAN Check details before you pay.

Catch redirected invoices before you pay

Talk to RoxPay about adding Verification of Payee to your accounts-payable workflow.

Talk to an expert Explore RoxPay VoP