No one bank account change control is going to stop payment fraud.
Layers of Protection
Prevent the event.
No one bank account change control will prevent payment fraud. See how apexportal provides layers of protection.
Fraudsters love your "controls".
$43B
Email fraud cost the global business community between 2013 and 2021.
¹ FBI (May, 2022)
85%
Most fraud losses are never recovered.
ACFE, Report to the Nations (2020)
$1M
Nearly 1 in 4 scams involve losses of $1 million or more.
ACFE, Report to the Nations (2020)
2
The average fraud runs 2 years before being detected.
ACFE, Report to the Nations (2020)
Protection starts with a secure self-service supplier portal...
And is strengthened with validations only found in apexportal.
Robust access controls
• Role-based view and access restrictions • Multi-factor authentication for password resets, new device or new IP address • Email change restrictions (based on supplier domain and country) • Frequency limits on password and security question changes
Bank account change controls
• Bank account information obscured after accepted • Current bank account information required to change it • No phone or email bank account change requests • Automatic alerts if a bank account is in different country • Email or text sent to all authorized vendor contacts
User behavior monitoring
• Alerts for suspicious login and activity patterns • Automated IP address blocking for suspicious IP addresses or locations • Detailed logging of sign-on and changes
Real-time bank account ownership validation
• Validates bank account is owned by supplier through integration with global banking consortium and government authorities (US, UK, India, Sweden, Poland) • Confirms that the bank account does not have a negative balance (high risk attribute) • Flags change requests for bank accounts that have been recently opened
Global network intelligence
• Bank account confidence score based on user activity within apexportal • How many apexanalytix clients pay the supplier with the same account number? • How frequently is that bank account used by the supplier? • Is the bank account in the same country as the vendor? • Any other clients using this supplier?
Robust access controls
• Role-based view and access restrictions • Multi-factor authentication for password resets, new device or new IP address • Email change restrictions (based on supplier domain and country) • Frequency limits on password and security question changes
Bank account change controls
• Bank account information obscured after accepted • Current bank account information required to change it • No phone or email bank account change requests • Automatic alerts if a bank account is in different country • Email or text sent to all authorized vendor contacts
User behavior monitoring
• Alerts for suspicious login and activity patterns • Automated IP address blocking for suspicious IP addresses or locations • Detailed logging of sign-on and changes
Real-time bank account ownership validation
• Validates bank account is owned by supplier through integration with global banking consortium and government authorities (US, UK, India, Sweden, Poland) • Confirms that the bank account does not have a negative balance (high risk attribute) • Flags change requests for bank accounts that have been recently opened
Global network intelligence
• Bank account confidence score based on user activity within apexportal • How many apexanalytix clients pay the supplier with the same account number? • How frequently is that bank account used by the supplier? • Is the bank account in the same country as the vendor? • Any other clients using this supplier?
Robust access controls
• Role-based view and access restrictions • Multi-factor authentication for password resets, new device or new IP address • Email change restrictions (based on supplier domain and country) • Frequency limits on password and security question changes
Bank account change controls
• Bank account information obscured after accepted • Current bank account information required to change it • No phone or email bank account change requests • Automatic alerts if a bank account is in different country • Email or text sent to all authorized vendor contacts
User behavior monitoring
• Alerts for suspicious login and activity patterns • Automated IP address blocking for suspicious IP addresses or locations • Detailed logging of sign-on and changes
Real-time bank account ownership validation
• Validates bank account is owned by supplier through integration with global banking consortium and government authorities (US, UK, India, Sweden, Poland) • Confirms that the bank account does not have a negative balance (high risk attribute) • Flags change requests for bank accounts that have been recently opened
Global Network Intelligence
• Bank account confidence score based on user activity within apexportal • How many apexanalytix clients pay the supplier with the same account number? • How frequently is that bank account used by the supplier? • Is the bank account in the same country as the vendor? • Any other clients using this supplier?
Global Network Intelligence
No bank account change happens online without trails of data. IP addresses, how long the bank account has been open, and similarity to other supplier data in apex's supplier database with 70+ million verified suppliers. The list is endless. apexportal aggregates all these data points into one score to determine if the bank account change request is legit or not.
Behavior Monitoring
Do your suppliers normally update bank account info at 2 AM? User behavior monitoring automatically identifies patterns and suspicious activity. If a change is originated from someone accessing the system from another country or outside business hours, apexportal blocks the access and sends alerts for review.
Robust Access Controls
Keep all the bad guys out. Multi-factor authentication, security questions, frequency of password change limits, and even confirmation that an employee’s email address is still valid. All these form a wall to stop most hackers. On top of it, multiple attempts to break through the wall will automatically restrict access completely and flag for review.
Real-Time Verification
Bank account ownership validation confirms changes directly with banks. Verifies if the legal entity on the bank account matches with the legal entity in apexportal. Plus, it checks for a high-risk activity like the bank account was recently opened or has a negative balance.
Bank Account Change Controls
Protection after an account has been hacked. If a fraudster accessed the account, apexportal continues to prevent a fraudulent change. For instance, to change the bank account, the fraudster must know the original information. If the account is changed, an email is sent to everyone on the supplier account. Letting everyone know that their profile may be compromised.
Sadly, the most common practice is not a best practice.
Our 2022 Benchmark Report shows that the most common practices are not the best practices. Quite the opposite, they are the least effective.
When it comes to bank account changes, verifying ownership with an automated process is a best practice, and even stronger when used with additional layers of access and verification controls.
Download the report to see how large, global companies are approving bank account change requests.
