Rob Rogers
Checks: The Oldest Payment Method and Its Modern Fraud Risks
Introduction: Reports of Its Death Have Been Greatly Exaggerated Every few years, the payments industry announces that the check is finally dying. The data tells a more complicated story. Checks have declined as a share of total payment volume — that much is true. But in dollar terms, and particularly in business-to-business payment contexts, checks remain a significant component of the disbursement mix at many organizations. The Association for Financial Professionals' 2024 Payments Fraud and
ACH Payments: How They Work, How They're Exploited, and How to Defend Them
Introduction: The Rail That Moves American Commerce The Automated Clearing House network is the circulatory system of American business payments. In 2024, the ACH network processed more than 31 billion transactions totaling over $80 trillion — payroll, vendor payments, tax disbursements, insurance premiums, mortgage payments, and thousands of other recurring and one-time payment types. For most organizations, ACH is the primary mechanism by which vendor payments are made (and payroll is deliver
Payment Methods and Risk: An Overview
The Payment Method Is the Risk Profile Not all disbursements carry the same risk. A check mailed to a vendor carries a different fraud exposure than a same-day wire transfer. An ACH credit processed through a validated banking relationship presents different vulnerabilities than a real-time payment that settles in seconds and cannot be recalled. A virtual card introduces controls that paper checks cannot replicate — and limitations that experienced fraudsters know how to work around. For CFOs,
Ensuring Vendor Data Accuracy and Completeness: Governance, Hygiene and Controls
Data Accuracy as a Governance Imperative The other articles in this section have addressed specific categories of vendor data validation: bank account verification, TIN matching, address verification, and entity relationship identification. Each addresses a defined vulnerability in the vendor record. Each provides a layer of assurance that a specific data element is what it purports to be. Data accuracy governance addresses the layer beneath all of the categories of vendor data validation, det
Entity Relationship Identification, Verification and Control
Why Entity Relationships Are an Advanced Control Challenge Most vendor data validation controls operate at the level of the individual vendor record. Does this bank account belong to this vendor? Does this TIN match this legal name, does this address correspond to this entity? These are essential controls, and their absence creates serious vulnerability. But they share a common limitation — they evaluate each vendor record in isolation, without reference to the relationships between vendors, be
Vendor Address Verification Methods: Why Address Data Matters in the AP Control Framework
Address Verification as a Control, not a Formality Vendor address verification is frequently treated as a routine data quality exercise — a matter of ensuring that checks reach their destination and that 1099s are mailed to the right place. That framing understates both the control value and the fraud detection utility of address verification in a well-governed accounts payable program. A vendor's address is more than a mailing coordinate. It is a corroborating data point that either supports
Tax ID Validation: TIN Matching & Tax ID Verification for Vendor Onboarding
What Tax ID Validation Is and Why It Belongs in the AP Control Framework Tax ID validation is the process of confirming that the taxpayer identification number a vendor provides during onboarding — or at any subsequent point in the vendor relationship — is accurate, legitimate and matches the legal name of the entity or individual to which it belongs. For U.S. business entities, the relevant identifier is the Employer Identification Number (EIN), issued by the Internal Revenue Service. For sole
Bank Account Validation & Verification Guide: Methods, Controls, and Best Practices for Accounts Payable
Why Bank Account Validation Is the Most Critical Control in Vendor Management Of all the data elements in a vendor master file, bank account information is the single most operationally consequential — and the single most frequently targeted by fraud. It is the field that determines where money goes. An error in a vendor's name or address is a record-keeping problem. An error in a vendor's bank account number — whether caused by data entry mistake, process failure or deliberate criminal manipul
Beyond OFAC: Foreign Sanctions Screening
Organizations that process payments in currencies other than U.S. dollars, that are incorporated or operate in the UK or EU, or that have vendors with international ownership structures face layered screening obligations under multiple regulatory regimes. OFAC compliance alone is an incomplete sanctions program for any organization with international exposure. The United Kingdom: The UK Sanctions List (UKSL) The United Kingdom's sanctions regime has operated independently from the EU framewor