VENDOR PROCESS TRAINING CENTER
RESOURCE LIBRARY
VENDOR VALIDATIONS
NACHA ACH RULES
FRAUD TERMS
TAX REPORTING
vendor validation resources
Vendor Registration Number & Legal Name
IRS e-Services - Free
IRS TIN Match: Verify the Vendor Legal Name and Tax ID combination matches IRS records. Single lookup and batch file upload.
TINcheck.com - Paid
IRS TIN Match: Verify the Vendor Legal Name and Tax ID combination matches IRS records. Single lookup and batch file upload. Monthly or prepaid suscription option.
Global Registration Numbers - included in vendor setup toolkit
Upgrade to get access to the Global Vendor Registration Numbers. Registration #'s for 100+ Countries. See the Vendor Setup Toolkit that includes vendor setup forms, desktop procedures and vendor communication scripts.
IRS tax exempt organization search (TEOS) - free
Charities/Non-Profit Search: Verify the vendor is a valid charity/non-profit. Search using the Vendor Legal Name and/or the Tax ID.
TINcheck.com - Paid
Charities/Non-Profit Search: Verify the vendor is a valid charity/non-profit. Search using the Vendor Legal Name and/or the Tax ID.
Value added tax (VAT) - Free
VAT is an International Country-level sales tax that your company’s tax team may need to use to reclaim VAT that is added to invoices paid.
IRS FACTA Foreign Financial Institution (FFI) List Search and Download Tool
Global Intermediary Identification Number: Verify for vendors for FATCA reporting purposes.
Vendor legal name
Office of Foreign Assets & Control (OFAC) - Free
US Entities and Individuals are prohibited from paying vendors that appear on these consolidated lists. Search by Legal Name. Compliance with OFAC regulations is required for all US individuals and entities. Failure to comply can result in both civil and criminal penalties.
TINCheck.com - Paid
Includes 42 watchlists including OFAC, OIG and SAM exclusion lists
System of Award Management (SAM) Excluded Parties List System (EPLS) - Free (Required for Government Entities)
Organizations that receive federal funds are prohibited from doing business with vendors that appear on this exclusion list.
Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE) - Free (Required for Health Care Entities)
OIG has the authority to exclude individuals and entities from federally funded health care programs (Medicare/Medicaid). Search by name first, then if there is a match enter the Social Security Number (SSN) or Employer Identification Number (EIN) to verify it is your vendor.
Bureau of Industry and Security (BIS) Denied Persons List - free
Vendors that appear on this list have had their export privileges denied by written order of the Department of Commerce.
vendor Address
United States Postal Services (USPS) Zip Code Lookup Tool - Free
Standardizes address formats in accordance with US Postal Service (US). Use when sending mail from the US to a US or a Non-US address.
Universal Postal union (UPU) - Free
Standardizes address formats in accordance with International format standards. Use when sending mail from a Non-US country to a US or a Non-US address.
Smarty - Paid
Standardizes address formats for US and Non-US addresses. Connected to the USPS database. Will also give address status such as Inactive, Vacant or PO Box Only.
TINCheck.com - Paid
US addresses only. Standardizes address formats in accordance with US Postal Service (US). Use when sending mail from the US to a US address.
bank branch details
Federal Reservice - US Bank Routing Number - Free
Confirm that ACH or Wire payments are processed successfully. This is key to ensure that the correct ABA routing number is used for the right payment. Some bank ABA routing numbers can be used for ACH and Wire payments, while some are restricted to ACH or Wire.
Payments Canada - Canadian Banks - routing number - Free
Confirm that ACH or Wire payments are processed successfully.
SWIFT - Non-US bank - business identifier code (BIC) - Free
Ensure that International ACH or Wire payments are processed successfully. Countries that do not require an IBAN will have a BIC Code that represents a bank branch and is authorized for transactions through the SWIFT network along with a bank account number.
sWIFT - non-us bank - international bank account number (IBAN) - free
Ensure that International electronic payments are processed successfully. The IBAN is required for all bank accounts in the EU countries plus Norway, Switzerland, Liechtenstein and Hungary. The IBAN is made up of a code that identifies the country the account belongs to, the account holder's bank and the account number itself.
OFFICE OF FOREIGN ASSETS & CONTROL (OFAC) - FREE
Foreign Banks that appear on the List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List) list should not be setup in your vendor master file. Compliance with OFAC regulations is required for all US individuals and entities. Failure to comply can result in both civil and criminal penalties.
The clearing House (CHIPS) Universal ID (UID) - Free
Confirm the ACH or Wire payments that go through CHIPS are processced successfully. CHIPS is the primary US Network for large-value domestic and international USD payments that are less time-sensitive since it is less expensive than Fedwire.
vendor legal name = bank account holder name
vendor tax id = tax id used to setup account
early warning system (eWS) - us banks - Paid
Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS. Use EWS if you have a relationship with: Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank and Wells Fargo.
GIACT Systems - us banks - paid
Reseller of Early Warning System. Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS.
nsknox - us & non-us banks - paid
Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. Both US and Non-US banks are included via a Microdeposit type of validation triggered by the vendor.
vendor info - us banks - paid
Reseller of Early Warning System. Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS. Has a standalone tool for AP team member use.
Bedrock - US & Canada Banks - Paid
Bedrock's government connections and integrations validate banking and risk information. Also provides validations for US Tax Id, OFAC and other major sanctions list. Also offers continous monitoring, vendor master file cleanse and vendor onboarding.
Trustpair - Us & Non-US Banks - Paid
Trustpair ensures automatic account validation and the monitoring of third-party risks. Through their platform, Trustpair can process systematic and international account validations in just a few seconds.
Vendor Domain URL Lookup for Red Flag
Google Safe Browsing - Free
Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites. When they detect unsafe sites, we show warnings on Google Search and in web browsers.
ICANN Domain Lookup - Free
The ICANN registration data lookup tool gives you the ability to look up the current registration data for domain names and Internet number resources. See instructions above
Whois Domain Lookup - Free
A Whois domain lookup allows you to trace the ownership and tenure of a domain name. See instructions above
tax Year 2025 Reporting resources
1099-MISC | 1099-NEC | 1042-S
Click links For Most Current Version on IRS Site
Recognize IRS Tax Scams and Fraud: Click Here for the IRS page
For these states, you only have to file 1099-NEC/1099-MISC with the 1RS
Tax Year 2025 Changes - Missouri Removed and Rhode Island Added
Oregon & Rhode Island Are Not Participating for TY 2025!
(Scroll Down)
For Tax Year 2025 to be Filed in 2026:
1099-MISC & 1099-NEC & 1042-S
Electronic Filing Threshold = 10 Forms (total across all Reporting forms)
1099-MISC & 1099-NEC & 1042-S
Electronic Filing Threshold = 10 Forms (total across all Reporting forms)
IRS Announces First Day of 2026 Filing Season: January 26, 2026
Click Each To enroll, Watch or Listen
Avoid IRS Fines > Validate Legal Name + Tax ID Combination
Sending Via Mail? Standardize and Validate Your Vendor's Address
Get Help Now
Don't Forget These Tasks
IRS Verified Social Media Accounts
Each Social Media Platform has Several Accounts - Click the Button Below to Access the IRS Social media page With Links
nacha
nacha - NATIONAL aUTOMATED cLEARING hOUSE ASSOCIATION
Nacha governs the thriving ACH Network, the payment system that drives safe, smart, and fast Direct Deposits and Direct Payments with the capability to reach all U.S. bank and credit union accounts. More than 29 billion ACH Network payments were made in 2021, valued at close to $73 trillion. Through problem-solving and consensus-building among diverse payment industry stakeholders, Nacha advances innovation and interoperability in the payments system. Nacha develops rules and standards, provides industry solutions, and delivers education, accreditation, and advisory services.
Supplementing Data Security Requirements
Effective Date: June 30, 2022
This Rule modifies the following areas of the Nacha Operating Rules:
This Rule modifies the following areas of the Nacha Operating Rules:
Article One, Section 1.6 (Security Requirements) to require each Non-Consumer Originator that is not a Participating DFI, each Third-Party Service Provider, and each Third-Party Sender, whose ACH Origination or Transmission volume exceeds 2 million Entries annually to protect DFI Account Numbers used in the initiation of Entries by rendering them unreadable when stored electronically.
Includes: Invoices with Vendor Banking and Vendor Banking stored in Accounting Systems/ERPs
Includes: Invoices with Vendor Banking and Vendor Banking stored in Accounting Systems/ERPs
This Rule defines and standardizes practices and formatting of Micro-Entries, which are used by some ACH Originators as a method of account validation
Effective: September 16, 2022 (6 Million ACH Transactions)
Effective: March 17, 2023 (2 Million ACH Transactions)
Effective: March 17, 2023 (2 Million ACH Transactions)
- In the Company Entry Description field, the Rule requires the use of “ACCTVERIFY”
- The Company Name must be readily recognizable to the Receiver, and be the same or similar to the Company Name that will be used in future Entries
This rule amendment will require all ODFI, and each non-Consumer Originator, Third-Party Service Provider, and Third-Party Sender with annual ACH origination volume in 2023 of 6 million or greater
Phase 1 Effective: March 20, 2026 (6 Million+ ACH Transactions in 2023)
Phase 2 Effective: June 19, 2026 (All)
- Establish and implement risk-based processes and procedures reasonably intended to identify ACH Entries initiated due to fraud
Standard Company Entry Descriptions
fraud terms
Account Takeover
When a fraudster obtains the credentials of a consumer or a business bank account and pushes credits to their own accounts.
Brushing
When you receive a shipped product that you did not order. The fraudster will provide a fake review for that product on your behalf since you are now a verified buyer.
Business Email Compromise (BEC)
When the legitimate email account of a business officer is either compromised or impersonated and used to order or request the transfer of funds.
Conversation Hijacking
Conversation hijacking is a type of targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts or other sources.
email account takeover
When a fraudster obtains the credentials of a vendor or a business email account and sends emails purporting to be from the vendor.
False Pretenses
Nacha: The inducement of a payment by a Person misrepresenting (a) that Person’s identity, (b) that Person’s association with or authority to act on behalf of another Person, or (c) the ownership of an account to be credited.”
Multi-Factor Authentication (MFA)
The process of using two or more pieces of information to log in to an account. This can be a password, and code sent to a phone.
pharming
Intentionally redirecting legitimate URL to it's fraudulent URL for the collection of victim-sensitive data (such as login credentials).
phishing
Cybercriminals trick users into providing information or installing dangerous software. Can lead to Pharming if the user clicks on a link that leads to a fraudulent website.
smishing
"SMShing" or "Smishing" is a form of phishing attack that targets mobile devices. Instead of sending phishing content over email, smishers use SMS or MMS text messages to deliver their messages
Romance Scam
Cybercriminals adopt a fake online identity to create the illusion of a romantic relationship to manipulate and/or steal from the victim. Proceeds from successful BEC scams are often sent to victim accounts to conceal the actual fraudster.
Scam Interdiction
When banks decline or pause high-risk customer activity until they can confirm it's not a scam or convince their customer it is.
spear phishing
A type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.
vendor impersonation fraud
When a business, public sector agency or organization receives an unsolicited request, purportedly from a valid vendor, to update the payment information for that vendor.
vishing
A form of phishing attack that targets live calls or voicemail. Instead of sending phishing content over email, smishers use phone calls or voice mail to social engineer you and your team members.
whale phishing
Aimed at senior executives, it is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.
Pig Butchering
Attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well. They are also used with romance scams.
Malicious Elicitation
Using a conversation to collect information that is not readily available - for nefarious purposes. The victim may not realize that they are a target. Can happen when AP or the Vendor team communicates with a fraudster via phone or email.
Tabnabbing
Cybercriminals exploit users with multiple browser tabs open. When a user switches to another tab, the attacker’s script silently changes the content of the unattended tab to a malicious website that mimics a legitimate site. When users return to the compromised tab, they may unknowingly enter their credentials or sensitive information into the fake site.
Quishing
A form of phishing attack that targets QR codes or Instead of sending phishing content over email, quishers hijack or create QR codes to social engineer you and your team members. Quishing is more effective because the QR code evades email filters when QR codes are included in email.
Zishing
Zoom-based phishing using deepfake audio and video. Named after Zoom, but can be used on any video conferencing platform.