VENDOR PROCESS TRAINING CENTER

RESOURCE LIBRARY

Check back often for updates!

vendor validation resources

Tax ID > IRS  & Non-US
Watchlists
Address
Bank Branch Details
Bank Account Ownership

Vendor Registration Number & Legal Name

IRS e-Services - Free

IRS TIN Match:  Verify the Vendor Legal Name and Tax ID combination matches IRS records.  Single lookup and batch file upload. 

TINcheck.com - Paid

IRS TIN Match:  Verify the Vendor Legal Name and Tax ID combination matches IRS records. Single lookup and batch file upload.  Monthly or prepaid suscription option. 

Global Registration Numbers - included in vendor setup toolkit

Upgrade to get access to the Global Vendor Registration Numbers.  Registration #'s for 100+ Countries.  See the Vendor Setup Toolkit that includes vendor setup forms, desktop procedures and vendor communication scripts.

irs tax exempt organization tool - free

Charities/Non-Profit Search:  Verify the vendor is a valid charity/non-profit.  Search using the Vendor Legal Name and/or the Tax ID.  

TINcheck.com - Paid

Charities/Non-Profit Search: Verify the vendor is a valid charity/non-profit. Search using the Vendor Legal Name and/or the Tax ID.  

Value added tax (VAT) - Free

VAT is an International Country-level sales tax that your company’s tax team may need to use to reclaim VAT that is added to invoices paid.

Vendor legal name

Office of Foreign Assets & Control (OFAC) - Free

US Entities and Individuals are prohibited from paying vendors that appear on these consolidated lists.  Search by Legal Name. Compliance with OFAC regulations is required for all US individuals and entities. Failure to comply can result in both civil and criminal penalties.

TINCheck.com - Paid

Includes 42 watchlists including OFAC, OIG and SAM exclusion lists

System of Awared Management (SAM) Excluded Parties List System (EPLS) - Free (Required for Government Entities)

Organizations that receive federal funds are prohibited from doing business with vendors that appear on this exclusion list. 

Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE) - Free  (Requred for Health Care Entities)

OIG has the authority to exclude individuals and entities from federally funded health care programs (Medicare/Medicaid). Search by name first, then if there is a match enter the Social Security Number (SSN) or Employer Identification Number (EIN) to verify it is your vendor.

Bureau of Industry and Security (BIS) Denied Persons List - free

Vendors that appear on this list have had their export privileges denied by written order of the Department of Commerce. 

TBD

TBD

vendor Address

United States Postal Services (UsPS) Zip Code Lookup Tool - Free

Standardizes address formats in accordance with US Postal Service (US).  Use when sending mail from the US to a US or a Non-US address.  

Universal Postal union (UPU) - Free

Standardizes address formats in accordance with International format standards.  Use when sending mail from a Non-US country to a US or a Non-US address.  

Smarty - Paid

Standardizes address formats for US and Non-US addresses.  Connected to the USPS database.  Will also give address status such as Inactive, Vacant or PO Box Only.

TINCheck.com - Paid 

US addresses only.  Standardizes address formats in accordance with US Postal Service (US). Use when sending mail from the US to a US address.   

TBD

TBD

TBD

TBD

bank branch details

Federal Reservice - US Bank Routing Number - Free

Confirm that ACH or Wire payments are processed successfully.  This is key to ensure that the correct ABA routing number is used for the right payment.  Some bank ABA routing numbers can be used for ACH and Wire payments, while some are restricted to ACH or Wire.  

Payments Canada - Canadian Banks - routing number - Free

Confirm that ACH or Wire payments are processed successfully. 

SWIFT - Non-US  bank - business identifier code (BIC) - Free

Ensure that International ACH or Wire payments are processed successfully. Countries that do not require an IBAN will have a BIC Code that represents a bank branch and is authorized for transactions through the SWIFT network along with a bank account number.

sWIFT - non-us bank - international bank account number (IBAN) - free

Ensure that International electronic payments are processed successfully. The IBAN is required for all bank accounts in the EU countries plus Norway, Switzerland, Liechtenstein and Hungary. The IBAN is made up of a code that identifies the country the account belongs to, the account holder's bank and the account number itself.

OFFICE OF FOREIGN ASSETS & CONTROL (OFAC) - FREE

Foreign Banks that appear on the List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List) list should not be setup in your vendor master file. Compliance with OFAC regulations is required for all US individuals and entities.  Failure to comply can result in both civil and criminal penalties.

TBD

TBD

vendor legal name = bank account holder name
vendor tax id = tax id used to setup account

early warning system (ews) - us banks - Paid

Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS.  Use EWS if you have a relationship with:  Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank and Wells Fargo.

GIACT Systems - us banks - paid

Reseller of Early Warning System.  Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS. 

nsknox - us & non-us banks - paid

Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. Both US and Non-US banks are included via a Microdeposit type of validation triggered by the vendor. 

vendor info - us banks - paid

Reseller of Early Warning System. Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS.   Has a standalone tool for AP team member use. 

validifi - us banks - paid

Reseller of Early Warning System. Ensure that ACH or Wire payments are paid to the correct vendor and not a fraudulent vendor bank account. US banks voluntarily contribute to depositor details to database owned by EWS. 

tbd

TBD

nacha

Who is Nacha?
Vendor Bank Acct #
Micro Entry - Phase 1
Micro Entry - Phase 2

nacha - NATIONAL aUTOMATED cLEARING hOUSE ASSOCIATION

Nacha governs the thriving ACH Network, the payment system that drives safe, smart, and fast Direct Deposits and Direct Payments with the capability to reach all U.S. bank and credit union accounts. More than 29 billion ACH Network payments were made in 2021, valued at close to $73 trillion. Through problem-solving and consensus-building among diverse payment industry stakeholders, Nacha advances innovation and interoperability in the payments system. Nacha develops rules and standards, provides industry solutions, and delivers education, accreditation, and advisory services. 

Supplementing Data Security Requirements

Effective Date:  June 30, 2022
This Rule modifies the following areas of the Nacha Operating Rules:
Article One, Section 1.6 (Security Requirements) to require each Non-Consumer Originator that is not a Participating DFI, each Third-Party Service Provider, and each Third-Party Sender, whose ACH Origination or Transmission volume exceeds 2 million Entries annually to protect DFI Account Numbers used in the initiation of Entries by rendering them unreadable when stored electronically.

Includes:  Invoices with Vendor Banking and Vendor Banking stored in Accounting Systems/ERPs

This Rule defines and standardizes practices and formatting of Micro-Entries, which are used by some ACH Originators as a method of account validation

Effective:  September 16, 2022

  • In the Company Entry Description field, the Rule requires the use of “ACCTVERIFY”
  • The Company Name must be readily recognizable to the Receiver, and be the same or similar to the Company Name that will be used in future Entries

Originators of Micro-Entries will be required to use commercially reasonable fraud detection, including the monitoring of Micro-Entry forward and return volumes

Effective:  March 17, 2023

  • In the Company Entry Description field, the Rule requires the use of “ACCTVERIFY”
  • The Company Name must be readily recognizable to the Receiver, and be the same or similar to the Company Name that will be used in future Entries

fraud terms

Account Takeover

When a fraudster obtains the credentials of a consumer or a business bank account and pushes credits to their own accounts.

Business Email Compromise (BEC)

When the legitimate email account of a business officer is either compromised or impersonated and used to order or request the transfer of funds.

email account takeover

When a fraudster obtains the credentials of a vendor or a business email account and sends emails purporting to be from the vendor.

Multi-Factor Authentication (MFA) 

The process of using two or more pieces of information to log in to an account. This can be a password, and code sent to a phone.

pharming

The collection of victim-sensitive data (such as login credentials) on a spoofed or fraudulent site.

phishing

Cybercriminals trick users into providing information or installing dangerous software. Can lead to Pharming if the user clicks on a link that leads to a fraudulent website.

Romance Scam

 Cybercriminals adopt a fake online identity to create the illusion of a romantic relationship to manipulate and/or steal from the victim. Proceeds from successful BEC scams are often sent to victim accounts to conceal the actual fraudster.

smishing

"SMShing" or "Smishing" is a form of phishing attack that targets mobile devices. Instead of sending phishing content over email, smishers use SMS or MMS text messages to deliver their messages

spear phishing

A type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.

vendor impersonation fraud

When a business, public sector agency or organization receives an unsolicited request, purportedly from a valid vendor, to update the payment information for that vendor.

vishing

A form of phishing attack that targets live calls or voicemail. Instead of sending phishing content over email, smishers use phone calls or voice mail to social engineer you and your team members.

whale phishing

Aimed at senior executives, it is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.

Pig Butchering

Attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well. They are also used with romance scams.

irs resources

1099-NEC/1099-MISC Reporting Forms and Publications
IRS 1099-NEC/1099-MISC Due Dates
Combined Federal/State Filing (CF/SF Program)*