Invoice fraud preventionfor the payment that goes to the wrong account.Invoice fraud, also called vendor payment fraud, reroutes a real payment to a fraudster who changed the banking details by email. RankShield verifies the payee and the approval before the money moves, so a change that arrived in an inbox does not clear on its own.
A real payment, sent to the wrong bank account
Nobody breaks into your bank. The attacker changes where a legitimate payment goes, and your own team sends it.
Invoice fraud, vendor payment fraud and vendor email compromise all describe the same attack. A fraudster either spoofs a supplier’s email or takes over the supplier’s real mailbox, sends a message that the vendor’s banking details have changed, and adds a note of urgency. Your accounts payable team updates the vendor record and pays the next invoice, on time, to an account that belongs to the fraudster. The FBI’s Internet Crime Complaint Center classifies this under business email compromise, which it has called the 55 billion dollar scam based on global exposed losses from 2013 through 2023.
The reason it works is that the payment is authorized. Every fraud control your bank runs is built to catch a payment that you did not mean to make: a stolen card, a hijacked login, an unusual device. This payment is one you did mean to make, to a vendor you really owe, in an amount that matches a real invoice. The only thing wrong is the destination account, and that detail was changed through a channel your controls never inspect. That is why detection built for account takeover does not see it.
The change that no one verifies
The email looks right, the invoice is real, the deadline is Friday
The message comes from the supplier's address, or close to it. It references a genuine open invoice. It asks you to update the account before the next run. Your AP clerk updates the vendor master and schedules the payment. Two days later the real supplier asks where their money is. On a wire, RTP or FedNow, it has already settled and left the country.
Recovery is a backstop, not a control
The FBI can freeze funds when fraud is reported fast enough. Most of the money is already gone.
Source: FBI IC3 2024 Annual Report. We deliberately do not repeat the “72-hour window” figure that circulates online; it does not appear in the FBI’s report.
The control the FBI recommends, made automatic
Every authority names the same defense. The problem is that it depends on a person doing it every time.
The FBI and Nacha both name the same primary defenses against this fraud: verify any change to banking details through a second, out-of-band channel, using a phone number you already hold rather than one from the request, and require a second person to approve the release. That advice is correct. It is also manual, and manual controls fail under exactly the conditions this attack creates: urgency, a real deadline, and an understaffed accounts payable desk where one person can update a vendor and send a wire.
Verify the payee
A banking-detail change is checked against the vendor record you already trusted, not accepted because a message asked for it. The out-of-band step the FBI recommends, applied automatically.
Bind the approval
The specific payment needs proof that an authorized person approved it. Dual control that cannot be skipped when the clerk is under deadline.
Check before it moves
The verification happens before the payment settles on the rail, which is the only point where stopping it still saves the money on an irreversible rail.
Leave a receipt
Every decision produces a record of who approved what, so the AP team can show the control ran. See verifiable attestation.
Shared across the network
A payee or account flagged at one member of the RankShield Network is shared across it, so a fraudster burned at another business is known before it reaches you. Unlike a scoring consortium, every shared verdict is independently verifiable, and the signal compounds as members join.
Small and mid-sized businesses are more exposed, not less
The recommended controls assume a fraud team you do not have. This is built for the team you do.
Enterprises the size of an Accertify client have layered fraud operations. A small or mid-sized business usually has an accounts payable clerk, a manual approval chain, and a founder who can send a wire from a phone. That is not a moral failing; it is how a lean business runs. It is also why the 2026 AFP Payments Fraud survey found that 48 percent of organizations under a billion dollars in revenue took a fraud loss, and why only 17 percent of organizations overall use any automation to fight it. The manual callback the FBI recommends is the right control and the first one to get skipped when the person doing it is also doing four other jobs. Automating it is the point.
A verification vendor should be precise about its own evidence
We do not claim a large fraud-detection network, because that value comes from many participants and we are early. We do not show you customer names or loss-prevention statistics we cannot substantiate. And we do not tell you a build is cryptographically sealed to our transparency log unless it is, which our transparency page reports honestly, build by build. What we offer a small or mid-sized business today is the verification control the FBI and Nacha already recommend, automated and made unskippable, applied before the money moves.
Invoice and vendor fraud, answered
What is invoice fraud, and how is it different from a hacked account?
Why can’t we just recover the money afterward?
How does RankShield actually stop it?
Isn’t this just a problem for big companies?
Does this work for ACH and checks, or only wires?
What can you prove, and what are you still building?
See your payments verified before they settle.
Invoice fraud sends a real payment to the wrong account. The defense is to verify the change before it settles, automatically, on every payment. Request access and we will map it to your accounts payable process.