
- Membership
- Certification
- Resources
- Events
- Community
- About
- Help
Vendor onboarding is often treated as an operational process; collecting IRS W-9 and remittance information, performing the required validations and finally creating the vendor in the vendor master file. But in today’s fraud environment, that approach leaves a dangerous gap because it does not stop a fake vendor from starting the process, nor does it guarantee the collection of critical information that can prevent a future fraudulent payment if the vendor’s information ever changes. For contract vendors, one way to reduce payment fraud risk before the request ever reaches the vendor team and collect critical information, start during the contract process.
Just by embedding two key data points directly into vendor contracts can significantly strengthen your organization’s defenses:
Why Include the Vendor’s Taxpayer Identification Number (TIN)
A TIN is one of the most critical identifiers of a vendor’s legal existence. Federal requirements mandate collecting a taxpayer identification number for reportable payments, making it a foundational data point for compliance. Further, even for non-reportable payments, the TIN can confirm that the vendor is real, and not a fraudsters attempt to be setup in the vendor master file.
When this information is embedded in the contract:
To take this a step forward and reduce the risk before the request to setup the vendor reaches the vendor team, Sourcing or Procurement, can perform the IRS TIN match to ensure it matches IRS records BEFORE moving forward.
Why Contracts Must Define Authorized Contacts
Payment fraud often begins with a fraudulent request to change vendor remittance details since it can be easier for a fraudster to impersonate a real vendor vs getting setup as a new vendor. While many vendor teams know that this request must be confirmed, a significant issue is that they do not have the contact information to complete the confirmation. This means that at the time of the remittance change request, vendor team members have to search for any contact information on the vendor’s site (which can be spoofed), on invoices (which can be fake) and other documents that may not contain the vendor’s team member(s) that can confirm the request.
When contracts specify the name, role, and contact details of authorized team members than can request and confirm remittance change requests:
To take it a step further, arrange a meeting between the authorized team members and the vendor team. This establishes a relationship between the two teams where requirements and documents can be shared for vendor setup and more importantly, a process for future vendor changes can be established.
To Make This Work: Send the Fully Executed Contract, Renewals and SOWs to the Vendor Team
Once this information is embedded into the contract and the contract is fully executed, send the contract to the vendor team to be saved with the vendor’s documentation. This not only provides the information needed for any future vendor information changes, but it also provides the negotiated payment terms for the vendor to ensure invoices are paid on time, contributing to a solid relationship with the vendor.
When contracts are renewed, or when Statements of Work (SOW) are issued, send those to the vendor team. The vendor team can review for any changes to the TIN, authorized contacts or payment terms and determine next steps to update the vendor record.
Conclusion
The contract process is not just a legal formality. It is a practical way to reduce payment fraud risk before a vendor is added to or changed in the vendor master file. Including the vendor’s TIN and authorized contacts in the contract creates a stronger source of truth for validation, compliance, and future remittance change requests. Work with your sourcing/ procurement team or other applicable team members to add these two data points to the contract to reduce the risk of payment fraud.
What are you waiting for?