Hi Mark,
Below are the recommendations
1. Include the banking details as the part of the Contract/ Agreement.
2. You can establish an independent banking verification process wherein the vendor setup group will send out an email to the verified vendor email I'd and seek confirmation before payout.
3. As most of the communications are done via email - verification of email I'd is key. You can use domain verifier to check the creation / modification of the domain. This will mitigate phishing to a large extent.
4. Additional you can seek cancelled check or bank authorisation letter.
hope this helps.
------------------------------
Sriram Sivaramakrishnamurthy CMA
Director/Manager
Hyderabad
India
------------------------------
Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH
Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.). The firm wants to be paid via ACH. Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments? e.g., higher probabilities of breaches, who is liable, etc. Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry? Any recommendations before giving them access to the bank account?
Regards,
Mark
------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------