Vendor Identity Glossary: A Primer for AP, Procurement, and Finance Teams

Part 1: Vendor Identity

Vendor Identity

What the concept means: Vendor identity refers to the verified, trusted representation of a business entity in your financial system. This encompasses not just the vendor’s name and bank account, but their legal identity, tax status, business registration, and authenticated payment instructions. Unlike a vendor record (which may simply reflect what the vendor self-reported on a vendor form), a vendor identity has been independently verified and is treated as trustworthy by the organization.

Why it matters: Most payment fraud does not result from hacking a system. It results from a fraudster successfully impersonating a vendor and changing payment instructions. Verified vendor identity closes that gap by ensuring that the entity in your system is genuinely who they claim to be.

Related terms: vendor identity management, vendor identity platform, vendor identity verification, business identity, authenticated payee, vendor profile

Vendor Identity Management

What the concept means: Vendor identity management is the practice of governing and maintaining verified vendor identities across the vendor lifecycle — from initial onboarding through ongoing changes and offboarding. It includes establishing identity at onboarding, authenticating updates, and monitoring for unauthorized changes.

How it differs from vendor management: Traditional vendor management focuses on performance, contracts, and relationships. Vendor identity management focuses specifically on the integrity of the identity and payment data associated with each vendor. It answers the “who are we actually paying” question.

Related terms: vendor identity, vendor profile management, vendor master data management, vendor authentication, vendor lifecycle management

Vendor Identity Platform

What the concept means: A vendor identity platform is a software solution designed specifically to authenticate, monitor, and maintain vendor identities as a foundation for secure B2B payments. It goes beyond a vendor portal (which collects data) or an ERP module (which stores data) by independently verifying the business identity behind each vendor record.

Key capabilities: identity verification against independent data sources, bank account authentication, sanction screening, ongoing monitoring, indemnification of authenticated data.

How it differs from a vendor portal: A vendor portal accepts what vendors submit. A vendor identity platform independently verifies what vendors submit before it enters the financial system.

Related terms: vendor identity, vendor management platform, vendor onboarding software, vendor management system, business identity platform

Vendor Identity Verification

What the concept means: Vendor identity verification is the process of confirming that a vendor is genuinely who they claim to be — typically by checking business registration details, tax identification, legal name, and bank account ownership against independent, trusted data sources. It goes beyond asking vendors to submit information and independently validates that information.

How it differs from vendor verification: “Vendor verification” often refers to checking whether a vendor’s information is formatted correctly or whether a bank account exists. Vendor identity authentication goes deeper, confirming the identity of the business entity itself.

Related terms: vendor verification, vendor authentication, vendor validation, business identity verification, payee verification

Business Identity

What the concept means: Business identity refers to the verified digital representation of a company’s core attributes: legal name, tax identification number (TIN/EIN), business registration details, principal address, and ownership structure. In the context of B2B payments, establishing a vendor’s business identity is the foundation for secure payment processing.

The business identity gap: Many organizations have vendor files full of self-reported data:  information the vendor provided but that was never independently verified. The gap between “what the vendor said” and “what can be confirmed from independent sources” is where fraud enters.

Related terms: vendor identity, business identity verification, business identity platform, TIN verification, EIN verification

Authenticated Payee

What the concept means: An authenticated payee is a vendor or supplier whose identity, tax information, and banking details have been verified against independent sources and formally recognized as trustworthy within a payment ecosystem. The authentication has been documented and can be used to support ACH payments, wire transfers, and other B2B payment types.

Relationship to vendor identity: “Authenticated payee” is the status a vendor achieves after completing a vendor identity verification process. It is the outcome of vendor identity management done well.

Related terms: vendor identity, payee verification, bank account authentication, authenticated vendor network

Authenticated Vendor Network

What the concept means: An authenticated vendor network is an ecosystem in which vendors maintain verified profiles — including identity credentials, tax data, and bank accounts — that can be trusted and shared across multiple organizations. Once a vendor authenticates within the network, member organizations can rely on that verification rather than repeating the process independently.

Advantages: reduces duplicative onboarding effort, creates a consistent identity standard, and makes it significantly harder for fraudsters to introduce fake vendor identities into the ecosystem.

Related terms: authenticated payee, vendor identity, vendor network, vendor portal, payee ecosystem

Vendor Profile

What the concept means: A vendor profile is the standardized, structured record of a vendor’s core information in an organization’s financial system. A complete vendor profile typically includes legal name, doing-business-as (DBA) name, TIN/EIN, address, primary contact, banking details, compliance status (sanctions, certifications), and payment preferences.

Standard vs. configurable profiles: Many organizations use configurable vendor forms that collect different data from different vendors. The trend toward standardized vendor profiles—or a credential—reflects the recognition that inconsistent data collection creates compliance gaps and fraud risk.

Related terms: vendor master file, vendor master data, vendor record, vendor identity, vendor profile template, vendor profile format

Vendor Profile Template

What the concept means: A vendor profile template is a standardized set of fields and data requirements used consistently across all vendor onboarding. It defines what information every vendor must provide, reducing the variability that creates compliance and fraud risks.

Why standardization matters: When every vendor provides different information in different formats, it becomes difficult to verify any of it systematically. Standardized templates enable automated verification and create consistent audit trails.

Related terms: vendor profile, vendor onboarding form, vendor master data, vendor identification form

 

Part 2: Vendor Authentication & Verification

Vendor Authentication

What the concept means: Vendor authentication is the process of confirming that an entity requesting to onboard as a vendor, or requesting a change to existing vendor information, is genuinely who they claim to be. It involves verifying identity against independent sources, not simply accepting self-reported information.

Authentication vs. verification: Verification checks that information looks correct (format validation, existence checks). Authentication confirms that the entity behind the information is who they claim to be. 

Related terms: vendor identity verification, vendor verification, business identity verification, bank account authentication, authenticated payee

Vendor Verification

What the concept means: Vendor verification is the process of confirming that the information a vendor has provided is accurate. In common usage, it spans a range of activities — from basic format checks (does this routing number exist?) to ownership confirmation (does this bank account belong to this vendor?). The most rigorous forms of vendor verification approach what is more precisely called vendor authentication.

Common vendor verification methods and their limitations: Phone confirmation is vulnerable to social engineering. Email confirmation is vulnerable to business email compromise. Callback verification using numbers from existing records is stronger but still depends on the security of those records. Automated verification against independent data sources is the most reliable approach.

Related terms: vendor authentication, vendor identity verification, vendor validation, bank account verification, payee verification

Vendor Validation

What the concept means: Vendor validation typically refers to checking whether vendor information conforms to expected formats and whether referenced accounts or entities exist. It answers the question “does this look right?” rather than “is this entity who they say they are?” Validation is a necessary but insufficient control for fraud prevention.

Validation vs. verification vs. authentication: These three terms represent increasing levels of rigor. Validation = format and existence checks. Verification = ownership and accuracy confirmation. Authentication = identity confirmation against independent sources.

Related terms: bank account validation, vendor verification, vendor authentication, account validation

Bank Account Verification

What the concept means: Bank account verification confirms that a bank account exists and is active. In B2B payment contexts, it specifically validates that the routing number and account number provided by a vendor correspond to a real account.

Why bank account verification matters: Vendor payment fraud frequently involves a fraudster substituting their own bank account details for a legitimate vendor’s. Bank account verification — particularly ownership verification — directly prevents this attack.

Related terms: bank account ownership verification, bank account validation, bank account authentication, ACH verification, payee verification

Bank Account Ownership Verification

What the concept means: Bank account ownership verification goes beyond confirming that an account exists — it confirms that the account belongs to the specific entity claiming ownership. This is the critical control that prevents payment redirection fraud, in which an attacker substitutes a fraudulent account for a legitimate one.

Why email confirmation is not enough: Asking a vendor to confirm their bank account via email does not constitute ownership verification. Email can be intercepted or spoofed. True ownership verification uses independent data sources that confirm the account holder’s identity without relying on the vendor’s own communications.

Related terms: bank account verification, bank account validation, payee verification, vendor authentication, ACH fraud prevention

Bank Account Validation

What the concept means: Bank account validation confirms that a bank account number is correctly formatted and that the routing number corresponds to a real financial institution. It does not confirm ownership. Validation is a useful data quality check but is insufficient as a fraud prevention control on its own.

Validation vs. verification: A fraudster can provide a perfectly valid bank account — their own — while impersonating a legitimate vendor. Validation will pass; only verification (ownership confirmation) will catch the fraud.

Related terms: bank account verification, bank account ownership verification, ACH validation, account validation, Nacha validation rules

Payee Verification

What the concept means: Payee verification is the process of confirming that the entity scheduled to receive a payment is the intended recipient — and that their payment instructions are accurate and have not been tampered with. It encompasses both identity verification and bank account ownership verification.

Related terms: vendor verification, bank account verification, authenticated payee, vendor identity verification

Vendor Identification

What the concept means: Vendor identification is the process of establishing and recording who a vendor is, typically at the point of onboarding. This includes capturing legal name, DBA name, TIN, business registration details, and other identifying attributes. Robust vendor identification creates the foundation for ongoing verification and monitoring.

Vendor identification vs. vendor authentication: Identification is about capturing what a vendor says about themselves. Authentication is about independently confirming whether what they said is true.

Related terms: vendor identity, vendor profile, vendor identification process, vendor identification form, vendor identification number

Vendor Identification Process

What the concept means: The vendor identification process is the set of steps an organization uses to establish and confirm a vendor’s identity at onboarding and throughout the vendor lifecycle. A weak vendor identification process — one that relies on self-reported data or email confirmation — is among the most common entry points for vendor payment fraud.

Related terms: vendor identification, vendor onboarding process, vendor identity verification, vendor authentication

Vendor Identification Form

What the concept means: A vendor identification form is the data collection instrument used during vendor onboarding to capture the information needed to establish a vendor’s identity. A well-designed vendor identification form collects the data necessary for identity verification — not just name and bank account, but TIN, business registration details, and other attributes that can be checked against independent sources.

The problem with custom forms: Many organizations use highly configurable, custom vendor forms that collect inconsistent data. Without standardization, systematic automated verification becomes impossible.

Related terms: vendor profile template, vendor onboarding form, vendor identification, new vendor onboarding form, W-9, W-8

Know Your Business (KYB)

What the concept means: Know Your Business (KYB) is the practice of verifying the identity and legitimacy of a business entity before entering into a financial or commercial relationship with it. Borrowed from financial services compliance, KYB in the vendor management context involves verifying legal registration, ownership, tax status, and beneficial ownership of vendor entities.

Relationship to vendor identity: KYB is the compliance framework that underlies robust vendor identity management. Organizations with mature vendor identity programs are, in effect, running KYB processes.

Related terms: vendor identity verification, business identity verification, vendor due diligence, vendor compliance, TIN matching

Part 3: Fraud: Types, Tactics & Prevention

Vendor Fraud

What the concept means: Vendor fraud refers to fraudulent activity involving an organization’s vendors or supplier relationships, either perpetrated by an external attacker impersonating a vendor, or by a vendor acting in bad faith. In B2B payment contexts, the most common forms involve payment redirection, fictitious vendors, and overbilling.

Types of vendor fraud: vendor impersonation fraud, business email compromise, fictitious vendor fraud, and account takeover.

Related terms: vendor impersonation fraud, business email compromise, vendor email compromise, ACH fraud, payment redirection, fictitious vendor

Vendor Impersonation Fraud

What the concept means: Vendor impersonation fraud occurs when an attacker poses as a legitimate vendor — typically via email, phone, or spoofed communications — to deceive an organization into updating vendor payment information or making payments to a fraudulent account. This is one of the most common forms of B2B payment fraud.

How it works: An attacker researches a vendor relationship, then contacts the target organization claiming to be that vendor. They request a bank account update or initiate a payment. If the organization lacks robust authentication controls, the fraudulent instructions may be processed.

Related terms: vendor fraud, business email compromise, social engineering fraud, payment redirection, vendor identity

Vendor Email Compromise (VEC)

What the concept means: Vendor email compromise is a targeted fraud scheme in which an attacker gains access to or spoofs a vendor’s email account to send fraudulent payment instructions to the vendor’s customers. Unlike business email compromise (which typically targets the paying organization’s email), VEC exploits the vendor’s communications.

Why VEC is particularly dangerous: Because the fraudulent emails appear to come from a vendor’s actual email domain — or from a convincingly spoofed version — they can bypass standard email security controls and deceive even vigilant employees.

Related terms: business email compromise, vendor impersonation fraud, social engineering fraud, vendor fraud, email fraud

Business Email Compromise (BEC)

What the concept means: Business email compromise is a sophisticated fraud scheme in which an attacker uses email — often by compromising a real email account or creating a convincing lookalike — to deceive employees into taking financial actions, such as wiring money or updating vendor payment information. BEC is consistently one of the highest-dollar fraud categories reported by the FBI.

Related terms: vendor email compromise, social engineering fraud, CEO fraud, vendor impersonation fraud, payment fraud

CEO Fraud (Phishing)

What the concept means: CEO fraud, also called CEO phishing or business email compromise, is a type of social engineering attack in which a fraudster impersonates a senior executive (typically the CEO or CFO) and instructs an employee to make an urgent payment or update vendor payment details. The authority of the impersonated executive discourages recipients from questioning the request.

Related terms: business email compromise, social engineering fraud, vendor fraud, executive impersonation

Social Engineering Fraud

What the concept means: Social engineering fraud refers to fraudulent schemes that exploit human psychology — trust, authority, urgency, or fear — rather than technical vulnerabilities. In vendor payment contexts, social engineering typically involves convincing employees to override controls, bypass approval processes, or share sensitive information. It is the most common fraud vector in B2B payments.

Why technology alone cannot prevent social engineering: Cybersecurity tools protect against system intrusions. They cannot prevent an employee from being convinced by a convincing email or phone call. The solution is removing humans from the verification loop through automated, independently verified identity and payment controls.

Related terms: vendor impersonation fraud, business email compromise, CEO fraud, vendor fraud, vendor identity

Payment Redirection Fraud

What the concept means: Payment redirection fraud occurs when an attacker successfully changes a vendor’s payment details in the paying organization’s system so that payments are sent to a fraudulent account. It is the most direct financial outcome of successful vendor impersonation or BEC attacks.

Prevention: The most effective prevention is vendor identity authentication — ensuring that any change to payment instructions is verified against independent data sources before the update is accepted into the financial system.

Related terms: vendor impersonation fraud, ACH fraud, bank account verification, vendor authentication, payment fraud

ACH Fraud

What the concept means: ACH (Automated Clearing House) fraud refers to unauthorized or fraudulent transactions processed through the ACH network. In vendor payment contexts, ACH fraud typically involves fraudulent payment instructions that direct vendor payments to attacker-controlled accounts.

ACH and vendor identity: Because ACH payments are initiated based on routing and account numbers, the integrity of those numbers — and the identity of the account holder — is the critical control. Organizations that authenticate vendor bank accounts before processing ACH payments significantly reduce their ACH fraud exposure.

Related terms: ACH fraud prevention, payment redirection fraud, bank account verification, Nacha compliance, bank account ownership verification

ACH Fraud Prevention

What the concept means: ACH fraud prevention encompasses the policies, processes, and technologies used to prevent unauthorized or fraudulent ACH transactions. Effective ACH fraud prevention in B2B payment contexts includes vendor identity authentication, bank account ownership verification, and ongoing monitoring for unauthorized account changes.

Nacha’s role: Nacha, the governing body for the ACH network, has implemented and continues to expand rules requiring originating organizations to implement risk-based processes for account validation. These rules reflect the recognition that authentication before payment is the most effective fraud prevention control.

Related terms: ACH fraud, bank account verification, Nacha compliance, Nacha 2026 rule changes, vendor authentication

Fictitious Vendor Fraud

What the concept means: Fictitious vendor fraud involves an attacker — often an insider — creating fake vendor records in an organization’s system in order to generate fraudulent payments. The “vendor” does not exist as a legitimate business; the associated accounts belong to the attacker.

Prevention through vendor identity: Strong vendor identity verification at onboarding prevents fictitious vendors from being created in the first place. By requiring independent verification of business registration and TIN before a vendor record is activated, organizations eliminate the opportunity for fictitious vendor creation.

Related terms: vendor fraud, vendor identity, TIN verification, vendor onboarding controls, accounts payable fraud

Accounts Payable Fraud

What the concept means: Accounts payable fraud encompasses any fraudulent scheme targeting an organization’s AP function — including fictitious vendor creation, duplicate invoices, inflated invoices, unauthorized payments, and payment redirection. AP fraud is facilitated by weak controls over vendor data, payment instructions, and change management processes.

Related terms: vendor fraud, payment fraud, fictitious vendor fraud, invoice fraud, ACH fraud, vendor identity

Fraud Indemnification

What the concept means: Fraud indemnification is a formal commitment by a vendor identity or payment authentication platform to assume financial responsibility for losses that result from authenticated vendor data that proves to be fraudulent. If a platform authenticates a vendor’s identity and banking information, and a fraudulent payment results from that authenticated data, the platform — not the organization — absorbs the loss.

Why indemnification is a key differentiator: Most verification tools confirm data and then step aside when fraud occurs. A platform that offers indemnification has financial skin in the game — it is directly incentivized to maintain rigorous authentication standards.

Indemnification vs. insurance: Insurance is purchased separately to cover potential losses. Indemnification is a platform commitment that transfers risk to the vendor who authenticated the data. They are different mechanisms for addressing fraud risk.

Related terms: vendor authentication, vendor identity platform, risk transfer, fraud guarantee, fraud warranty

Fraud Mitigation

What the concept means: Fraud mitigation refers to the set of controls, processes, and technologies an organization uses to reduce the likelihood and impact of fraud. In B2B payment contexts, effective fraud mitigation focuses on preventing fraudulent payment instructions from entering financial systems — rather than detecting fraud after it has occurred.

The prevention vs. detection shift: Many organizations focus on detecting fraud after payments are made. The most effective approach prevents fraudulent data from entering systems in the first place — which requires vendor identity authentication at the point of onboarding and at every change event.

Related terms: vendor fraud prevention, ACH fraud prevention, fraud indemnification, vendor identity, vendor authentication

Vendor Due Diligence

What the concept means: Vendor due diligence is the process of evaluating a vendor’s legitimacy, financial stability, compliance status, and risk profile before entering into a business relationship. In payment security contexts, it includes verifying the vendor’s business identity, checking sanction lists, and confirming banking details.

Deepfakes and AI in vendor due diligence: Emerging AI-driven fraud tools — including synthetic voices and video deepfakes — are increasingly used to bypass traditional due diligence. This raises the bar for what constitutes adequate verification.

Related terms: vendor identity verification, vendor compliance, vendor risk assessment, sanction screening, KYB

 

Part 4: Vendor Onboarding

Vendor Onboarding

What the concept means: Vendor onboarding is the process by which a new vendor is added to an organization’s financial and procurement systems. It typically includes collecting vendor information, verifying identity, completing compliance checks, establishing payment methods, and activating the vendor record. Vendor onboarding is the most critical control point for preventing fraud — it is the moment at which a vendor’s identity and payment information enter the financial system.

Why onboarding is the right place for identity controls: If fraudulent vendor information enters the system during onboarding, every subsequent payment is at risk. Organizations that enforce identity authentication at the point of onboarding prevent fraud at the source rather than trying to detect it downstream.

Related terms: vendor onboarding process, vendor onboarding software, vendor onboarding automation, supplier onboarding, vendor identity, vendor profile

Vendor Onboarding Process

What the concept means: The vendor onboarding process is the sequence of steps used to collect, verify, and activate a new vendor in an organization’s financial and procurement systems. A robust vendor onboarding process includes identity verification, tax document collection, compliance screening, bank account authentication, and system activation.

Three things commonly going wrong: Many vendor onboarding processes rely on email communication (vulnerable to BEC), accept self-reported data without verification, and lack continuous monitoring after initial setup.

Related terms: vendor onboarding, new vendor onboarding, vendor onboarding checklist, vendor identity verification, vendor authentication

Vendor Onboarding Software

What the concept means: Vendor onboarding software automates the collection, verification, and activation of vendor records. The most sophisticated solutions go beyond data collection to include identity verification, bank account authentication, compliance screening, and ERP integration, replacing manual and email-based processes with automated workflows.

What to look for: Organizations evaluating vendor onboarding software should distinguish between tools that collect vendor information and tools that verify it. The most valuable platforms authenticate vendor identity, not just capture it.

Related terms: vendor onboarding, vendor identity platform, vendor management software, supplier onboarding software

Vendor Onboarding Automation

What the concept means: Vendor onboarding automation replaces manual, email-dependent, and paper-based onboarding processes with automated workflows that collect, verify, and activate vendor records. Automation reduces processing time, improves data quality, and — when it includes vendor identity authentication — significantly reduces fraud risk.

Related terms: vendor onboarding software, vendor management automation, vendor identity platform, supplier onboarding automation

Supplier Onboarding

What the concept means: Supplier onboarding is the process of adding a new supplier to an organization’s procurement and payment systems. The terms “vendor” and “supplier” are often used interchangeably; in some organizations, “supplier” refers specifically to entities in the supply chain (goods and materials) while “vendor” refers more broadly to any entity receiving payment.

Related terms: vendor onboarding, supplier onboarding software, supplier lifecycle management, vendor identity

New Vendor Setup / New Vendor Request

What the concept means: A new vendor setup (or new vendor request) is the formal process by which a new vendor is added to an organization’s ERP or financial system. This event is a critical control point — fraudulent new vendor setups are a primary mechanism for fictitious vendor fraud.

Related terms: vendor onboarding, vendor master data, ERP vendor management, vendor identity, vendor approval

Vendor Onboarding Checklist

What the concept means: A vendor onboarding checklist is a structured list of steps and data requirements that must be completed before a vendor is activated in an organization’s financial system. A comprehensive checklist includes identity verification, tax document collection, bank account authentication, sanction screening, and compliance attestations.

Related terms: vendor onboarding process, vendor compliance checklist, vendor assessment checklist, vendor identity verification

Part 5: Vendor Management

Vendor Management

What the concept means: Vendor management is the organizational function responsible for overseeing all aspects of an organization’s relationships with its vendors — including onboarding, contracts, performance management, compliance, risk, and payment. Effective vendor management is a strategic function that protects the organization from fraud, ensures regulatory compliance, and maximizes the value of vendor relationships.

Related terms: vendor management system, vendor management software, vendor management process, vendor risk management, vendor lifecycle management

Vendor Management System (VMS)

What the concept means: A vendor management system is software that centralizes the management of vendor relationships, information, and processes. Modern VMS platforms may include onboarding automation, performance tracking, contract management, compliance monitoring, and risk assessment capabilities.

Related terms: vendor management software, vendor management platform, ERP, vendor identity platform

Vendor Master File

What the concept means: The vendor master file is the central repository of vendor records in an organization’s financial system — the authoritative source for vendor names, addresses, tax IDs, and payment information. The integrity of the vendor master file directly determines the accuracy of every payment the organization makes.

The cost of a dirty vendor master: Inaccurate or stale vendor master data results in misdirected payments, duplicate payments, compliance failures, and fraud exposure. Regular cleansing and authentication of vendor master data is a foundational financial control.

Related terms: vendor master data, vendor master data management, vendor record, vendor data, ERP vendor management

Vendor Master Data Management

What the concept means: Vendor master data management (vendor MDM) is the practice of governing the quality, accuracy, and completeness of vendor data across an organization’s financial and procurement systems. It encompasses data collection standards, verification processes, cleansing routines, and change management controls.

Related terms: vendor master file, vendor data, supplier master data management, vendor identity, vendor profile

Vendor Lifecycle Management

What the concept means: Vendor lifecycle management is the practice of managing vendor relationships across every stage — from identification and onboarding through active management, performance review, and offboarding. A lifecycle approach ensures that vendor identity and payment data are continuously verified and updated, not just checked at onboarding.

Related terms: vendor onboarding, vendor management, vendor offboarding, vendor risk management, supplier lifecycle management

Vendor Risk Management

What the concept means: Vendor risk management is the practice of identifying, assessing, and mitigating risks associated with vendor relationships — including operational risk, financial risk, cybersecurity risk, compliance risk, and payment fraud risk. In modern organizations, vendor identity fraud risk is an increasingly significant component of vendor risk management.

Related terms: vendor risk assessment, third-party risk management, vendor compliance, vendor risk management framework, vendor risk management program

Vendor Risk Assessment

What the concept means: A vendor risk assessment is a structured evaluation of the risks posed by a specific vendor relationship. It typically includes financial stability analysis, cybersecurity posture review, compliance status, and — in payment security contexts — evaluation of the vendor’s identity and banking detail integrity.

Related terms: vendor risk management, third-party risk assessment, vendor due diligence, vendor risk assessment template, vendor risk rating

Third-Party Risk Management (TPRM)

What the concept means: Third-party risk management is the broader practice of managing risks associated with any external party — including vendors, suppliers, contractors, and service providers. TPRM encompasses vendor risk management but extends to any external relationship that could affect organizational security, compliance, or operations.

Related terms: vendor risk management, vendor due diligence, third-party vendor risk, supply chain risk management

Vendor Compliance

What the concept means: Vendor compliance refers to a vendor’s adherence to the contractual, regulatory, legal, and organizational requirements established by the buying organization. In payment security contexts, vendor compliance includes providing accurate identity and banking information and complying with verification requests.

Organizational compliance with vendors: Organizations also face compliance obligations related to vendor payments — including tax compliance (TIN/W-9 requirements), sanction screening, and increasingly, Nacha ACH validation rules.

Related terms: vendor compliance management, vendor compliance checklist, sanction screening, TIN matching, Nacha compliance, vendor risk management

Vendor Sanction Screening

What the concept means: Vendor sanction screening is the process of checking vendors against government-maintained lists of sanctioned individuals and entities — including OFAC (Office of Foreign Assets Control) lists, the UN sanctions list, and other regulatory lists. Organizations are legally prohibited from making payments to sanctioned entities.

Ongoing screening: Sanction screening is not a one-time check. Vendors must be screened at onboarding and continuously monitored, as sanction list changes occur regularly.

Related terms: vendor compliance, OFAC screening, vendor due diligence, vendor identity, vendor onboarding checklist

Part 6: B2B Payments & Electronic Payment Types

B2B Electronic Payments

What the concept means: B2B (business-to-business) electronic payments are digital payment transactions between organizations — replacing paper checks with ACH transfers, wire transfers, virtual cards, and other electronic methods. The shift to electronic payments improves efficiency and creates a digital audit trail, but also introduces new fraud vectors that require robust vendor identity controls.

Related terms: ACH payment, virtual card payment, vendor payment, electronic vendor payments, B2B payments fraud

ACH Payment

What the concept means: An ACH (Automated Clearing House) payment is an electronic bank-to-bank transfer processed through the ACH network operated by Nacha. ACH is one of the most common forms of B2B vendor payment in the United States. ACH payments are initiated using the payee’s routing number and account number — making the integrity of those numbers critical to payment accuracy and fraud prevention.

Related terms: ACH fraud, ACH fraud prevention, bank account verification, Nacha compliance, vendor payment

Virtual Card Payment

What the concept means: A virtual card payment is a B2B payment made using a single-use or limited-use virtual card number generated for a specific transaction. Virtual cards offer security advantages (each card number is unique to a transaction) and can generate rebates for the paying organization. However, they require vendor enrollment and may introduce new fraud surfaces if vendor identity is not verified.

Related terms: B2B electronic payments, virtual card program, virtual card rebates, vendor payment, electronic vendor payments

Dynamic Discounting

What the concept means: Dynamic discounting is a supply chain finance arrangement in which buyers offer their suppliers the option to receive early payment in exchange for a discount on the invoice amount. The discount rate adjusts based on how early payment is requested.

Related terms: EarlyPay, supply chain finance, vendor payment, B2B electronic payments

Vendor Payment

What the concept means: A vendor payment is any financial transaction from a buying organization to a vendor in exchange for goods or services. Vendor payments are the ultimate target of most B2B payment fraud schemes — the goal of vendor identity fraud is to redirect payments from legitimate vendors to attacker-controlled accounts.

Related terms: ACH payment, B2B electronic payments, vendor payment process, vendor payment system, accounts payable

Chapter 7

Part 7: Vendor Compliance & Regulatory Requirements

Nacha Compliance

What the concept means: Nacha is the governing body for the ACH network in the United States. Nacha compliance refers to adherence to the Nacha Operating Rules, which govern how ACH transactions may be initiated, processed, and disputed. Increasingly, Nacha rules require originating organizations to implement risk-based processes for validating bank account information before initiating ACH payments.

Nacha 2026 rule changes: Nacha has implemented rules requiring non-consumer ACH originators to establish risk-based processes for account validation. These rules reflect the growing recognition that verifying vendor bank accounts before payment is not just a best practice — it is a regulatory obligation.

Related terms: ACH fraud prevention, bank account validation, bank account verification, Nacha 2026 rule changes, risk-based processes

Nacha 2026 Rule Changes

What the concept means: The Nacha 2026 rule changes refer to updated Nacha Operating Rules that expand requirements for ACH originators to implement risk-based processes for monitoring and validating ACH transactions. Organizations that originate ACH payments to non-consumer accounts are required to have processes in place to detect and prevent unauthorized transactions.

Implications for vendor management: The Nacha 2026 rules raise the compliance floor for vendor payment processes. Organizations that have been relying on email confirmation or informal verification methods will need to implement more rigorous account validation and monitoring.

Related terms: Nacha compliance, ACH fraud prevention, bank account validation, bank account verification, risk-based processes

TIN Matching / TIN Verification

What the concept means: TIN (Taxpayer Identification Number) matching is the process of verifying that a vendor’s name and Tax Identification Number (TIN) — which may be an Employer Identification Number (EIN) or Social Security Number (SSN) — match IRS records. TIN matching is both a tax compliance requirement and a fraud prevention control, as it confirms that a vendor is a real, registered entity.

Related terms: W-9, W-8, EIN verification, vendor compliance, vendor identity verification, IRS TIN matching

W-9

What the concept means: IRS Form W-9 (Request for Taxpayer Identification Number and Certification) is the form used to collect a vendor’s TIN and taxpayer status from US-based vendors. Collecting a completed W-9 from every vendor is a standard compliance requirement for organizations making payments that may require 1099 reporting.

Related terms: TIN matching, W-8, vendor onboarding, vendor compliance, vendor identity

W-8

What the concept means: IRS Form W-8 is used to certify foreign status and, where applicable, claim tax treaty benefits. Foreign vendors who are not US persons must provide an appropriate W-8 form. There are several W-8 variants (W-8BEN, W-8BEN-E, W-8ECI, W-8EXP, W-8IMY) depending on the vendor’s entity type and treaty status.

Related terms: W-9, TIN matching, vendor compliance, vendor onboarding, foreign vendor

Sanction Screening Services

What the concept means: Sanction screening services are technology solutions that automatically check vendor data against government-maintained sanction lists — including OFAC, UN, EU, and other regulatory lists — at the point of onboarding and on an ongoing basis. Automated sanction screening is a compliance requirement for most organizations making significant vendor payments.

Vendor identity and sanction screening: The effectiveness of sanction screening depends directly on the quality of vendor identity data. Inaccurate or incomplete identity data — name variations, missing aliases, incorrect TINs — can result in failed matches with sanctioned entities. Robust vendor identity management improves sanction screening accuracy.

Related terms: vendor compliance, OFAC screening, vendor due diligence, vendor identity, vendor onboarding checklist

Chapter 8

Part 8: Technology & Systems

ERP (Enterprise Resource Planning)

What the concept means: An ERP (Enterprise Resource Planning) system is the integrated software platform that organizations use to manage core business processes — including financial management, procurement, accounts payable, and vendor records. The vendor master file typically lives in the ERP, making ERP integration a critical requirement for vendor identity platforms.

The ERP as a fraud target: ERP systems contain the payment instructions that trigger every vendor payment. Fraudulent vendor records that make it into the ERP will result in fraudulent payments. The most effective fraud prevention positions vendor identity authentication as a gateway before data enters the ERP.

Related terms: vendor master file, vendor management system, accounts payable automation, vendor identity platform

Accounts Payable (AP) Automation

What the concept means: Accounts payable automation uses software to streamline and automate the processes involved in managing vendor invoices and payments — including invoice capture, matching, approval workflows, and payment processing. AP automation improves efficiency but relies on the accuracy and integrity of vendor master data; if vendor identity controls are weak, AP automation can accelerate fraudulent payments.

Related terms: vendor management automation, vendor onboarding automation, accounts payable process transformation, ERP

Supplier Management System

What the concept means: A supplier management system is software or a combination of processes that organizations use to manage their supplier base — including supplier information, performance metrics, compliance status, and risk profiles. It may overlap with vendor management systems but often has a stronger focus on strategic procurement and supply chain relationships.

Related terms: vendor management system, supplier lifecycle management, supplier data management, vendor risk management

Vendor Portal

What the concept means: A vendor portal is a web-based interface through which vendors can submit and update their information — including contact details, banking information, and compliance documents. Vendor portals improve the user experience for vendor onboarding but do not, by themselves, verify or authenticate the information that vendors submit.

Vendor portal vs. vendor identity platform: A vendor portal collects information. A vendor identity platform verifies it. Many organizations use both, with the portal as the data collection interface and the identity platform as the verification layer.

Related terms: vendor onboarding software, vendor identity platform, vendor management system, vendor management portal

Chapter 9

Part 9: Related Terms

Accounts payable fraud — Fraudulent activity targeting the AP function, including fictitious vendors, duplicate invoices, and payment redirection.

Accounts payable process transformation — The redesign of AP processes, typically involving automation and digital payment adoption. Effective transformation requires clean, verified vendor data as a prerequisite.

Automating third-party risk management — Using technology to systematically identify, assess, and monitor risks associated with external vendors and partners.

B2B payments fraud — Fraud targeting business-to-business payment transactions, including vendor impersonation, invoice fraud, and payment redirection.

Bank account ownership verification — See entry above. A critical control for preventing payment redirection fraud.

Business identity gap — The gap between self-reported vendor data and independently verified vendor identity and where fraud enters most easily.

Business identity verified — The status of a vendor whose business identity has been confirmed against independent sources.

Clean vendor master — A vendor master file in which all records are accurate, complete, verified, and current and the foundation for reliable, fraud-resistant payments.

Consequences of fraud — The full impact of vendor payment fraud on an organization: financial loss, operational disruption, reputational damage, regulatory scrutiny, and relationship damage with legitimate vendors.

Deepfake fraud — Fraud using AI-generated synthetic audio or video to impersonate executives or vendors. An emerging threat to vendor due diligence and identity verification processes.

Electronic vendor payments — Payments made to vendors via electronic methods (ACH, wire, virtual card) rather than paper check.

Enterprise bank account validation — Bank account validation at scale, typically for large organizations managing high volumes of vendor bank accounts.

Fraud mitigation — See entry above. The comprehensive set of controls used to reduce fraud exposure.

Fraud warranty / fraud guarantee — Common-language terms for fraud indemnification. The platform commitment to assume financial responsibility for authenticated data that proves fraudulent.

Higher education vendor fraud — Vendor fraud in the higher education sector, where decentralized procurement, public payment disclosures, and high vendor volumes create particular vulnerability.

Identifying gaps to prevent payments fraud — The practice of auditing an organization’s payment processes to find control weaknesses that could be exploited by fraudsters.

Invoice fraud — Fraud involving manipulated, duplicate, or fictitious invoices designed to generate unauthorized payments.

Know Your Vendor (KYV) — An informal term for the practice of thoroughly verifying vendor identity and legitimacy before onboarding — analogous to Know Your Customer (KYC) in banking.

Manual ERP vendor management — The use of manual processes to manage vendor records in an ERP. Manual ERP vendor management is associated with high fraud risk, errors, and inefficiency.

Manual supplier onboarding — Supplier onboarding that relies on paper forms, email, and human intervention rather than automated workflows. Represents both an efficiency and a fraud risk.

Maverick spend — Purchasing activity that occurs outside of approved procurement processes, often involving unapproved vendors whose identity and legitimacy have not been verified.

Modern supplier management — Supplier management practices that incorporate automation, digital identity verification, risk-based monitoring, and strategic data management.

Payment fraud — Any fraudulent scheme targeting the payment process. This encompasses ACH fraud, wire fraud, check fraud, and virtual card fraud.

Prevent payments fraud — The active organizational practice of implementing controls to stop fraudulent payments before they occur.

Procurement and accounts payable — The two organizational functions most directly involved in vendor payments; their alignment is important for effective fraud prevention and vendor management.

Procurement fraud — Fraud occurring in the procurement process, including bid rigging, kickbacks, and fictitious vendor creation.

Risk transfer — The practice of shifting financial responsibility for a risk from one party to another — in vendor identity contexts, through fraud indemnification programs.

Scaling enterprise bank account validation — The challenge and practice of running bank account validation efficiently across large, complex vendor bases.

Social engineering schemes — The specific tactics used by fraudsters to exploit human psychology in payment fraud attacks.

Supplier approval — The formal process of approving a new supplier before activating them in procurement and payment systems, typically including identity and compliance verification.

Supplier data management — The practice of governing supplier data quality and accuracy across procurement and financial systems.

Supplier fraud — Fraudulent activity involving supplier relationships — broadly synonymous with vendor fraud in most contexts.

Supplier fraud prevention — The set of controls used to prevent fraud in supplier relationships, with particular focus on identity authentication at onboarding and payment instruction verification.

Supplier identification — The process of establishing and confirming who a supplier is — the foundation for authenticated supplier relationships.

Supplier lifecycle management — The end-to-end practice of managing supplier relationships from identification through offboarding, with identity and compliance maintained throughout.

Supplier master data — The core data attributes maintained for each supplier in an organization’s procurement and financial systems.

Supplier master data management — The governance of supplier master data quality, accuracy, and completeness.

Supplier onboarding automation — Automated workflows that replace manual supplier onboarding processes.

Supplier onboarding process — The sequence of steps used to add and activate a new supplier in procurement and payment systems.

Supplier onboarding software — Technology solutions for automating supplier onboarding, ideally including identity verification and authentication.

Supplier risk assessment — The process of evaluating the risks associated with a specific supplier relationship.

Supplier verification — The process of confirming the accuracy of supplier information, including identity and banking details.

Tail spend — Low-value, high-volume procurement activity that is often loosely managed — and consequently, a common entry point for fictitious vendor fraud.

Third-party vendor risk management — The practice of managing risks associated with external vendors and partners.

Types of vendor fraud — The major categories: vendor impersonation, fictitious vendor, invoice fraud, payment redirection, BEC, overbilling, bid rigging, and kickbacks.

Validating bank accounts — The practice of confirming the existence and, ideally, the ownership of bank accounts before initiating payments.

Vendor account compromise — A fraud scenario in which a legitimate vendor’s account in a buying organization’s system is accessed or manipulated by an attacker.

Vendor administrator — The role responsible for managing vendor records, typically within AP or procurement. When this role is purely administrative and relies on manual processes, it represents a fraud vulnerability.

Vendor approval — The formal approval of a vendor record before activation, typically involving identity and compliance verification.

Vendor approval workflows — Automated processes for routing vendor information through appropriate review and approval steps before activation.

Vendor assessment — The evaluation of a vendor’s identity, legitimacy, capabilities, and risk profile.

Vendor assessment checklist — A structured set of criteria used to evaluate vendors during onboarding or periodic review.

Vendor audit trails — Documented records of all actions taken on vendor records — who made changes, when, and what was changed — essential for fraud investigation and compliance.

Vendor bank account verification — See bank account verification and bank account ownership verification above.

Vendor change management — The processes for managing updates to vendor information, including identity and payment details — a critical fraud risk point.

Vendor compliance checklist — A structured list of compliance requirements a vendor must meet before activation or continued use.

Vendor compliance management — The practice of ensuring vendors meet contractual, regulatory, and organizational compliance requirements throughout the relationship.

Vendor data — All information maintained about a vendor in an organization’s systems.

Vendor data management — The practice of governing vendor data quality, accuracy, and completeness.

Vendor due diligence — See full entry above. The comprehensive evaluation of a vendor before entering a relationship.

Vendor ecosystem — The full network of vendors, suppliers, and payment counterparties with whom an organization has active relationships.

Vendor file — Informal term for the vendor master file or vendor records in a financial system.

Vendor fraud cases — Real-world instances of vendor fraud; studying specific cases helps organizations identify the attack patterns most relevant to their own vendor management processes.

Vendor fraud definition — Broadly: any fraudulent activity involving vendor relationships, whether perpetrated by an external attacker or by a vendor themselves.

Vendor fraud examples — Common examples include: a fraudster posing as a vendor and requesting a bank account change; an employee creating fictitious vendor records for personal gain; a vendor overbilling or double-billing.

Vendor fraud prevention — The set of controls and practices used to prevent fraud in vendor relationships, centered on vendor identity authentication and payment instruction verification.

Vendor fraud red flags — Warning signs that may indicate fraudulent vendor activity, including: unverified requests to update payment information, new vendors with similarities to existing ones, vendors without verifiable business registration, and unusual payment patterns.

Vendor fraud schemes — The organized tactics fraudsters use to target vendor payment processes.

Vendor ID — The unique identifier assigned to a vendor in an ERP or financial system — distinct from, and less rigorous than, verified vendor identity.

Vendor identification number — The system-assigned identifier for a vendor record. Not equivalent to verified identity; a vendor identification number is assigned by the organization and does not confirm that the vendor is who they claim to be.

Vendor identification software — Technology used to verify and manage vendor identity throughout the vendor lifecycle.

Vendor information — All data collected and maintained about a vendor — most valuable when independently verified rather than self-reported.

Vendor information portal — A platform that centralizes vendor information; distinct from a vendor identity platform in that it may collect but not verify information.

Vendor lifecycle management process — See vendor lifecycle management above.

Vendor management appreciation day — An annual observance created to recognize the vendor management profession and the professionals who manage vendor relationships.

Vendor management automation — The use of technology to automate vendor management processes including onboarding, monitoring, compliance, and payments.

Vendor management best practices — Standards for vendor management include: centralizing vendor data, automating onboarding, implementing identity verification, continuous monitoring, and regularly cleansing vendor master data.

Vendor management challenges — Common challenges: manual processes, siloed data, email-based verification, lack of identity controls, compliance gaps, and fragmented ownership of vendor risk.

Vendor management framework — The organizational structure, policies, processes, and technologies used to govern vendor relationships.

Vendor management policy — A formal organizational policy governing how vendors are onboarded, managed, paid, and offboarded.

Vendor management portal — A web interface for managing vendor relationships; see vendor portal above.

Vendor management process — The end-to-end set of activities involved in managing vendor relationships.

Vendor management program — The organizational initiative encompassing all vendor management activities.

Vendor management solutions — Software and services designed to support vendor management, ranging from basic portals to comprehensive vendor identity platforms.

Vendor management strategy — The organizational approach to vendor management, ideally integrated with risk management, compliance, and finance strategy.

Vendor management system — See full entry above.

Vendor management template — A structured document used to guide vendor management activities.

Vendor management tools — Software and other resources used to support vendor management activities.

Vendor master — Informal shorthand for the vendor master file.

Vendor master cleansing — The process of reviewing and correcting vendor master data to remove duplicates, update stale records, and verify accuracy.

Vendor master data — See vendor master data management above.

Vendor master data governance — The policies and processes for maintaining vendor master data quality and integrity.

Vendor master file management best practices — Include: regular data audits, verification of all new and changed records, duplicate detection, TIN verification, and sanction screening.

Vendor monitoring — Ongoing surveillance of vendor records for unauthorized changes — particularly changes to payment information.

Vendor network — See authenticated vendor network above.

Vendor offboarding — The process of deactivating a vendor in an organization’s systems when the relationship ends.

Vendor onboarding best practices — Best practices include: using secure, authenticated submission portals; verifying identity against independent sources; authenticating bank accounts before activation; and implementing continuous monitoring for changes.

Vendor onboarding checklist — See full entry above.

Vendor onboarding documents — The documents collected during vendor onboarding, including W-9/W-8, insurance certificates, business licenses, and banking information.

Vendor onboarding form — The data collection form used during vendor onboarding.

Vendor onboarding platforms — Technology solutions for automating vendor onboarding.

Vendor onboarding policy — The formal policy governing how vendors are onboarded.

Vendor onboarding solution — A technology platform designed to automate and secure vendor onboarding.

Vendor onboarding template — A standardized format for collecting vendor information.

Vendor onboarding workflow — The sequence of steps in the vendor onboarding process.

Vendor payment fraud — Fraud targeting the payment of vendors — primarily through payment redirection, fictitious vendor creation, and invoice fraud.

Vendor payment process — The end-to-end process for paying vendors.

Vendor payment system — The technology infrastructure used to manage and process vendor payments.

Vendor relationship management — The practice of managing the relationship aspects of vendor partnerships, including communication, performance, and strategic alignment.

Vendor risk — The exposure an organization faces from its vendor relationships, including fraud risk, operational risk, compliance risk, and reputational risk.

Vendor risk management — See full entry above.

Vendor risk management framework — A structured approach to identifying, assessing, and mitigating vendor risks.

Vendor risk management program — The organizational initiative encompassing all vendor risk management activities.

Vendor risk monitoring — Ongoing surveillance of vendor risk indicators, including financial health, compliance status, and payment data integrity.

Vendor risk rating — A score or classification assigned to a vendor based on their risk profile.

Vendor risk scoring — The systematic assessment of vendor risk using defined criteria and weighting.

Vendor sanction screening — See full entry above.

Vendor screening — The process of evaluating new vendors for risk, compliance, and identity before onboarding.

Vendor verification form — A form used to collect information for verifying a vendor’s identity and banking details.

What is vendor fraud — A foundational question: vendor fraud is any fraudulent scheme targeting an organization’s vendor payment processes, typically resulting in misdirected payments to attacker-controlled accounts.

 

This vendor identity glossary is maintained to reflect current industry usage in vendor identity, B2B payments security, vendor management, and related compliance disciplines.