Controller’s Guide to Wire Fraud Prevention

Wire fraud doesn’t start in the bank portal. It starts in inboxes, vendor masters, and rushed approvals. This guide gives Controllers a dealership-ready system to stop fraudulent wires and ACH changes before they hit your cash. You’ll get exact controls, scripts, and evidence your QI and insurer will appreciate.

Note: Practical guidance, not legal advice. Confirm procedures with your bank, insurer, and counsel.

What you’re protecting

  • Working capital and floorplan payoffs
  • Facility and capex payments
  • Sublet and parts vendors
  • Lender proceeds and titling funds

If a control slows any of the above, tune it. Don’t remove it.

The four layers that stop wire fraud

1) Dual control on every wire and vendor bank change

  • Separate requestor and releaser. No single person can both set up and approve a payment or bank change.
  • Require two approvals for new beneficiaries and first-time payments over [$X].
  • Enforce out-of-band callbacks before releasing any change to banking instructions.

2) Bank defenses: Positive Pay and ACH filters

  • Positive Pay on checks with payee verification; daily decisioning before 11 a.m.
  • ACH filters/blocks that only allow whitelisted vendors and dollar caps.
  • Alerts for first-time beneficiaries and payments over threshold.

3) Inbox hygiene and identity checks

  • Block auto-forwarding to external email.
  • Alert on new inbox rules and logins from unusual locations.
  • Train AP and Controller teams to confirm bank changes with a phone call using a number from the vendor master, not the email thread.

4) System flags in your DMS/ERP and vendor master

  • Require a second approver on bank field edits.
  • Lock vendor add/change behind a dedicated security role.
  • Audit log exports reviewed weekly by Controller or QI.

Controller’s daily/weekly cadence

Daily (10 minutes)

  • Approve Positive Pay items.
  • Review bank portal alerts and first-time beneficiaries.
  • Glance at the AP queue for outliers by vendor, amount, or timing.

Weekly (20 minutes)

  • Sample 5 vendor changes for proper callback logs.
  • Export DMS/ERP audit trail for vendor adds/edits.
  • Verify ACH filter exceptions and close any temp allowances.

Monthly (30 minutes)

  • Tabletop a quick BEC scenario with AP: read a fake bank-change email, walk the callback.
  • Update the “Known Good Numbers” list for top vendors and lenders.

The callback policy (copy/paste)

Policy statement
“All requests to add or change bank instructions for a vendor, lender, or payoff must be verified via an out-of-band phone call using the number stored in the vendor master. Email or text confirmations are not acceptable.”

Callback script (AP to vendor)
“This is [Name] with [Dealership Group]. I’m calling using the phone number we have on file to verify bank details for invoice #[###]/account #[###]. Please confirm the last four digits of the account and the routing number. We do not accept bank changes by email.”

Evidence to save

  • Date/time, name, number dialed, and confirmation notes on the AP checklist.
  • Screenshot of vendor master page showing phone number origin.
  • Ticket/link to the change request and approvals.

Dual control that actually works in a hurry

  • Requestor prepares payment; Releaser is a different person with a unique login and MFA.
  • A third role (Controller or CFO) must approve changes to bank details and any payment over [$X].
  • Never share bank portal tokens, fobs, or app registrations.
  • For urgent payoffs, use a pre-approved “Rapid Wire” path with two named releasers and a mandatory callback note attached before release.

Positive Pay and ACH filters: setup checklist

  • Enable payee verification so a mismatched payee triggers an exception.
  • Create ACH blocks for all accounts, then allow only whitelisted company IDs with caps by vendor type (e.g., payroll, benefits, floorplan).
  • Turn on alerts for: new company ID, over-cap attempts, and international wires.
  • Define escalation: if the Controller is out, who decides exceptions by 11 a.m.?

Red flags AP should never ignore

  • “New bank due to audit/merger” emails with urgency.
  • Vendor email domains that don’t match prior invoices.
  • Bank changes requested right before a holiday or after 3 p.m.
  • Invoices that move from PO box to residential address.
  • Reply-to addresses that differ from the from: line.

Response rule
“When in doubt, stop the transaction, call the number in the vendor master, and loop in the Controller.”

Email and identity controls that protect cash

  • MFA required for all AP, Controller, and executive accounts.
  • Conditional Access blocks sign-ins from outside approved regions.
  • Auto-forward to external domains blocked for everyone.
  • Alert on inbox rules that forward, delete, or move messages.
  • External banner on email with a footer reminder: “Verify bank changes by callback. Do not trust email instructions.”

Vendor master hygiene

  • New vendor setup requires W-9, contact phone, and banking on a secure form or portal.
  • No vendor banking changes accepted via email attachments; use a secure update form.
  • Keep “Known Good Numbers” as a separate field that only AP managers can edit.
  • Quarterly purge of inactive vendors and removal of test entries.
  • Export vendor change logs weekly; Controller samples 10 percent.

First-time vendor payments

  • First wire or ACH to a vendor requires:
    1. Completed callback log.
    2. Dual approval in bank portal.
    3. Signed invoice/PO trail attached in AP system.
  • Dollar caps: anything over [$X] must wait until both approvers complete a live callback verification.

Dealership-specific scenarios and responses

Floorplan payoff instructions change by email

  • Action: Halt. Call the lender’s published payoff line from the master. Document the rep’s ID.
  • Evidence: Screenshot of lender page and callback notes.
  • Release: Dual approval only after verification.

Body shop sublet switches banks “effective today”

  • Action: Hold payment, confirm via master number, and ask for a voided check via secure upload.
  • Evidence: Store in AP docs; update vendor master after callback.
  • Release: First payment under cap; increase caps only after 30 days.

Title clerk receives bank change for a refund

  • Action: Route to AP. No refunds processed without callback to the customer at the number on the deal jacket or DMS record.
  • Evidence: Call notes and identity check (DL last four, address).
  • Release: ACH only to verified owner or physical check with ID verification.

Quick-training huddle for AP and accounting

Two rules to read at the start of month-end:

  1. “No bank changes via email. We only trust the phone number in the vendor master.”
  2. “No one approves their own work. Requestor and Releaser must be different.”

KPIs for your QI/Controller scorecard

  • Dual-control coverage: 100 percent of wires and bank changes
  • Callback adherence: 100 percent for changes; 95 percent for first-time payments
  • Positive Pay exceptions resolved by 11 a.m.: 100 percent
  • Inbox-rule alerts reviewed within 24 hours: 100 percent
  • Vendor master change log sampled weekly: 10 percent
  • BEC/wire near-miss reports with coaching completed: within 3 business days

Evidence pack your insurer will love

  • Bank portal screenshots: dual control, user roles, and MFA
  • Positive Pay and ACH filter settings with last 90 days of exceptions
  • Callback logs (sample set) attached to AP batches
  • DMS/ERP vendor change audit exports
  • Email security settings: auto-forward block, alert policies
  • Monthly wire fraud tabletop minutes and outcomes

Common pitfalls and fixes

  • Pitfall: Shared “Controller” mailbox used to approve bank changes
    Fix: Named accounts with MFA; shared mailbox only for shared visibility, not approvals.
  • Pitfall: Vendor master editable by all AP clerks
    Fix: Restrict edit rights to AP manager and Controller; require ticket for changes.
  • Pitfall: “Urgent” after-hours payments
    Fix: Predefine a Rapid Wire path with two releasers and mandatory callbacks; otherwise, next-business-day rule.
  • Pitfall: ACH filters not updated for new payroll provider
    Fix: Calendar a quarterly ACH whitelist review with HR and Controller.

FAQ

Do we need Positive Pay if we barely write checks
Yes. Fraudsters still target checks from dealer accounts. Positive Pay stops altered and counterfeit items before clearing.

Are callbacks necessary if a vendor uses a secure portal
Yes. Portals get compromised. Always call the number in your master file for changes.

Who should be the second releaser
Someone who understands context and isn’t the requestor: Controller, CFO, or an Assistant Controller trained on exceptions.

How do we handle international wires
Treat as high risk by default. Require executive approval and verified callbacks to two separate contacts.

Need Help?

Want a ready-to-use Wire Fraud Prevention Pack with a vendor-change form, callback log, bank approval checklist, and AP training slides? We can help if you want to ensure your dealership has a solid plan for wiring.

Share

Disclaimer

Dealerships should consult their own legal counsel, compliance specialists, or cybersecurity professionals before taking any action based on this website.
Explore
Get FTC Safeguards help today!
Subscribe