Accounts PayableVendor FraudBank Change FraudERPDocument Verification

A Voided Check Is Not Vendor Verification: Where AP Teams Need Document Trust Before Bank Changes

Priya Ravi9 min read

As AP teams tighten vendor bank-change controls in 2026, many are asking for a voided check or bank letter instead of trusting email alone. That improves process evidence, but it still does not prove the uploaded support file is authentic.

Accounts payable analyst reviewing a voided check and bank letter during a vendor bank change request with suspicious account details highlighted before approval

Across AP and bookkeeping workflows, the advice is getting stricter: do not accept vendor bank changes by email alone.

That is sensible. It is also incomplete.

In a recent Reddit thread about the June 2026 Nacha fraud-monitoring changes, operators said the same thing many AP managers are already doing in practice: stop relying on email and ask for a voided check or bank letter instead.

The gap: a voided check is better process evidence than an email thread, but it is still just another uploaded document until someone verifies whether the file itself is authentic.


Why This Became More Urgent in June 2026

Nacha’s newer risk-management rules took effect on June 19, 2026, with the practical banking-day start on Monday, June 22, 2026. The change pushed fraud monitoring further into day-to-day payment operations, which is one reason finance teams are tightening vendor-change controls right now.

That pressure shows up fast in real workflows. Teams want cleaner evidence that a requested account change is legitimate. A voided check, bank letter, or statement feels stronger than “the vendor emailed us.”

But stronger documentation is not the same thing as verified documentation.


Why AP Teams Reach for Voided Checks

The logic is easy to understand:

  • email alone is weak because spoofing and business-email compromise are common
  • a voided check looks official because it contains routing and account details in a familiar format
  • a bank letter feels auditable because it appears to come from a more formal source
  • the support file can be attached to the vendor record for future review

All of that makes sense from a controls perspective. It still leaves one unresolved question: was the uploaded support file edited before AP ever saw it?


How the Fraud Gap Still Survives

A vendor-change workflow can look disciplined on paper while still absorbing false evidence:

  1. A request arrives through email, portal, or a shared AP inbox.
  2. The requester provides a voided check or bank letter as proof of account ownership.
  3. AP logs the request and routes it for callback, approval, or ERP workflow review.
  4. The support file gets attached to the vendor record as evidence.
  5. The bank details are updated because the packet appears complete.

That workflow can fail if the support file was edited before step two. A changed account number, replaced beneficiary field, flattened screenshot, or rebuilt PDF may still look plausible enough to become trusted evidence.


Why ERP Approval Does Not Solve This

Microsoft’s current Dynamics 365 documentation shows how vendor bank accounts can be maintained and routed through approval-sensitive updates. Similar logic applies across SAP-driven AP environments and QuickBooks-connected bookkeeping workflows. Those controls help govern who can change a bank record and when the change moves forward.

They do not automatically prove that the uploaded voided check, bank letter, or proof-of-account PDF was genuine before it entered the workflow.

That is the core distinction AP teams need to preserve:

  • workflow control decides who may approve a change
  • document verification helps decide whether the support file deserves trust first

Where Document Verification Belongs

The clean workflow order is:

  1. Collect the vendor-change request and supporting check, letter, or statement.
  2. Run document verification immediately on the uploaded file.
  3. Branch suspicious files to a smaller review queue with evidence attached.
  4. Continue clean files into callback validation, approval routing, and vendor-master updates.
  5. Only then should Dynamics 365, SAP, QuickBooks, or the payment workflow inherit trust from the document.

That design does not replace callback controls or bank-account validation services. It prevents the rest of the workflow from becoming confidently wrong about an edited support file.


What Verification Should Check

Based on the current DocVerify product and codebase, a practical verification layer for voided checks, bank letters, and proof-of-account files can screen for signals like:

  • metadata anomalies that do not fit the claimed source or creation path
  • suspicious PDF structure that may indicate unusual edits, rewrites, or hidden changes
  • font and glyph inconsistencies around account numbers, names, or routing details
  • recompression and screenshot traces that suggest a file was rebuilt, flattened, or captured indirectly
  • suspicious-region localization so AP reviewers know where to inspect first

Those checks answer a different question than a callback or ERP rule. They help determine whether the document being used as evidence still deserves trust.

Related AP reading: if your team also trusts uploaded invoices in approval chains, read Invoice OCR Is Not Invoice Trust. The same document-trust gap shows up in payables long before payment runs begin.


Where DocVerify Fits

DocVerify is built for that pre-approval trust layer. AP teams can screen uploaded voided checks, bank letters, statements, PDFs, and common image formats through https://docverify.app before callback notes, ERP approval, vendor-master updates, or payment workflows start treating the file as trustworthy evidence.

If a vendor bank change matters enough to require a supporting document, it matters enough to verify that document before the rest of the workflow inherits trust from it.

Frequently Asked Questions

Does asking for a voided check stop vendor bank change fraud?

No. It improves the process, but it does not prove that the uploaded check image or PDF is authentic. A manipulated support file can still be used as evidence if AP never verifies the document itself.

Why are AP teams asking for bank letters or voided checks more often in 2026?

Because fraud-monitoring pressure is rising, vendor-change controls are getting stricter, and teams want better documentation than an email thread alone. The mistake is assuming stronger documentation is the same thing as document trust.

Where should document verification sit in a vendor bank change workflow?

At intake, before the voided check, bank letter, or proof-of-account file is used to justify a vendor-master update, payment release, or ERP approval path.

What can DocVerify analyze in this workflow today?

Based on the current product and codebase, DocVerify can inspect PDFs and common image uploads for metadata anomalies, suspicious PDF structure, font and glyph inconsistencies, recompression or screenshot traces, and model-based suspicious-region localization.

Does this replace callbacks, vendor verification, or ERP approval rules?

No. Callback procedures, bank-account validation, and ERP workflows still matter. Verification closes the earlier gap where AP starts trusting the support document before those later controls act on it.

Add document fraud detection to your workflow

DocVerify is document fraud detection software for AI agents and developer APIs. Catch fake receipts, forged PDFs, manipulated bank statements, and tampered IDs before your system trusts them. See the documents we verify.

Ready to add document verification to your AI agent?

Detect fake receipts, forged PDFs, and manipulated documents before your agent acts.

Get Started with DocVerify

This site uses cookies for authentication and analytics. Free-tier uploads may be retained to improve our models; paid-tier uploads are never stored. Learn more