Glossary

Fake IBAN fraud (known in France as fraude au faux RIB) is a social engineering attack in which a fraudster substitutes a legitimate supplier's or employee's bank account details with a fraudulent one, causing the victim company to wire funds directly to the attacker's account. It is the most common form of corporate financial fraud in France, with average losses exceeding €50,000 per incident.

‍

The attack vector is deceptively simple. A fraudster impersonates a supplier, a senior executive, or an HR representative and requests a bank account update, typically by email. If the finance or accounting team processes the change without systematic verification, the next payment to that supplier or employee goes to the wrong account. Recovery is rarely possible once the wire is executed.

‍

The exposure is structural, not a failure of attention. In high-volume AP workflows, processing IBAN change requests manually and consistently is operationally unsustainable. Finance teams cannot call every supplier to verify every bank detail update. And yet the consequences of a single unverified change can be catastrophic.

‍

Phacet's internal controls layer addresses fake IBAN fraud at the process level. Every bank account change request is automatically flagged for systematic verification before it is applied, cross-referenced against known supplier data, communication patterns, and historical payment records. No IBAN update proceeds without a documented validation step, creating a traceable audit trail that makes the control both auditable and defensible.

‍

Combined with pre-payment controls on the full payment workflow, Phacet ensures that the DAF is no longer the last human line of defense between a fraudulent request and an irreversible wire. The system verifies before they have to.