Resources · Guide

Does Wise Verify Vendor Bank Account Changes? (2026)

Partly — and in a way that’s easy to misread. Wise runs name-checking on recipients in supported corridors (Confirmation of Payee in the UK and Australia, Verification of Payee in the EU) and validates account details everywhere, and a saved Wise recipient can’t be edited at all — any bank change means deleting the old recipient and creating a new one. But Wise verifies the account you type in, not the request that told you to type it: it has no way to know whether the email announcing your vendor’s “new account” actually came from your vendor. That judgment — and the record proving you made it — stays with your firm.

That distinction is the whole story for a bookkeeping or accounting firm paying client vendors through Wise Business, so let’s take it apart properly.

What Wise checks when you add a vendor’s bank details

When you create a recipient, Wise runs a two-tier check: validation, then verification where the corridor supports it.

Validation is about format and plausibility — a UK sort code that exists, an IBAN whose checksum works, a US routing number that resolves to a real institution, an IFSC code that maps to a real Indian bank branch. This catches typos. It says nothing about who owns the account.

Verification goes further in corridors that have name-checking infrastructure. For payments to UK accounts, Wise participates in Confirmation of Payee (CoP): the receiving bank is asked whether the name you entered matches the name on the account, and you get a match, close-match, or no-match response before money moves. In the EU, Verification of Payee (VoP) became a requirement for euro SEPA payments in October 2025, so EUR transfers to EU IBANs now get a similar name check. Australia has its own Confirmation of Payee rollout. When one of these checks comes back negative, Wise warns you before you send.

Here’s the part that matters for US firms: for most domestic USD payments, no equivalent name-checking scheme exists. US ACH transfers settle on routing and account number alone — the name field isn’t systematically checked against the receiving bank’s records the way UK CoP does. So if your client’s vendors are paid in USD to US banks via Wise, the “does the name match the account” question is largely answered by nobody. The callback is your name check.

The Wise quirk that matters: you can’t edit a saved recipient

Wise has an unusual behavior that most AP platforms don’t share: once a recipient is saved, their details can’t be edited. Wise’s own help documentation and support channels are explicit — to change a recipient’s bank information, you delete the recipient and add a new one.

For a firm running vendor payments, this cuts both ways.

The good side: a vendor bank change in Wise is never a quiet in-place edit. Someone has to deliberately create a brand-new recipient. There’s no field an intruder can silently overwrite on an existing payee while the payment history stays reassuringly familiar.

The gap: because the “change” is really a delete-and-recreate, Wise has no concept of a bank-detail change event. Nothing ties the new recipient to the old one. There’s no prompt saying “you’re replacing the account you’ve paid 14 times — have you confirmed this with the vendor?” No change history links the two records, and no workflow forces a verification step between the email that requested the change and the new recipient that fulfills it. If a bookkeeper gets a convincing email and creates the new recipient, the platform’s checks — format validation, and a name check only in supported corridors — are the only friction left.

What Wise Business’s controls do — and where they stop

Wise Business does have real team controls, and firms should use them. Multi-user access gives each team member granular permissions grouped by job — view account, move money, pay with card, manage team, manage account. Payment Approvals lets you require that payments set up by a team member be approved by one or two other people before they’re funded, either for all payments or above a threshold, and nobody can approve their own payment.

That’s a genuine dual-control layer for payments, and if you run client AP through Wise Business you should turn it on. But notice what the approver sees: the same payment, to the same recipient, built on the same bank details that came in over email. If those details are fraudulent, the approval step adds a second person looking at the same unverified information. Approval controls who can move money. It doesn’t establish whether the new account actually belongs to your vendor — only independent contact with the vendor does that.

The gap: Wise verifies the account, not the request

The scenario that hurts firms isn’t a typo’d IBAN. It’s a payee redirect: an email from a compromised or lookalike vendor mailbox, often mid-thread with a real invoice attached, announcing new bank details. The FBI’s Internet Crime Complaint Center put reported business email compromise losses at $3.046 billion in 2025, up from $2.77 billion the year before — and 86% of BEC funds moved by wire transfer or ACH, which is to say through exactly the kind of ordinary payment workflows firms run every day.

Name checks blunt some of these attacks — a fraudster whose mule account is named “J. Barrett” fails a CoP match against “Lakeside Mechanical Ltd”. But they don’t close the gap. Mule accounts get opened in names close to the impersonated business. Close-match results get waved through by busy operators. And for USD-to-US-bank payments, the check usually doesn’t exist at all.

International vendors — the reason many firms use Wise in the first place — raise the stakes further. Cross-border recovery is slower and less likely to succeed than a domestic recall, and time-zone friction is exactly what makes “I’ll just reply to the email to confirm” feel reasonable at 6 p.m. It isn’t. The reply goes to the attacker who wrote the request.

The procedure to layer on top

If your firm pays client vendors through Wise, the fix isn’t switching platforms — it’s treating every bank-detail change as unverified until a specific sequence happens, and keeping the record:

  1. Stop before you touch Wise. Don’t delete the old recipient or create the new one when the email arrives. The old, verified details are your safest asset — keep them intact until verification is done.
  2. Call the vendor back on a known number — one from your vendor master file, a signed contract, or a prior invoice. Never a number, link, or reply address supplied in the change request itself. The full mechanics are in our guide to how to verify a vendor bank account change.
  3. Confirm the specifics verbally — account, routing or IBAN, and why the account changed. If anything feels off, a vendor emailed new bank details — is it fraud? walks through triage.
  4. Only then create the new recipient in Wise, let the corridor’s name check run if one exists, keep Payment Approvals on so a second person signs off on the first payment, and retire the old recipient.
  5. Document all of it — date and time of the call, who you spoke with, the number you dialed and where it came from, what was confirmed, and who approved. A record that’s time-stamped and can’t be quietly edited is what holds up when a client, auditor, or insurer asks later.

If you want that sequence ready-made, our free vendor bank-change verification template includes the independent-contact rule, a word-for-word callback script, a dual-approval step, and a one-page log — no signup. CallbackProof itself is a documentation and workflow tool that enforces the callback checklist and keeps a tamper-evident, hash-chained log of every verification across all your clients. It doesn’t move money and it doesn’t sit inside Wise — it makes the verification your firm performed provable, which is the piece no payment platform records for you.

Frequently asked questions

Does Wise check the recipient’s name on USD payments to US banks?

For most domestic USD payments, no UK-style name-checking scheme exists — US ACH settles on routing and account number, and validation focuses on whether those are plausible. Treat the vendor callback as your name check for US-bound payments.

Can I edit a vendor’s bank details in Wise?

No. Saved recipients can’t be edited. To change bank details you delete the recipient and create a new one — which means every bank change is a new-recipient event, with no built-in link to the account it replaced.

If the name check comes back as a match, was the change request legitimate?

Not necessarily. A match confirms the name you entered corresponds to the account at the receiving bank. It says nothing about whether the person who emailed you those details is your vendor. Mule accounts opened in lookalike names, and close-match results accepted in a hurry, both defeat name checks.

Do Wise Payment Approvals count as verification?

They’re a valuable control, but no. Approvals add a second decision-maker who sees the same details the requester entered. Verification means confirming the details with the vendor through an independent channel — a callback to a known number — and keeping a record of it.

Next: the procedure your team can adopt — the free vendor bank-change verification template →