How to Verify Bank Details Before Sending Money

Understanding Bank Transfer Fraud

Before diving into the verification steps, it helps to understand how bank transfer fraud works. The most common type in the UK is Authorised Push Payment (APP) fraud, where a victim is tricked into voluntarily sending money to a fraudster's account. Unlike unauthorised fraud (where someone steals your card details), APP fraud is particularly devastating because the victim initiates the payment themselves, making it much harder to recover the funds.

APP fraud takes many forms. In purchase scams, victims pay for goods or services that do not exist. In impersonation scams, criminals pose as banks, government agencies, or trusted organisations. In invoice redirection fraud (also called business email compromise), scammers intercept genuine business communications and substitute their own bank details. The Action Fraud reporting centre in the UK received over 40,000 reports of APP fraud in a single year.

In the US, wire fraud is similarly pervasive. The FBI's Internet Crime Complaint Center (IC3) consistently ranks business email compromise among the most financially damaging cybercrimes. Once a wire transfer leaves your bank, the money typically moves through multiple accounts within hours, making recovery extremely difficult. The FTC warns that wire transfers are a preferred method for scammers precisely because they are fast, irreversible, and difficult to trace.

How Scammers Intercept and Change Bank Details

One of the most sophisticated fraud techniques is business email compromise (BEC). In a typical BEC attack, a criminal gains access to a company's email system — often through phishing or credential theft — and monitors email conversations. When they spot a legitimate invoice being sent, they intercept the email and replace the bank details with their own.

The victim receives what appears to be a genuine invoice from a trusted supplier, complete with correct logos, formatting, and references. The only difference is the bank details. Because the email comes from the supplier's actual email address (or a very similar one), there is nothing obviously suspicious about it. Victims often only discover the fraud weeks later when the real supplier chases for the unpaid invoice.

Scammers also target individuals. A common tactic is to pose as a solicitor during a property purchase, sending "updated" bank details for the deposit payment. Property transactions are particularly attractive to fraudsters because the amounts involved are large and the time pressure is high. A single intercepted conveyancing payment can result in the loss of a buyer's entire deposit.

Step 1: Validate the Bank Number Format

Before anything else, check that the bank number you received is structurally valid. Each format has built-in error detection that can catch typos, missing digits, and transposition errors — which account for the vast majority of payment failures:

• IBAN: Verify the country code, length, and MOD-97 checksum using our IBAN validator. The MOD-97 algorithm catches 99.97% of all errors, including single-character mistakes and most transpositions.
• US routing number: Check the 9-digit format and weighted checksum with our routing number validator. The 3-7-1 algorithm will catch most single-digit errors.
• UK sort code: Confirm the 6-digit format and bank lookup with our sort code validator. Since sort codes have no checksum, the bank lookup is your primary verification.

A valid format does not guarantee the account exists or that it belongs to the right person, but it does eliminate the most common cause of failed payments: simple data entry errors. Think of format validation as your first line of defence — it costs nothing and takes seconds.

Step 2: Confirm the Bank Name Matches

When you validate an IBAN, routing number, or sort code, the result should include the bank name. This is a critical cross-check. Verify that the bank name matches what the recipient told you. If someone says they bank with HSBC but the sort code resolves to Barclays, something is wrong. Similarly, if you are paying a German company but the IBAN starts with PL (Poland), that mismatch should raise immediate concerns.

For sort codes and routing numbers, the bank name lookup is deterministic — each code maps to exactly one bank. For IBANs, the country code and bank code portion will identify the institution. If the bank name does not match the recipient's stated bank, stop the payment and investigate further.

Step 3: Use Confirmation of Payee (UK)

Confirmation of Payee (CoP) is a name-checking service introduced by Pay.UK in 2020 to combat APP fraud. When you set up a new payee at a participating UK bank, CoP checks whether the name you entered matches the name on the recipient's account. You will receive one of three responses: a match, a close match (with the correct name suggested), or no match.

CoP is a powerful fraud prevention tool, but it has limitations. Not all UK banks and building societies participate (though coverage has expanded significantly since launch). CoP does not work for international payments. And a name match does not guarantee legitimacy — a scammer could open an account in a name that matches the person they are impersonating. Despite these limitations, CoP has prevented hundreds of millions of pounds in fraud since its introduction and should always be used when available.

Step 4: Verify Through a Trusted Channel

If you received bank details via email, text, or messaging app, confirm them through a separate, trusted channel. Call the recipient directly using a phone number you already have — not one provided in the same message. Payment redirection fraud (where scammers intercept emails and change bank details) is one of the most common financial scams, and the only reliable defence is out-of-band verification.

For high-value payments, especially property transactions, always verify bank details in person or by phone. Solicitors and conveyancers should never send bank details by email alone, and many have adopted policies requiring clients to collect payment details in person or verify them by phone using a known number.

Step 5: Send a Small Test Payment First

For large transfers or first-time recipients, consider sending a small test amount first (e.g., £1 or $1). Ask the recipient to confirm receipt before sending the full amount. This is standard practice for business payments, real estate transactions, and payroll setup. The cost of a test payment is negligible compared to the potential loss from sending the full amount to a fraudulent account.

When the recipient confirms the test payment, verify that they can identify the exact amount, the sender name, and the date it arrived. This confirms not only that the bank details are correct, but also that you are communicating with the genuine account holder. Read our guide to sending money internationally for more on international transfer best practices.

Step 6: Double-Check Before Confirming

Before you submit the transfer, review every field one more time:

• Recipient name matches the account holder
• IBAN / routing number / sort code is correct
• Account number is correct
• Amount and currency are right
• Payment reference is included (if required)
• The bank name shown by your bank matches your expectations

Many banks now show a summary screen before you authorise the transfer. Take the time to read it carefully rather than clicking through automatically. If anything looks unfamiliar, cancel the payment and re-verify.

Corporate vs Personal Verification Procedures

Businesses face additional risks because they process higher volumes of payments and are prime targets for invoice fraud. Corporate verification procedures should be more rigorous than personal ones:

What If You Sent Money to the Wrong Account?

If you realise you have sent money to a fraudulent or incorrect account, act immediately. Every minute counts. Here is what to do, step by step:

• Contact your bank immediately. Call the fraud hotline (not the general enquiry number). Most banks have 24/7 fraud lines. Ask them to attempt a payment recall. For Faster Payments in the UK, the bank can contact the receiving bank to request a freeze on the funds. For ACH payments in the US, there may be a short recall window (typically 1–2 business days). Wire transfers are much harder to reverse, but your bank can still initiate a SWIFT recall request.
• Report the fraud to the authorities. In the UK, report to Action Fraud (the national fraud reporting centre). In the US, file a complaint with the FBI's IC3 and report to the FTC. These reports help law enforcement track and disrupt fraud networks, even if recovery of your specific funds is uncertain.
• Preserve all evidence. Save all emails, messages, invoices, and payment confirmations related to the transaction. Do not delete anything. This evidence will be essential for any investigation or insurance claim.
• Check your eligibility for reimbursement. In the UK, the Contingent Reimbursement Model (CRM) Code means that many banks will reimburse APP fraud victims who took reasonable steps to verify the payment. Not all banks are signatories, and reimbursement is not automatic, but it is worth pursuing. In the US, wire transfer fraud reimbursement depends on your bank's policies and whether the funds can be recovered.
• Secure your accounts. If the fraud involved email compromise, change your passwords immediately. Enable two-factor authentication on all email and banking accounts. Check for any other suspicious activity.

Recovery rates vary widely. If you act within hours, the receiving bank may be able to freeze the funds before the fraudster withdraws them. After 24–48 hours, the chances of recovery drop significantly. Speed is the most important factor. Learn about transfer processing times in our guide to international transfer times.

Using Validation Tools as a First Line of Defence

Online validation tools like BankCheck cannot tell you who owns an account, but they are an essential first step in the verification process. By validating the format and looking up the bank name, you can catch obvious errors and red flags before you even contact the recipient. A sort code that does not correspond to any bank, an IBAN with an invalid checksum, or a routing number that fails the 3-7-1 check — all of these are immediate indicators that something is wrong.

Validation is especially valuable when bank details are entered manually. Studies have shown that manual data entry has an error rate of approximately 1 in 300 characters. For a 22-character IBAN, that means roughly a 7% chance of a typo in any given manual entry. The MOD-97 checksum will catch virtually all of these errors, preventing failed payments or misdirected funds.

Frequently Asked Questions

What is Confirmation of Payee?

Confirmation of Payee (CoP) is a UK name-checking service that verifies whether the name you enter when setting up a new payee matches the name registered on the recipient's bank account. It was introduced by Pay.UK in 2020 to reduce APP fraud and misdirected payments. If the name does not match, you will receive a warning before the payment is processed. It is available at most major UK banks and building societies.

Can a valid IBAN guarantee the money goes to the right person?

No. A valid IBAN only confirms that the number is structurally correct and follows the right format for the specified country. It does not verify account ownership. A fraudster can provide a perfectly valid IBAN that belongs to their own account. IBAN validation catches typos and formatting errors, but you still need to verify the recipient's identity through other means, such as phone confirmation or Confirmation of Payee.

What should I do if bank details changed in an email?

Treat any change in bank details with extreme suspicion. This is the hallmark of invoice redirection fraud. Do not reply to the email or use any contact details provided in it. Instead, contact the supplier or recipient directly using a phone number you already have on file (from your original contract or a previous verified communication). Only proceed with the payment once the new details have been verbally confirmed by someone you know and trust at the organisation.

How quickly can I recover money sent to the wrong account?

Speed is critical. If you contact your bank within minutes or hours, there is a reasonable chance the receiving bank can freeze the funds before they are withdrawn. For Faster Payments in the UK, the money arrives almost instantly, so the window is very tight. For SEPA transfers, you may have up to one business day. For international wire transfers via SWIFT, the money may pass through multiple correspondent banks, creating a slightly longer window but also a more complex recall process. After 24–48 hours, the chances of full recovery drop significantly. Some victims never recover their funds, which is why prevention is far more effective than cure.

Are bank transfers safer than other payment methods?

Bank transfers are secure in the sense that the payment network itself is robust and encrypted. However, they offer less consumer protection than credit card payments. Under UK and EU regulations, credit card payments over £100 benefit from Section 75 protection, meaning the card issuer is jointly liable if the goods or services are not delivered. Bank transfers have no equivalent protection. In the US, credit cards offer chargeback rights under the Fair Credit Billing Act, while wire transfers are generally irrevocable. For high-risk transactions (online purchases from unknown sellers, for example), a credit card is almost always safer than a bank transfer. Reserve bank transfers for payments to known, verified recipients.

Validate Before You Send

BankCheck validates IBANs, routing numbers, and sort codes for free. All validation runs client-side — your bank details never leave the browser. Use it as the first step in your verification process every time you make a payment to a new recipient.