Why is penny drop account validation insufficient to prevent vendor fraud?

penny drop account validation

Last modified on October 31st, 2023

The charity organization Save the Children lost nearly $1M in 2017. Fraudsters impersonated vendors and lured them to wire the money to their bank accounts – which hadn’t been validated. Account validation (part of KYC) is a legal requirement in the US, and it also helps protect you from fraud. Penny-drop account validation is one of the ways to do that — but it’s not enough. Keep reading to find out why!

Unlike penny-drop, Trustpair provides ongoing account validation throughout your payment chain. It protects you from vendor fraud by blocking any suspicious payments. Request a demo to learn more!

New call-to-action

Why is penny drop account validation useful in vendor onboarding?

Penny drop is a way to carry out the bank account verification of your vendors, as well as their identity. It goes a step further than IBAN validators, who only check the validity of the bank account numbers format.

When you first start working with a new vendor, penny drop account validation allows you to verify bank account details shared are correct. It’s part of the “Know Your Customer” (KYC) process and it ensures smooth money transfers to your suppliers, which contributes to a good relationship with them.

Penny drop account validation checks:

  • Your beneficiary’s bank account is valid and exists,
  • The account matches your supplier’s name,
  • It’s operational and able to receive funds (it’s not frozen or closed).

It’s a way to do your account validation process, a legal obligation required by banks and financial institutions in many countries (like the US, EU, and India). Penny drop can be integrated into your current KYC onboarding process.


Why is it insufficient to secure the entire payment chain?

The limits of penny-dropping

However, using penny drop to verify your supplier’s bank accounts isn’t enough. Penny drop account validation doesn’t protect you against fraud.

The penny-drop process fails to carry out the continuous checks necessary for your protection. Most businesses only do it when onboarding their supplier, before a first transfer is sent. Some go a bit further by controlling them when there is a change in their vendor’s credentials.

With penny drop, you also need to wait for the transaction status to come back to you to identify the beneficiary’s name on the account. But in the hustle and bustle of daily work, this crucial step can be skipped, rendering the whole identity verification process null.

To counter that, some third-party software uses UPI (United Payment Interface) to do a penny drop with their merchant instantly. That solves a part of the problem, but UPI verification subscribers still aren’t totally safe from fraud.

While this complies with the legal requirements of account validation in most countries, it also creates security breaches in your procurement process. In most cases, businesses don’t realize there has been a change in their supplier’s bank account details. To learn more about the web debit account validation rule, read this article.

Even the best penny-drop API solution using UPI cannot protect you against fraud from identity theft. In vendor fraud, scammers impersonate your suppliers and ask you to “update their bank account details”. They can also hack into your master file and change the financial details directly on your system.

Like Save the Children, who fell victim to a vendor fraud scam — and countless other organizations whose stories you can read in the news. With fraud on the rise, it’s important now more than ever to adequately protect your business against the risk of vendor fraud.

Anti-fraud software as an alternative to penny drop

How do you protect yourself from fraud? By using a solution that carries out continuous checks.

An anti-fraud solution like Trustpair runs automated account verifications in the background, ensuring your vendor details are always legit, 100% of the time.

We use three-way matching to check:

  • Your supplier’s bank account is valid and exists,
  • The name on the account,
  • Both sets of information match.

All of this is shared with you in real time.

We also have unrivaled coverage rates in the US, Europe, and China, meaning you can validate accounts internationally. No more sending funds to a fraudster’s bank account thinking you’re paying your overseas suppliers.

Our solution also checks ABA routing numbers when used for electronic payments, protecting your business from fraud across different payment solutions.

Anti-fraud software goes further than penny-drop by providing instant bank account verification. Any suspicious transfer will be blocked, so you always know who you’re sending money to. It also allows you to share financial information with your teams securely. It’s the end of endless emails and spreadsheets to share updates between procurement, accounting, and finance!


What is penny drop account validation and how does it work?

Penny drop verification is a way to verify your beneficiary’s bank account numbers are correct.

Concretely, it means depositing a small amount (usually $0,01, hence the name) onto their accounts to check the bank account’s number is valid, and the account can receive funds.

It can be done manually but most organizations now do it through API. Large businesses will use account verification APIs to do penny drops rather than doing it by hand for each vendor account — it saves time and is less error-prone, so it’s worth the price.

The penny drop process looks like this:

  1. You get your suppliers or customers’ bank account numbers (and IFSC code if you’re in India).
  2. You used the codes shared to send a penny to their account (manually or through an API).
  3. If the penny drop is successful, you’ll know the bank account is valid. It comes back with the beneficiary name, which you can double-check against your supplier’s name.
  4. If the penny drop verification failed, the transaction will bounce back to you with the failure reason.

This method has been widely used in India. The government set it up to protect customers of the National Pension System (NPS). Users of this service have to share some details to verify their identity before making a withdrawal request.

They use the penny-drop account validation to check the validity of customers’ bank details. For this, they share their account holder’s name, as well as their bank account number and IFSC number — or their UPI code to save time. The withdrawal is only accepted if the identity verification process is successful.

Even though penny-drop requires sending a small amount of money to an account, it’s a small price to pay to verify the accounts you deal with.

In a way, penny drop is similar to micro-deposits, a process used to do ACH account verification. Trustpair also helps you validate routing numbers for this payment method, as well as for wire transfers.


Key Takeaways:

  • While Penny Drop checks the validity of the details shared by your vendors, it leaves an open doorway to fraud by not doing so continuously.
  • Using anti-fraud software like Trustpair efficiently protects your company against the risk of vendor and third-party fraud.


Penny drop is a safe way to validate the account before you send more funds to it. It checks the bank account numbers (and eventual IFSC) are correct and can receive funds. It’s safe, but it’s not enough to protect yourself from fraud.

Using Trustpair protects you from fraud by continuously checking your vendor’s bank account details, whereas penny drop only does it once.

Manage the risks related to corporate treasury.

Receive our latest news

Subscribe to the Trustpair Newsletter and receive advice every week…
Thanks ! Your subscription to the Trustpair newsletter has been taken into account.

        By clicking on “Subscribe”, you agree to receive the Trustpair newsletter to be informed of news or important information about our services. By subscribing, you agree to our Privacy Policy.

Related Articles