European Supplier Verification Checklist: A Practical Guide to Verifying Any EU Supplier Before Payment

Before making any payment to a European supplier – whether for goods, services, or ongoing trade – a structured verification process is the most effective protection against supplier fraud. Fraudulent suppliers operating across the EU, Switzerland, and the United Kingdom use registered company names, cloned websites, compromised email accounts, and professional documentation to collect payments for goods that will never be delivered. Business Email Compromise attacks intercept legitimate supplier relationships and redirect payments to fraudster-controlled accounts. This checklist provides a practical, step-by-step algorithm for verifying any EU-based supplier. Each step targets a specific fraud indicator. Completing all steps before any payment significantly reduces the risk of financial loss.

How to Verify a European Supplier Before Payment

Step 1: Confirm Legal Existence

Every legitimate European supplier is registered in a national commercial register. Verify the entity through the Business Registers Interconnection System (BRIS) – the EU-wide portal connecting all national registers – and through the specific national register of the country where the supplier claims to be incorporated: Companies House (UK), Handelsregister (Germany), Registre du Commerce et des Sociétés (France), Registro delle Imprese (Italy), or Registro Mercantil (Spain). The following facts must match exactly between the supplier’s representations and the register entry: the full legal name, registration number, current status (active, dissolved, or in liquidation), and the names of registered directors. If the company does not appear in the register, has been dissolved, or is in liquidation – the supplier does not exist as a functioning legal entity. Do not proceed to payment. Any mismatch between the supplier’s claims and the official registry is a direct indicator of fraud or misrepresentation.

Step 2: Validate the VAT Number

Every EU-registered business engaged in cross-border trade holds a VAT identification number. Verify the supplier’s VAT number through the VIES (VAT Information Exchange System) – the European Commission’s official validation tool. Confirm two facts: that the VAT number is currently active, and that the company name associated with the VAT number matches the supplier’s registered legal name exactly. An invalid VAT number – or a VAT number that returns a different company name – is a strong indicator of a fictitious entity or identity misrepresentation. For intra-EU transactions, a valid VAT number is also a legal requirement for the correct application of VAT – making validation both a fraud prevention measure and a tax compliance obligation.

Step 3: Identify Ultimate Beneficial Owners (UBO)

Determine who ultimately owns and controls the supplier. Access the relevant UBO register – required under the EU Anti-Money Laundering Directives – to identify the natural persons who hold significant ownership or control. Examine the ownership structure: the country of registration of each entity in the chain, the percentage of ownership, and whether the structure is transparent or layered through multiple jurisdictions. Risk indicators include: beneficial owners registered in offshore jurisdictions with no connection to the supplier’s stated operations, nominee or proxy shareholders, complex multi-layered ownership structures that obscure the ultimate controller, and refusal to disclose beneficial ownership information when requested. These structural features are commonly associated with shell companies used for fraud, money laundering, and tax evasion.

Step 4: Verify Bank Details

Before transferring funds, verify the payment details provided by the supplier. Confirm that the IBAN belongs to the supplier – not to an individual or a third-party entity. Verify that the beneficiary name on the account matches the supplier’s registered legal name. Confirm that the bank is located in a jurisdiction consistent with the supplier’s registered address and operations. Red flags include: an IBAN registered to a different company or individual, a bank account in a country where the supplier has no registered presence or operations, payment instructions directing funds to multiple accounts, and beneficiary names that differ from the supplier’s legal name. Any of these indicators suggest that the payment infrastructure is not controlled by the supplier – and may indicate fraud, BEC compromise, or intermediary diversion.

Step 5: Detect IBAN Changes (BEC Fraud Prevention)

Business Email Compromise is one of the highest-value fraud categories affecting European trade. The attack is simple and devastating: a fraudster compromises or spoofs a supplier’s email account and sends the buyer a notification that the supplier’s bank details have changed. The buyer updates the payment details and transfers funds to the fraudster’s account instead of the supplier’s. Any notification of changed bank details – regardless of how legitimate the email appears – must be verified through a direct telephone call to the supplier using a phone number obtained independently, not from the email itself. Never update payment details based solely on an email instruction. This single verification step prevents the majority of BEC fraud losses – which in European trade amount to hundreds of millions of euros annually.

Step 6: Analyse the Domain and Website

Check the supplier’s website domain through WHOIS. Verify the date of registration, the registered owner, and whether ownership details are concealed behind privacy services. A domain registered less than one year ago – particularly for a supplier claiming years of operational history – is a significant risk indicator. Compare the website carefully against known legitimate supplier websites: cloned websites that replicate the design, content, and branding of a real supplier are a documented fraud method used to intercept procurement relationships.

Step 7: Verify Contact Details

Legitimate suppliers use corporate email addresses on their own domain – not free email providers such as Gmail, Outlook, or Yahoo. Verify that the email domain matches the supplier’s website domain and registered company name. Confirm that telephone numbers are active and connect to the supplier’s offices. Inconsistencies between contact details and corporate identity – such as a supplier with a professional website but using a Gmail address for invoicing – are risk indicators that warrant additional verification before payment.

Step 8: Review Business History

Assess the supplier’s operational track record. Determine how long the company has been in business, review published financial accounts where available, and request references from previous transactions. A company that was incorporated recently – particularly one offering large-volume supply or requesting significant advance payments – presents elevated risk. Established suppliers have verifiable trading histories, published accounts, and referenceable client relationships. The absence of any operational history is a red flag that the entity may have been created specifically for the purpose of collecting payments without delivering goods.

Step 9: Screen Reputation and Litigation

Search for the supplier’s name, director names, and associated domains in public court records, news archives, trade forums, and consumer complaint databases. Look for fraud allegations, regulatory enforcement actions, trade disputes, and patterns of complaints from other buyers. Repeated complaints describing non-delivery, quality misrepresentation, or payment disputes from multiple sources indicate systematic problems – not isolated incidents. Cross-reference director names with other companies to identify individuals associated with previously failed or fraudulent businesses.

Step 10: Conduct Sanctions and AML Screening

Screen the supplier, its directors, and its beneficial owners against international sanctions lists: EU Consolidated Sanctions List, UK Sanctions List (OFSI), US OFAC SDN List, and UN Sanctions List. Additionally, screen for Politically Exposed Persons (PEPs) – individuals holding or recently holding prominent public functions – whose involvement in the supplier’s ownership may create compliance obligations. Transacting with a sanctioned entity is a criminal offence in every EU jurisdiction – and payments to sanctioned parties may be frozen or seized by banks without prior notice. AML screening is not optional: it is a legal obligation for regulated entities and a practical necessity for any buyer making significant payments.

Step 11: Review the Contract

The purchase contract must contain clear, enforceable terms. Verify: the full legal identity of both parties, a precise description of the goods or services, quantity and quality specifications, delivery terms using recognised Incoterms, pricing and currency, payment schedule and conditions, liability provisions, and dispute resolution mechanisms. The absence of a written contract, vague product descriptions, undefined delivery obligations, or terms that require full payment before any performance are risk indicators. A legitimate supplier will provide – and expect – a detailed contract that protects both parties. Reluctance to formalise the agreement in writing is inconsistent with standard European business practice and should be treated as a red flag.

Step 12: Verify Logistics and Delivery Capability

Confirm that the supplier has the physical infrastructure to fulfil the order. Verify the warehouse address and, where possible, confirm its existence through independent sources – commercial directories, satellite imagery, or third-party inspection. Request shipping documentation from previous deliveries to confirm operational capability. Non-delivery fraud – collecting payment for goods that are never shipped – is one of the most common forms of supplier fraud. Fictitious suppliers create professional websites and documentation but have no warehouse, no inventory, and no logistical capability. Confirming physical delivery infrastructure before payment separates legitimate suppliers from fraud operations.

Step 13: Authenticate Documents

Request and review all key documents: proforma invoices, commercial invoices, the signed contract, product certificates, certificates of origin, and any regulatory compliance documentation. Cross-reference every document against the supplier’s registered details – company name, registration number, VAT number, and address must be consistent across all documents. Inconsistencies between documents – different company names on the invoice and the contract, a VAT number that does not match the registered entity, or certificates that cannot be independently verified – indicate document fraud. Forged invoices and fabricated certificates are standard tools in supplier fraud schemes.

Step 14: Assess Payment Terms

The payment structure is one of the clearest indicators of supplier legitimacy. Risk indicators include: demands for 100% advance payment, pressure to pay urgently before due diligence is complete, and refusal to accept standard trade payment terms. Safe payment structures include: escrow arrangements where funds are released only upon confirmed delivery, partial payments tied to milestones (order confirmation, shipping, delivery), letters of credit, and payment upon inspection. A legitimate supplier with a verifiable track record will accept commercially standard payment terms. A supplier that insists on full advance payment and pressures for immediate transfer – regardless of how convincing the explanation – is exhibiting a pattern consistent with fraud.

Step 15: Verify Insurance and Guarantees

Request evidence of trade insurance – product liability, cargo insurance, and professional indemnity where applicable. For high-value transactions, request a bank guarantee or a standby letter of credit that protects the buyer in the event of non-delivery or non-conformity. The absence of any insurance or guarantee – particularly for a supplier requesting substantial advance payment – leaves the buyer with no protection if the goods are not delivered or do not meet specifications. Insurance and guarantees are standard in legitimate European trade and their absence is a meaningful risk indicator.

Step 16: Screen Warning Lists

Check the supplier’s name and all associated domains against regulatory warning lists: IOSCO Investor Alerts, national regulator warnings (FCA, BaFin, AMF, CONSOB, CNMV), Europol public alerts, and industry-specific fraud databases. While these lists focus primarily on financial services, supplier fraud schemes that involve fictitious investment returns, advance-fee collection, or fraudulent trade finance increasingly appear on regulatory radar. Presence on any warning list is a definitive high-risk indicator.

Step 17: Confirm Physical Presence

Verify that the supplier has a genuine physical presence at its stated address. A registered office at a virtual office provider – with no warehouse, no showroom, and no operational staff – is a risk indicator for a supplier claiming to trade physical goods. This does not mean that every supplier must own large premises – but the physical presence should be consistent with the scale and nature of the claimed business. A supplier offering industrial volumes from a mailbox address warrants immediate additional scrutiny.

Step 18: Red Flags – When to Stop

The presence of two or three of the following red flags is sufficient to halt the payment: payment directed to a third party rather than the supplier, recent or unexplained change of IBAN, pressure to pay urgently before verification is complete, a website domain registered less than one year ago, and no verifiable business history or operational track record. Each flag independently signals elevated fraud risk. In combination, they establish a pattern consistent with organised supplier fraud and inconsistent with legitimate trade.