What's the safest way to collect and store vendor bank account details?

Yes, with review. Vendor-entered details eliminate AP transcription errors and create attribution - the authenticated vendor account, not "someone who emailed us," supplied the data. Pair self-service with mandatory AP review and verification before details become payable, so you get the accuracy and liability benefits of self-service without trusting submissions blindly. The portal also becomes your policy lever: "we only accept banking changes through the portal" is the cleanest defense against email-based fraud.

Encrypted at rest, masked in the interface (last four digits), access restricted by role to the few people who maintain payment data, every view and change logged, and nothing living in spreadsheets, shared drives, or email folders. Auditors will ask: who can see full account numbers, who can change them, what approval gates a change, and can you produce the change history for any vendor. If banking data is in a spreadsheet, every one of those answers is wrong.

AI can reliably read banking details off invoice documents - the question is what happens next. Extracted details should be treated as a *proposed change*, never an automatic update: compared against the banking already on file, flagged when they differ, and routed through the same review and verification as any other change. Extraction is a speed tool; the safety comes from the verification workflow behind it. Any system that silently updates payment instructions from an inbound document has automated the exact attack BEC fraudsters run manually.

View of full account numbers: the small set who maintain payment data. Edit: fewer still, with a second person approving every change. Everyone else sees masked values. Banking fields deserve the tightest access model in your finance stack - they're the fields that move money.

ACH: routing number, account number, account type (checking/savings), and the account holder name. Wires add the receiving bank's name and address and, for international, SWIFT/BIC plus IBAN or local account formats and sometimes an intermediary bank. Collect the full set once, at onboarding, through the portal.

Routing numbers carry a checksum, so format validation catches typos instantly; beyond that, verify the routing number resolves to a real institution via an ABA/Federal Reserve lookup. A "routing number" that fails checksum is a typo; one that resolves to an unexpected bank for that vendor is a verification conversation.

Segment by spend, invite vendors to the portal in waves with a clear what's-in-it-for-them (faster, traceable payment), validate and verify every submission exactly as you would a banking change - at-scale collection is also at-scale fraud surface - and expect a check-resistant long tail you'll convert over quarters, not weeks.

The ACH return code tells you: invalid account-number formats point to bad data; "account closed" and "no account/unable to locate" mean the account is gone or never matched. Either way, the fix is re-collection through your verified channel - and a bounced payment after years of success on the same details deserves a fraud-aware second look before you "fix" anything.

Vendors submit banking details through Stampli's secure self-service portal, and sensitive changes go through review and approval before they take effect - with the full history of who submitted and who approved preserved on the record. Stampli AI can identify payment details from invoice documents, but they're surfaced for human review against the vendor's known information, never silently applied. Payment-detail completeness and approval status can gate payability, so an unreviewed change can't ride into a payment run.