[Eril-l] [EXTERNAL] Cyber security and invoices

Thu Sep 18 07:29:38 PDT 2025

WKU also has a process (new as of last spring) where vendors have to now sign up as a supplier via a website that our Purchasing office handles (it is called Unimarket I believe, or that’s the company that provides the interface the vendors have to use to sign up). It has been a rough transition for the library and has resulted in many late payments and extra work on my part to send “we promise we’re trying to pay you; please fill out the form you were sent” emails to my sales reps. But it’s kind of a one-time hardship in most cases and will only have to be dealt with in the future for new acquisitions (which, like many, we aren’t doing a lot of these days!).

Karen Schifferdecker, MSIS
Electronic Resources Librarian
Library Collections & Discovery
Western Kentucky University
karen.schifferdecker at wku.edu

On Sep 18, 2025, at 9:12 AM, Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:

Our procurement office verifies each vendor and requires a w9 annually.  They will not pay an invoice if the pay-to bank is different from the info we have on file. It can slow down payment, but it is more secure.

Athena

Athena Hoeppner (she/her/hers)
Interim Associate Dean, Resources and Discovery
Discovery Services Librarian | University Librarian
University of Central Florida | athena at ucf.edu<mailto:athena at ucf.edu>
Schedule Appointment<https://outlook.office.com/bookwithme/user/e7ed510b338643a092fb237960b6be17@ucf.edu/meetingtype/V46-JYn9vEWmqVPIUyuevA2?anonymous>

From: Eril-l <eril-l-bounces at lists.eril-l.org<mailto:eril-l-bounces at lists.eril-l.org>> On Behalf Of Electronic Resources in Libraries discussion list via Eril-l
Sent: Thursday, September 18, 2025 9:59 AM
To: Electronic Resources in Libraries discussion list <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>>
Subject: [Eril-l] Cyber security and invoices

As phishing and other cyber problems become more sophisticated, I was wondering if anyone uses a process to verify that invoices are coming from your publishers and vendors.
I just received an email notice from one vendor today about cyber security after I submitted 2 invoices for payment. I double checked the emails and all of the usual triggers (email address for invoice, vendor name, invoice number, and vendor address, ACH payment information) against our previous years' invoices.
Short of having a vendor send me print invoices, I don't know how to know that I am receiving the correct invoice and sending it to the correct vendor.
If other institutions have a process of verification, I'd be interested in knowing what that might be.

Best,

Judith

--
Judith Nagata  (she/her)
Electronic Resources & Serials Librarian
Dinand Library
College of the Holy Cross
Worcester, MA 01610
p: 508-793-2639
e: jnagata at holycross.edu<mailto:jnagata at holycross.edu>
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20250918/aa532335/attachment.htm>