Winning the Fraud Game

Even as organizations strengthen defenses, fraudsters continue to evolve. Payment fraud remains a persistent threat to businesses of all sizes, with 79% of organizations reporting attempted or successful attacks in 2024, according to the 2025 Payments Fraud and Control Survey Report from the Association of Financial Professionals.

Although the overall rate of fraud remained steady compared to the previous year, the nature of attacks has grown more sophisticated—increasingly bypassing even well-established controls.

AFP’s annual survey report offers a comprehensive look at how fraud is impacting business-to-business (B2B) payments and what can be done to adapt. For business owners, finance professionals and internal auditors, the findings are clear: proactive prevention and swift detection remain essential.

Here are five key insights to help protect payments:

Check fraud isn’t going away—and neither is check usage.

Checks continue to be the top target for payment fraud, impacting 63% of organizations in 2024. ACH debits followed at 38%.

Despite this, most organizations have not moved away from checks. Why? Because business partners, especially smaller vendors, often require them. The administrative burden, fraud risk, and delays involved in processing check payments are widely known—yet checks remain ingrained in B2B transactions.

Businesses can better secure check payments by implementing internal controls and leveraging fraud mitigation tools like payee positive pay, which compares issued checks to those presented for payment. This allows unauthorized checks to be flagged and blocked before they’re processed.

Business email compromise remains the leading threat.

More than 60% of fraud incidents in 2024 stemmed from business email compromise (BEC), an ongoing, highly effective method where attackers pose as legitimate vendors, executives, or colleagues to request fraudulent payments. Wire transfers were the most frequently targeted payment method, often exploited through convincing, but fraudulent, email requests.

Vendor impersonation, forged checks, stolen cards and identity fraud were also common, especially from individuals operating outside the organization.

Although BEC is still prevalent, companies are fighting back. Many have improved email filtering systems and expanded associate education efforts, which have helped reduce the success rate of email attacks and credential theft. Still, with 63% of organizations targeted by BEC within the past year, continued focus on associate training and vendor verification processes remains vital.

Treasury teams are the first line of defense.

The speed of detection makes a major difference in the outcome of a fraud event. 

In 2024, 35% of organizations that suffered a loss detected the fraud within a week; another 21% identified it within two. The faster fraud is uncovered, the better the odds are for recovery.

Most often, a bank’s treasury management team or its accounts payable department identifies fraud, not external systems. Internal review processes and consistent oversight remain powerful tools in catching fraud early.

Invest in educating any employees who handle payments, not only on what to look for, but on how to escalate concerns and follow up quickly when red flags emerge. Whether it’s a sudden change in vendor banking information or an unusual check amount, every detail matters.

Recovery is never guaranteed, but preparedness improves the odds.

While over half of organizations were able to recover up to 75% of lost funds in 2024, 20% couldn’t recover any losses at all. That’s a sobering reminder that detection and prevention are far more effective than trying to chase down stolen funds after the fact.

The longer the time between the fraudulent transaction and discovery, the harder it becomes to stop or reverse the damage. Businesses should implement layered protocols across all payment types —checks, ACH, wire transfers and cards —and ensure tools such as positive pay, ACH fraud filters and multi-step approvals are active and enforced.

Technology is changing the fraud landscape.

While deepfake-driven fraud isn’t yet widespread, the report warns that visual and audio impersonation could become a growing threat in the years ahead. Artificial intelligence is already enabling criminals to craft more convincing phishing emails and replicate business language and branding. Businesses must stay ahead by reviewing their controls frequently and assessing emerging threats.

Fraud prevention can’t completely eliminate risk, but there are steps any business can take to manage it wisely. That starts with understanding where an organization is vulnerable, ensuring teams are trained and working closely with a bank’s treasury management department to implement the right safeguards.

No matter an organization’s size or industry, tools are available to take control and protect payments. Don’t wait for an incident to test systems; implement prevention tools and prioritize education now to stay ahead.

PUBLISHED MAY 2026