Payments Fraud

What Is Payments Fraud?
Payments fraud is the illegal or unauthorized use of payment instruments — including credit and debit cards, checks, wire transfers and online payment platforms — to obtain financial gain. The umbrella of payments fraud encompasses a wide range of fraudulent activities, including credit card and check fraud, phishing and account takeover.
Payments fraud is one of the principal challenges organizations and businesses face today. According to the 2026 AFP Payments Fraud and Control Report, underwritten by Truist, 76% of organizations reported being a victim of an attempted or actual fraud attack.
Stablecoins & On-Chain Liquidity Certificate

Build the context and confidence you need to evaluate how stablecoins fit into your treasury strategy and operations.
How Does Payments Fraud Affect Businesses?
Payments fraud can affect businesses in numerous ways, including:
- Potential financial loss
- Reputational risk
- Failure to meet regulatory requirements
- Business disruption
- Loss of customer trust and loyalty (e.g., as a result of a data breach)
Mitigating payments fraud requires the implementation of robust security measures, employee education on common fraud schemes and collaboration with partners, including banks and vendors.
How Does Payments Fraud Happen?
The majority of payments fraud starts with an individual outside your organization. Fraudulent emails, referred to as business email compromise (BEC), and external individuals using tactics other than email (e.g., forged checks, stolen cards and identity fraud), were the methods most frequently used by fraudsters in 2025, according to findings from the 2026 AFP Payments Fraud and Control Report.
Three common tactics that fraudsters use to commit BEC are:
- Spoofing an email account
- Using a domain lookalike
- Taking over a legitimate email account
Fraudsters who employ the spoofing technique forge email header elements to trick users into believing they are communicating with a trusted source. Clicking on a domain lookalike can lead to web traffic diversion and/or malware delivery. Fraudsters like to use compromised email accounts to send fraudulent change of payment instructions, and messages are now coming in via texts, WhatsApp and Signal, in addition to email. These messages appear authentic but often contain hyperlinks to malicious sites or payment portals. With the help of AI, fraudsters have been able to avoid standard indicators of a phishing email, such as spelling and grammatical errors.
Other often-used methods reported in AFP's survey include manipulated ACH or wire transfer instructions, invoice fraud, intercepting checks sent through the mail, vendor imposter, spoof/spam text on official mobile devices or fraudulent QR code, and third-party or outsourcer fraud.
How to Protect Your Business Against Payments Fraud
How do you protect your business against payments fraud? While there is no single fail-safe protection, experts recommend fortifying four areas: governance, technology, process improvements and employee education.
Enhance Internal Controls
Taking the time to enhance internal controls is critical. Best practices include strict segregation of duties, dual approvals and multi-level authorization requirements for payment transactions. Be sure to update fraud prevention policies and procedures to reflect evolving regulations and emerging threats. At the same time, it’s important to conduct regular internal and external audits to evaluate the effectiveness of existing controls. According to AFP's survey, in 2025, collaboration with banking partners increased as organizations sought to implement additional safeguards and strengthen oversight.
Invest in Technology
Investing in technology-driven fraud prevention is important. Examples include artificial intelligence and machine learning solutions, TMSs, positive pay services and account validation technologies. The expansion of automated payment reviews, reconciliation processes and continuous monitoring capabilities can improve the speed and accuracy of fraud detection. Additionally, reducing the use of paper checks in favor of electronic payment methods helps to mitigate check fraud risk.
Improve Processes
Refining operational processes helps to reduce vulnerabilities and improve fraud prevention. One popular process improvement is enhanced vendor verification procedures, such as call-back protocols, third-party bank account validation and additional documentation requirements. Strengthening payment review workflows, standardizing approval procedures and increasing the frequency of reconciliations and monitoring activities are proven methods for identifying anomalies faster and preventing fraudulent transactions from being processed.
Educate Employees
Employee awareness is critical. AFP's survey found that in 2025, organizations expanded fraud and cybersecurity training programs that focused on phishing, BEC and other common attack methods. Escalation procedures and reporting requirements should be reinforced concurrently. It's also important to conduct testing exercises and awareness campaigns and increase communication regarding emerging fraud trends to help employees recognize threats and respond appropriately.
No Code AI for Finance Certificate

Learn to modernize workflows, elevate analysis and lead AI adoption in your finance team with confidence.
Positive Pay vs. Reverse Positive Pay
Two fraud prevention services commonly offered by banks to help detect and prevent check fraud are positive pay and reverse positive pay. While both services verify the authenticity of checks before clearing them for payment, the difference between them lies in their approach.
Positive pay involves the company sending payment information (a list of issued checks) to the bank before distributing checks. The bank then matches the details of each check to the company’s records and pays only those that match; some services also verify the payee field. Any discrepancies are sent to the company for a decision on whether to pay or return the item, usually on the same day. If no decision is made, the bank defaults to either pay all or return all (of the exception items). To help the company make this decision quickly, most services provide online access to transaction data and check images.
When dealing with ACH payments, the bank sends the company a list of ACH debits, i.e., requests for payment, and the company decides whether or not to authorize payment. Rules can be set up ahead of time to help automate the process, such as allowing debits up to a specified amount to be paid automatically. It is standard practice for positive pay services to operate on a batch basis; however, companies can also opt for teller positive pay, which allows tellers to process a real-time inquiry on checks, which helps prevent the cashing of fraudulent items.
There are two weaknesses with positive pay to be aware of:
- Positive pay does not safeguard against fraudulent endorsement, which is when a stolen check is endorsed and cashed by a third party without altering key details such as the amount or serial number. Because positive pay cannot differentiate between the original check and a copy, it pays the first presented check.
- Unique to the U.S., if the third party (e.g., a check-cashing center) can prove that it was a “holder in due course” at the time it accepted the check, they may be able to collect from the issuer of the check even though the check was fraudulent or altered.
With reverse positive pay, the bank sends a daily or intraday file to the company of checks presented for payment. The company then matches it with the issued check file and notifies the bank of any discrepancies. It is important to note two weaknesses of reverse positive pay:
- Reverse positive pay does not prevent fraudulent checks from being cashed at the teller line, as the bank doesn’t have access to the issued file.
- The default of “pay all” or “pay none” needs to be established with the understanding that if the company ops for “pay none,” all checks will be returned for that day — not just the exceptions.
Best Practices for Fraud Control
Companies can adopt several best practices tailored to their payment processes to fortify fraud control measures:
- If your organization is still writing checks, be sure to utilize check stock embedded with advanced security features such as microprinting, holograms and non-photo-reproducible elements. This can deter counterfeit attempts and enhance check authenticity.
- Implement a segregation of duties. This ensures that individuals who are reconciling accounts are distinct from those authorized to initiate the transactions. Include positive pay procedures as well — those authorized to make decisions regarding the exceptions should not be involved in the initiation of the transaction.
- Require dual authentications for all EFT transactions. This adds an extra layer of security by having one person initiate the transaction and another person review and authorize it.
- Reduce or eliminate non-repetitive wire transactions and maintain separate accounts for deposits and disbursements.
- Deploy specific-purpose deposit-only ZBAs with debit blocks or filters to enhance control over funds. Bolster protection further by implementing check blocks for ACH-only ZBA accounts.
- Authenticate the ownership of beneficiary accounts before initiating EFT transactions or writing checks. This can be done by utilizing standalone services like Early Warning Services, integrating KYC verification solutions into payables workflows, or, in the U.K., leveraging bank-provided solutions such as CoP.
- Adopt proactive measures against BEC scams. For example, verify any changes to settlement instructions by directly contacting payees as opposed to clicking “reply” in the sender’s email.
Incorporating these best practices into your company’s fraud controls will help strengthen your defenses against payments fraud, thereby helping to safeguard both the company’s financial assets and its reputation.
Payments Fraud Trends
According to the 2026 AFP Payments Fraud and Control Survey, the number one avenue of attempted and actual payments fraud is BEC. Checks remain the payment method most often subjected to payments fraud. Despite this fact, only 28% of organizations currently using checks said they plan to eliminate check usage within the next two years.
When it comes to recovery, only 30% of organizations reported success in recovering 75% or more of funds lost to payments fraud in 2025. While this is an increase over 2024, it is still not on par with 2023, when 41% of organizations recouped the same amount.
Learn More About Payments Fraud
AI Can Strengthen Fraud Controls. Why Aren’t More Organizations Using It?
At a time when payments fraud tactics are becoming more advanced and harder to detect, artificial intelligence (AI) offers a clear advantage: It can analyze transaction data in real time, identify anomalies and adapt to emerging threats. And yet, most organizations aren’t using it.
The 2026 Payments Fraud Outlook: Lessons from Real-World Fraud Scenarios
What are the payments fraud trends to watch for in 2026? Email-based fraud continues to rise, check fraud remains stubbornly persistent and newer tactics, such as deepfake impersonation, are beginning to emerge.
Fraud Is Moving Fast — Treasury Needs to Move Faster
Over the past year, fraudsters have adopted AI more aggressively, expanding beyond email into voice and text impersonation. They are refining attacks that bypass the traditional red flags most teams still rely on. Yet many organizations are slow to retire high-risk payment methods and update their internal processes.
Managing Vendors to Prevent Fraud
One of the most prevalent types of fraud is vendor fraud, in which a supplier or vendor — or someone impersonating one — deliberately manipulates payment or vendor information to steal money through the procurement process. According to accounts payable (AP) automation provider Medius, U.S. companies lose an average of $300,000 per year to vendor fraud. While these losses do not usually bankrupt companies, operations are interrupted, suppliers go unpaid and reputations are damaged.
4 Ways to Reduce Payments Fraud
Implementing robust payment fraud controls is crucial for businesses and financial institutions to safeguard against financial losses, maintain customer trust and comply with regulatory requirements. Fraud controls enable early detection of suspicious activities, reducing operational costs associated with fraud incidents. They also enhance data security, protect against evolving tactics and contribute to a seamless and secure customer experience.

