At a time when payments fraud tactics are becoming more advanced and harder to detect, artificial intelligence (AI) offers a clear advantage: It can analyze transaction data in real time, identify anomalies and adapt to emerging threats. And yet, most organizations aren’t using it.

According to the 2026 AFP Payments Fraud and Control Survey, underwritten by Truist, adoption is low, with just 17% of organizations using AI in their fraud controls. It’s not a lack of interest driving this; instead, it’s about what it actually takes to move from awareness to implementation.

The benefits of AI are clear, but not enough

Organizations that have implemented AI are seeing measurable gains. Nearly half of the survey respondents who have implemented AI for fraud controls said efficiency in fraud reporting has been enhanced, while others cited the detection of deepfake technology (45%) and real-time identification of suspicious transactions (43%) as most improved.

AI’s ability to analyze large volumes of payment data, learn from past fraud patterns and flag anomalies in real time makes it particularly well-suited to combat fraudsters’ increasingly sophisticated methods. That said, it is larger organizations with more resources who are most likely to adopt AI technology, leaving mid-size and smaller companies on the sidelines.

To illustrate what is happening behind the scenes, consider this hypothetical scenario: A treasury team is processing a high-value payment request that appears to have come from a known executive. The email is convincing, the timing urgent and it aligns with a current project. Without AI, the payment may move forward based on standard approval processes. But with AI-enabled monitoring, subtle anomalies — unusual timing, deviations from typical payment patterns or inconsistencies in communication signals — could trigger an alert, requiring additional verification before the funds are released.

What’s holding organizations back?

Several factors, cited by AFP’s survey respondents, leave organizations reluctant to adopt AI for fraud controls.

1. Limited infrastructure and internal capacity

For many organizations, the challenge isn’t interest — it’s readiness. AI implementation often requires modern systems, clean data environments and internal expertise that not everyone has. Limited IT infrastructure, tight budgets and competing demands on staff make it challenging to prioritize AI initiatives, even when its value is clear.

2. Cost remains a major deterrent

Even if the business case is compelling, the upfront investment can be hard to justify. Organizations cite not only the cost of AI tools themselves, but also the expense of integration, training and ongoing maintenance. In many cases, existing fraud controls, while imperfect, are seen as “good enough,” especially when weighed against the financial and operational lift required to implement AI.

3. AI is still viewed as immature or unproven

Many remain concerned about AI’s reliability, oversight and risk, particularly in environments where errors can lead to significant financial or reputational consequences. For these organizations, AI is still seen as an emerging technology that requires further validation before it can be trusted in high-stakes applications.

4. Lack of knowledge and an unclear starting point

Even when interest exists, some teams simply don’t know where to start. Survey responses reflect uncertainty about the available tools, use cases and implementation pathways. Without a clear roadmap, organizations remain in the exploratory or pilot phase, delaying adoption.

5. Regulatory and organizational constraints

In regulated industries, adoption is not just about strategy; it’s about compliance. Government contractors and other regulated organizations often face restrictions on AI use, and internal policies may limit deployment without specific approvals. Concerns around data privacy, security and governance further slow progress.

6. Competing priorities and low perceived urgency

For some organizations, AI simply isn’t at the top of the list. When fraud incidence is relatively low or existing controls are performing adequately, investment in AI can feel unnecessary. Other initiatives, such as digital transformation, system upgrades or regulatory compliance, often take precedence.

7. Reliance on banks and vendors

Many organizations assume they are already indirectly benefiting from AI. Rather than building in-house capabilities, they rely on their banking partners or third-party providers to deliver AI-driven fraud detection. While this approach can reduce internal burden, it can also limit visibility and control over how AI is applied.

What leading AI-powered fraud controls look like

As fraud tactics evolve, organizations that prioritize AI implementation can gain a meaningful advantage, not only in detecting fraud but also in responding faster and more effectively.

This advantage begins with the frontline of fraud prevention — employees. AI can make phishing simulations highly realistic and specific to certain roles. This better prepares employees to identify and report even sophisticated fraud attacks.

Beyond training, AI can also provide a continuous layer of defense when integrated directly into a treasury management system (TMS), an enterprise resource planning (ERP) system or a payment gateway. AI can analyze large volumes of transaction data in real time. As machine learning algorithms learn from historical data, they can provide more precise risk scoring and more accurately flag suspicious transactions while reducing false positives that disrupt legitimate business.

Particularly for organizations with high transaction volumes or complex payment structures, up-to-date employee training and early warnings are both vital to intercepting threats before losses occur.