Fight the battle against payments fraud

In today’s payments environment, fraud risk is an ever‑present reality — persistent, adaptive, and difficult to predict. Recent data underscores the scope of the challenge for corporate leaders: 76% of U.S. organizations experienced attempted or actual payments fraud in the past year, according to the 2026 Association for Financial Professionals Payments Fraud and Control Survey Report.

While that figure is down from 80% in 2023, the improvement has been modest at best. With more than three‑fourths of organizations still reporting payments fraud, the threat remains widespread, reinforcing the need for continued diligence and preventive measures to help treasury and finance professionals mitigate business interruptions and financial losses.

So, what’s the best way to prevent payments fraud?

“Payments fraud prevention starts with understanding your vulnerabilities and implementing strong controls,” says Dan Kautz, vice president in Treasury and Payments Solutions at U.S. Bank. “Know your organization’s vulnerabilities and prepare for attacks,because criminals will take advantage of your weaknesses regardless of the amount of money in your accounts.”

Those weaknesses can include a lack of IT infrastructure, smaller staffs and fewer controls — all of which attract cybercriminals. At the same time, fraud tactics continue to evolve, with business email compromise (BEC) becoming an increasing threat: 74% of organizations experienced BEC in 2025, up sharply from 63% a year earlier. 

Payments fraud remains persistent

After a steady decline from 2018 to 2022, the number of organizations that experienced attempted or actual payments fraud rose to 80% in 2023, just shy of the survey’s previous high mark of 82% in 2018. The number of organizations attacked in 2025 remained elevated at 76%.

The rise of business email compromise

The most troubling payments fraud trend may be the rise in imposter fraud, notably business email compromise (BEC). According to the AFP survey, 74% of organizations experienced BEC in 2025.

“These are legitimate payments, and that makes them very difficult to detect,” Kautz says of BEC attacks, wherein criminals persuade employees to initiate wire, check or credit card payments by sending fraudulent emails.

The emails appear to be from genuine customers, vendors or executives. They may ask for bank account numbers or routing codes. They can also include requests for personally identifiable information (PII) or employee Wage and Tax Statement (W-2) forms.

Notably, enterprises with at least $1 billion in annual revenue were slightly more susceptible to BEC scams in 2025, according to the annual payment fraud trends survey.

Understanding the latest payment fraud trends: BEC scams continue to evolve

Criminals continue to harvest personally identifiable information through the web and social media and use it to execute sophisticated BEC scams. They pose as trusted executives or vendors to either initiate unauthorized payments or change payment information to intercept disbursements.

BEC often involves spoof emails designed to trick users into thinking they are interacting with a trusted source.

The AFP survey reported that sophisticated BEC tactics like vendor impersonation are rising, while there has been a slight decline in more traditional BEC scams such as those involving fake emails purporting to be from senior company executives. AFP says the “change in tactics is likely due to organizations’ growing awareness of such ‘classic’ BEC attempts.”

Educating employees on the threat of BEC and training them to identify spear phishing attempts is important to controlling BEC.  
 

Checks remain primary target

Although businesses operate in a digital world, checks remain the primary payments fraud target. Their prevalence and technological advancements have made it easier to create more convincing forgeries. Still, 87% of the organizations surveyed continue to use paper checks for some payments – including 68% for vendor payments.

With such widespread use, it’s not surprising that more than half (58%) of the organizations experienced attempted and/or actual payments fraud with checks. Paper checks remain especially vulnerable for criminals to steal them, alter payee names or amounts, and then endorse and deposit them into accounts they created. In the survey, nearly one-quarter of organizations reported check fraud resulting from mailbox thefts.

Fraud attacks on checks dramatically outpaced other types of payments fraud attempts. Here are the percentages of survey respondents reporting attempts or actual fraud by various payment types:

• Checks – 58%
• ACH debits – 30%
• Wire transfers – 25%
• Corporate/commercial credit cards – 21%
• ACH credits – 18% 

According to the survey, wire transfers accounted for 49% of fraud methods used in BEC attacks, followed by ACH debits at 34% and checks at 33%.. 
 

How to prevent payments fraud in your organization

Staying informed about payment fraud trends is essential to protecting your organization. Banks have vast experience fighting payments fraud, which often makes them a secure and trusted resource for guidance and mitigation advice following an attack.

At U.S. Bank, Kautz recommends that your organization take the following payments fraud prevention steps:

• Provide comprehensive training: All employees should receive training to help them identify and respond to potential attacks.
• Institute physical, digital and procedural controls: Require the use of dual approval for all payments. Establish a dedicated workstation through which all payments must be executed and limit employee access to personal email, which will limit your organization’s exposure to potential threats.
• Promote mindfulness: Executives should empower and encourage employees to think carefully, ask questions and verify, before executing transactions.
• Share personal information sparingly: Executives should avoid sharing biographical and direct contact information online, where cybercriminals can harvest it for use in BEC attacks.

“Companies hear about fraud in the news, but they think it won’t happen to them,” Kautz says. “That couldn’t be further from the truth. All it takes is one bad email or one wrong click.”

Wondering how to prevent b2b payment fraud?

Don’t wait until your organization experiences a fraud attempt. Take time now to search for gaps in your payments fraud prevention program. Our fraud prevention checklist and tips to reduce corporate payments fraud can help.

U.S. Bank is committed to helping you meet your treasury management needs, including fraud prevention. To learn more, contact a U.S. Bank relationship manager or treasury management consultant.