Fraudsters are relentless in their schemes to target businesses and exploit their cyber vulnerabilities. The best way to prevent fraud is to prepare for it. Here’s how.
In the digital age, a cyberattack is like a natural disaster – a persistent and unpredictable threat. Nearly two-thirds of U.S. organizations were targets of payments fraud in 2022, according to the 2023 Association for Financial Professionals (AFP) Payments Fraud Survey Report.
Targeting is down from 71% in 2021 and its peak in 2018, when 82% of surveyed businesses said they were victimized by some form of payments fraud. Increased diligence and preventative measures are having some success. But complacency is not an option for treasury and finance professionals if they want to stay ahead of fraudsters to mitigate business interruptions and financial losses.
What’s the best way to prevent getting scammed by payments fraud?
“Know your organization’s vulnerabilities and prepare for attacks,” says Dan Kautz , vice president Global Treasury Management at U.S. Bank. “Criminals will take advantage of your weaknesses regardless of the amount of money in your accounts.”
Those weaknesses include a lack of IT infrastructure, smaller staffs and fewer controls – all of which attract cybercriminals. Criminals’ tactics constantly evolve, and business email compromise (BEC) remains the most dangerous threat, with 71% of organizations having experienced it in 2022.
Payments fraud decreases overall, but most businesses still face attacks
After a steady increase from 2013 to 2018, the number of organizations that experienced attempted or actual payments fraud fell to 65% in 2022. While that is the smallest percentage since 2014, a significant majority of companies continue to be impacted.

The persistent realities of BEC
Fifty-three percent of all payments fraud was because of BEC, according to the survey.
“These are legitimate payments, and that makes them very difficult to detect,” Kautz says of BEC attacks, wherein criminals persuade employees to initiate wire, check or credit card payments by sending fraudulent emails.
The emails appear to be from genuine customers, vendors or executives. They may ask for bank account numbers or routing codes. They can also include requests for personally identifiable information (PII) or Wage and Tax Statement (W-2) forms for employees.
Enterprises with at least $1 billion in annual revenue were more susceptible to BEC scams, according to the survey. Companies with less than $1 billion in annual revenue were more likely to be defrauded by individuals outside their organizations.
The greater threat to those organizations comes from the theft of personal and confidential information. Damages from these thefts can be difficult to measure, ranging from financial penalties to legal and regulatory actions.