Take Control of Your Payments and Curb Fraud

Over the past 12 months, payments fraud has been rampant as fraudsters take advantage of increased digitization of work, shopping and general operations and communications. The mental impact of economic uncertainty on consumers and businesses alike also heightens vulnerability of potential victims. Meanwhile, fraudsters’ use of artificial intelligence has allowed them to attack at a higher volume and increased sophistication.

While fraud attacks and attempts often take advantage of technology, the payments most vulnerable to fraud continue to be a more traditional method of payment: checks.

The Association for Financial Professionals® (AFP) recently published the 2024 AFP Payments Fraud and Control Survey Report, which examines the nature of fraud attacks on business-to-business transactions, the payment methods impacted, and the strategies organizations are adopting to protect themselves from those committing payments fraud.

The findings can help business owners and financial and accounting professionals:

  • Understand how to better protect incoming and outgoing payments from fraud
  • Glean insights into emerging and evolving fraud trends
  • Identify ways to partner with your bank’s treasury management department

Here are four key takeaways you can use to better protect your organization:

Amid an increasingly digital society, check fraud via mail theft has surged in recent years.

More than 20% of respondents report fraud due to interference with the United States Postal Service (USPS), which is 10% higher than the share reported in 2022. Despite alerts from the Financial Crimes Enforcement Network regarding increased fraud attempts via mail interception, more than 80% of respondents indicate their organizations still deliver checks via the USPS — without tracking.

These “brazen and successful attempts” at mail interception involve stealing mail from USPS mailboxes, the blue drop boxes found in residential neighborhoods, commercial main streets and in front of your local mini mall. Thieves may replicate the keys to these mailboxes to access the mail inside. In other instances, mail is fished out of the mailbox or stolen from a building’s mailroom. When mail contains a check, whether government, business or personal, the fraudster washes the check, a chemical process that removes ink, and alters the check amount and the name of the payee. Then, the fraudster endorses and deposits the stolen check into an account they are soon to close. In an organized scheme, they may hire individuals who fit an age, race or gender to make the physical trip into a bank to deposit a fraudulent check, taking on the risk of committing the crime.

Because this type of fraud attack is both low tech and low cost, it’s appealing to fraudsters.

Some businesses have moved away from issuing and accepting checks and instead are moving toward digital payments to utilize fraud prevention tools, consolidate systems and boost efficiency. Still, 70% of organizations that use checks plan to keep using checks, primarily because it is a requirement for many small businesses. Unfortunately, 65% of organizations reported being the subject of check fraud attempts or attacks in 2023. To boot, check fraud has consistently been the payment method most vulnerable to fraud since first surveyed 19 years ago.

To address check fraud, treasury and finance professionals implement internal controls on check payments, and can also take advantage of one of the most powerful tools to combat check fraud: positive pay. Payee positive pay is a check protection service from your bank’s treasury management department that deters fraud by matching the checks a company issues with those it presents for payment. It allows you to monitor checks processed for payment against your account and reject unauthorized transactions before losses occur. To learn about different types of positive pay solutions and read client stories about the impact of using positive pay on privately held businesses, download our Fraud Prevention and Detection Think Tank.

If your organization accepts multiple payment methods, you are vulnerable to multiple fraud methods — but there are ways to mitigate risk.

The higher volume of transactions coming into and out of your organization, the greater the opportunity for a fraudulent charge to slip by unnoticed.

The percentage of organizations that experienced payments fraud through corporate and commercial credit cards has fallen in the past year. In 2023, 20% of organizations were hit by card fraud, which is a significant decrease from the high 36% in 2022.

If you recently resumed more frequent use of corporate and commercial cards after potentially reducing spending and business travel during the pandemic, be sure to revisit your internal fraud prevention processes. With proper card use and reconciliation, turning to commercial credit card products not only for employee expenses but also to pay vendors and suppliers can be a solution to help simplify your payments with a single statement and improve cash flow while earning rewards and enjoy zero fraud liability through your card provider.

Also down a significant 11% is the share of businesses that reported ACH credit fraud. ACH payments are electronic payments made from one bank to another through the Automated Clearing House. ACH credit or debit payments are a common way for employers to push payroll out to employees, for example, and also a common way for businesses to send payments to other businesses and vendors.

Since ACH payments require a bank account number and routing number, this type of fraud is easily perpetrated once a fraudster gains access to this information through an email phishing scam or data breach.

Fraudsters continue to impersonate employees and vendors through sophisticated business email compromise schemes that are the root cause of most reported fraud cases. Learn how to detect BEC — and read one company’s experience with it — here.

You can mitigate the risk of these fraud attacks with ACH Positive Pay. Also known as ACH Debit Filter, this banking solution blocks or flags transactions that weren’t originated by an authorized vendor. This allows you to prevent fraudulent debits, and also allows you to approve exceptions.

The most likely to detect fraudulent activity on your accounts is your treasury, accounts payable or accounting department.

The quicker attempted or actual fraud is detected, the greater the chances of a recovery. If you suspect fraud, notify your bank right away.

Larger enterprises may have in-house fraud detection products and services, but if you don’t, your bank can help you set up the appropriate tools. Without these fraud detection tools, it sometimes takes weeks or months for organizations to discover they’ve been the victim of fraud.

A key part of detecting fraud is through internal controls and processes, like the payment approval and release process. Other tools and methods to help you discover fraud, according to the AFP survey, include the vendor or payee inquired about payment; positive pay; internal review; verbal verification; callbacks; reconciliation; and your banking partner’s fraud investigation. Specifically, finance or accounting team members should instill processes to verify the legitimacy of requests from vendors, trading partners and employees to change bank account information for an upcoming payment, as these may be fraudulent requests.

For these processes to be effective, it’s important that employees understand their roles in protecting your organization. For example, your bank’s transaction fraud monitoring service may verify the authenticity of a transaction via text, email or phone call. If the employee contacted doesn’t respond, your bank cannot complete the verification. Implementing systems to monitor credit card and check usage, reconcile statements periodically, and promptly close credit cards for terminated employees are other examples of aspects of a successful fraud prevention system.

Of the organizations that were victims of payments fraud in 2023, 30% were unsuccessful in recovering lost funds.

Although 41% of organizations were able to recoup 75% of funds they lost in 2023, the majority aren’t able to. The main reason for this is lack of detection tools, so when an accountant, controller, auditor or other internal team member discovers that fraud occurred, it’s too late to cancel a payment.

Not surprisingly, the organizations that are able to recover funds are typically those with greater revenue and higher volume of payment accounts, because they are better equipped to detect fraud early. Larger companies tend to have systems in place to help detect fraud and mitigate the risk and impact of fraud.


Businesses of all sizes can prioritize safeguarding your payments and accounts, and work with your bank’s treasury management department to instill tools to ensure you are taking preventive measures against fraud.