A staggering 79% of businesses reported they were victims of attempted or actual payment fraud attacks in 2024, according to the Association for Financial Professionals' (AFP) 2025 Payments Fraud and Control Survey Report. While 2024 saw a slight decrease from 80% in 2023, the continuing level of attacks demonstrates that criminals still find ways around many anti-fraud protections. The survey analyzes fraud attacks on business-to-business (B2B) transactions, identifies the most affected payment methods, and discusses how organizations can prevent payment fraud.
For valuable insights and expert perspectives on the report, we turned to Melissa Fellows, Senior Vice President – Managing Director of Treasury Management at First Business Bank. With over 20 years of experience helping businesses optimize cash flow and prevent payment fraud, Melissa offers her insights to help your business strengthen its payment fraud prevention efforts.
Payment Fraud Activity Remains High
The 2025 AFP survey report reveals that while payment fraud rates held steady, the tactics used by criminals continue to evolve. Checks remain the most-targeted payment method, with 63% of organizations experiencing attempted or actual fraud via checks. ACH debits followed at 38%, showing a five-percentage-point increase from 2023.
"Given their widespread use, check and ACH payments continue to be the most targeted for fraud attempts," said Melissa Fellows. "Their volume and frequency make them especially vulnerable."
Recovery rates for payment fraud losses shifted dramatically in 2024. Only 22% of organizations were able to recover 75% or more of funds lost due to payment fraud, a sharp decrease from 41% in 2023. However, the percentage of organizations unable to recover anything at all dropped to 20% from 30% the previous year. Treasury and Accounts Payable departments most often discover fraudulent activity first; however, it is not uncommon for a bank to notify a client of suspicious activity.
Business owners often think their company is either too large or too small to become a victim of payment fraud, but company size doesn't determine vulnerability.
"Everyone is vulnerable to payment fraud regardless of company size," Fellows said. "Accounts with larger transaction volumes tend to see fraudulent attempts more often because they have a lot more activity flowing in and out of their account. Every paper check has your bank routing number and account number printed on the bottom of it."
For accounts with high balances and low activity, monitoring is even more critical. "For low-volume accounts, we recommend clients set up transaction or balance alerts, this way they're notified when activity occurs and timing is critical," Fellows said. "It's very important to implement and actively leverage fraud tools available, and it's more cost-effective to have fraud tools on one account instead of five."
Mail Theft Creates New Vulnerabilities
A troubling trend emerged in 2024: 23% of survey participants experienced payment fraud through U.S. Postal Service interference, highlighting the continued vulnerability of mailed checks. Despite this risk, more than 75% of organizations report they still deliver checks through the mail without tracking information.
How Are Business Email Compromise Scams Shifting Tactics?
Business email compromise (BEC) remains the number one avenue for attempted and actual payment fraud, cited by 63% of respondents. However, the landscape of BEC attacks has evolved significantly.
Wire Transfers Reclaim the Top Spot
Wire transfers reclaimed their position as the payment method most frequently targeted by BEC scammers in 2024, reported by 63% of respondents—a dramatic increase from 39% in 2023. ACH credits, while still heavily targeted at 50%, dropped from their 2023 peak of 47%.
Criminals Change Their Approach
One significant shift involves the decline in "classic" BEC scams where fraudsters impersonate senior executives requesting fund transfers. This method declined to 49% in 2024 from 57% in 2023. Meanwhile, vendor impersonation surged to 45% from 34%, with fraudsters increasingly targeting third-party relationships rather than internal authority structures.
The consequences of successful BEC attacks extend beyond financial losses, sometimes including supply chain disruptions and data breaches. Using readily available generative artificial intelligence (AI), fraudsters employ increasingly sophisticated tactics, creating AI-generated emails with realistic scenarios to trick employees.
Fellows emphasizes the critical role of IT in preventing payment fraud. "The most underutilized method to prevent payment fraud is a comprehensive firewall, network, and anti-virus protection," Fellows said. "Protect your network and every piece of technology that you provide to your employees with access to company data."
Emerging Threats: Deep-Fake Technology
While still relatively rare, deep-fake fraud attempts increased to 5% of organizations in 2024 from just 1% in 2023. This trend suggests fraudsters are beginning to adopt more sophisticated AI technology to create convincing audio and video impersonations.
What Makes Check Payment Fraud So Persistent?
Despite ongoing digitization efforts, checks remain the payment method most susceptible to fraud. About 91% of survey participants report they currently use checks, and more than 75% have no plans to eliminate them within the next two years.
Organizations cite several barriers to eliminating checks:
- Working with smaller organizations (58% of respondents)
- General requirement for checks (52%)
- Refund processing needs (25%)
This reluctance to phase out checks leaves businesses vulnerable to payment fraud, particularly when they mail checks without tracking services.
Which Payment Fraud Preventions Work?
Preventing payment fraud requires a multi-faceted approach combining effective policies, strong security solutions, and comprehensive employee education. The AFP survey reveals that callbacks, dual control, senior management signoff, two-factor authentication, and fraud detection solutions create the most effective defense.
Effective Check Fraud Prevention
For organizations that continue using checks, our team recommends steps to prevent payment fraud by check, including Payee Positive Pay as the most effective control, with 97% of users rating it as effective or very effective.
"If you're writing checks, you should be using Payee Positive Pay," advises Fellows. "When we look across companies for the number of checks being written, check payment fraud prevention is still underutilized. To fully mitigate any risk of loss, we recommend a combination of Payee Positive Pay and frequent account reconciliation."
Daily reconciliation and internal processes follow closely, implemented by 90% of organizations and rated effective by 87% of users. When fraud is caught within the first 24 hours, organizations significantly reduce their risk of financial loss.
Comprehensive BEC Prevention Strategies
The most effective BEC prevention measures include:
- End-user education and training (implemented by 96% of organizations)
- Company policies for verifying changes to invoices and bank information (94%)
- Callback verification to authorized contacts (91%)
- Two-factor authentication for network access and payment initiation (92%)
However, the survey reveals that many organizations have not fully implemented their BEC prevention policies. Only 66% have fully implemented their policies and procedures, while others remain in documentation, review, or testing phases.
How Should Companies Prepare for Faster Payment Fraud Risks?
As real-time payment methods like FedNow get more popular, new fraud risks emerge. The 2025 AFP report shows that organizations remain concerned about increased fraud risk with faster payments, though specific data on real-time payment fraud attempts remains limited at 2% of organizations.
The challenge with faster payments lies in their irrevocable nature—once a transaction occurs, recovering funds becomes nearly impossible. This creates heightened vulnerability that could outweigh the convenience of instant transactions.
To prevent payment fraud while taking advantage of faster payments benefits, organizations should:
- Strengthen identity verification processes before sending payments
- Implement real-time transaction monitoring using AI and machine learning
- Establish clear procedures for fraud reporting and resolution
- Educate employees about fraud risks specific to faster payment methods
- Work closely with banking partners to implement appropriate safeguards
- Consider risk-based transaction limits and multi-factor authentication
How Employee Education Prevent Payment Fraud?
Education and awareness are foundational to preventing payment fraud across all payment methods. The survey shows that 96% of organizations have implemented end-user education and training programs, with 84% rating them as effective or very effective.
"You can't overcommunicate or have it on your employees' radar enough," Fellows said. "Constant reminders and sharing examples of actual attempts that come into your company are essential because fraud happens when you least expect it."
Rather than limiting training to specific departments, Fellows emphasizes the importance of company-wide awareness. "If there's attempted fraud, companies may feel like they need to keep messaging quiet internally, but really companies need to educate and create awareness to keep everyone vigilant."
Verification Remains Critical
Regardless of the payment method, verification processes provide the strongest defense against payment fraud. "When working with a client or a vendor and submitting a payment, make sure you know the request for payment is legitimate. That comes from out-of-band authentication through a phone call or text message," Fellows advises.
Organizations that implement callback verification to authorized contacts using phone numbers from their system of record report 91% effectiveness in preventing BEC attacks. This simple step can prevent many fraudulent payment requests from succeeding.
Key Takeaways for Payment Fraud Prevention
Payment fraud continues to evolve and grow more sophisticated, showing no signs of slowing down. As organizations adopt emerging payment technologies and faster payment methods, a strong, multi-layered fraud prevention strategy becomes absolutely necessary.
The 2025 AFP survey data reveals several critical trends: fraudsters are shifting tactics away from traditional executive impersonation toward vendor fraud, wire transfers have regained their position as the top BEC target, and new technologies like deep-fake media are beginning to emerge as fraud tools.
Fellows suggests business leaders prioritize comprehensive anti-fraud controls, ongoing employee education, and collaboration with experienced banking partners to prevent payment fraud at their companies. The combination of robust technology solutions, strong internal processes, and well-trained employees provides the best defense against an ever-evolving threat landscape. Last but certainly not least, replace paper with secure electronic transmission files of payment data to reduce human error and protect private account data.
Success in preventing payment fraud requires consistent vigilance, regular updates to security measures, and a willingness to adapt as fraudsters develop new tactics. Organizations that take a proactive, comprehensive approach to fraud prevention will be best positioned to protect their assets and maintain business continuity in an increasingly complex threat environment.