AP Fraud Playbook

 

AP Fraud Playbook: How to Identify and Mitigate Risks in Your Accounts Payable Process

AP fraud often hides in plain sight. If your team struggles to spot invoice fraud red flags or tighten vendor master controls, you’re not alone, and there’s a way forward. This playbook breaks down practical steps to spot risks, strengthen your payment approval workflow, and build fraud prevention into your daily routine.

Reality check: In the 2025 AFP Payments Fraud and Control Survey, 79% of organizations reported attempted or actual payments fraud in 2024, and only 22% recovered 75% or more of the funds lost. (Source: AFP press release)

Let’s get your controls working smarter, not harder.

Identifying AP Fraud Risks

Understanding the risks in accounts payable is crucial to protecting your organization. Recognizing common fraud schemes is the first step toward a stronger defense.

Common Fraud Schemes and Red Flags

Many fraud schemes can target your accounts payable process. Fake invoices, altered payment details, and duplicate payments are a few examples. Unusual vendor requests for changes in payment details or last-minute invoice submissions can signal fraud. Be especially cautious with vendors you’ve never heard of, and verify vendor details using independent sources.

High-signal red flags experienced AP teams watch for:

• Invoice amounts that repeatedly land just under an approval threshold.
• Round-dollar invoices (for example, $5,000 or $10,000) with vague descriptions.
• Vendor address is a P.O. box only, a residential address, or matches an employee address.
• A sudden spike in payments to one vendor without a matching increase in POs, receipts, or volume.
• Bank account or remit-to changes paired with urgency (“pay today” or “we’ll stop service”).
• Sequential invoice numbers with gaps, duplicates, or “too perfect” patterns.
• Multiple vendor records sharing the same bank account, email domain, phone, or tax ID.
• Unusual timing (late night approvals, weekend changes, or rush payments right before month-end).

Business Email Compromise (BEC): The Payment Change Trap

One of the most common real-world fraud scenarios is an email that looks like it came from a vendor, your CFO, or a senior leader asking for a bank change or a rush payment. The message is often calm, plausible, and urgent.

Example (what it can look like):
“Hi AP Team, we updated our banking details. Please send today’s payment to the new account below. We’re trying to avoid a service interruption.”

Controls that stop BEC cold:

• Out-of-band verification for any bank change or high-risk payment (call a known number on file, use a vendor portal, or a documented ticket).
• Dual approval for vendor master changes, separate from invoice approval.
• Payment holds for banking changes until verification is completed and documented.
• Clear escalation path: AP should feel supported when they slow down a “rush” request.

Vendor Onboarding Best Practices

Proper vendor onboarding is essential in preventing fraud. Start by verifying each vendor’s information thoroughly. Use a checklist to ensure every required document is reviewed. Cross-check vendor addresses and banking details with official records, and require dual approval for any changes to vendor information.

Practical vendor onboarding checklist (one-page version):

• Validate legal name, tax ID, and address against authoritative sources (not only what the vendor emails you).
• Verify banking changes out-of-band (call a known phone number on file, not a number from the request).
• Require role-based approvals for new vendor setup and for vendor maintenance (separate from invoice entry).
• Block “free email” domains for banking changes unless reviewed (for example, Gmail or Yahoo) when policy allows.
• Log every change to vendor master data and review a weekly change report.

Invoice Fraud Red Flags

Invoice fraud can go unnoticed if not properly managed. Look out for invoices that lack detail or contain vague descriptions. Comparing invoices to purchase orders and delivery receipts can help verify authenticity. Also, watch for duplicates that can lead to double payments, especially when vendors submit “revised” invoices.

Quick invoice checks that catch real-world fraud:

• Same invoice number, same amount, or same remit-to across multiple submissions.
• Mismatch between vendor name and remit-to entity (or slight name changes that look intentional).
• Service invoices without dates, scope, rate detail, or an internal requester.
• First-time vendor invoices that bypass the normal PO process.
• Invoices that reference a PO you cannot find in your system.

Strengthening AP Controls

Once you know the risks, it’s time to fortify your controls. This section covers key practices to bolster your AP defenses.

Segregation of Duties Importance

Segregation of duties is a cornerstone of strong internal controls. It ensures no single person handles all aspects of a transaction. This division reduces the risk of fraud and errors. For example, the person authorizing payments should not be the person processing them. Regularly review your workflows to confirm duties are appropriately divided, and document any necessary exceptions.

Three-Way Match and Positive Pay

The three-way match compares the invoice, purchase order, and receiving report before payment. It helps prevent paying for goods not received and exposes pricing and quantity mismatches. Positive Pay is a bank service for check payments where your issued-check file is matched against checks presented for payment. Many banks also offer Payee Positive Pay, which helps confirm the payee name. If your organization relies on ACH or wires, ask your bank what verification and fraud-control options they offer for electronic payments.

Vendor Master Controls and Duplicate Detection

Maintaining accurate vendor master data is crucial. It helps prevent duplicate payments and unauthorized changes. Regular audits of vendor information can identify inconsistencies. Use automated checks to detect duplicates and flag unusual edits (like bank changes, address changes, or email changes). A clean vendor master reduces fraud risk and improves AP efficiency.

Leveraging Technology and Training

Technology and training are powerful allies in the fight against fraud. They equip your team with tools and habits that reduce risk every week, not just after something goes wrong.

AI Fraud Detection in AP

Artificial Intelligence (AI) can strengthen fraud detection, but it works best as an added layer on top of strong core controls (segregation of duties, approvals, and three-way match). In practice, AI tools help by finding patterns humans miss at scale.

Where AI and automation usually add value first:

• Duplicate detection beyond invoice number (same amount, same date range, similar descriptions, or same bank account across vendors).
• Anomaly alerts (unusual payment timing, sudden vendor spend spikes, new payees, unusual approver behavior).
• Vendor master monitoring (bank changes, address changes, email changes, and “near-duplicate” vendor records).
• Exception routing (sending high-risk invoices to a higher approval tier or a second reviewer).

Phishing Drills and Culture Building

Phishing scams are a common entry point for fraud. Regular phishing drills can train your team to recognize and avoid these threats. Culture matters just as much: encourage quick escalation, reward caution, and treat “slow down and verify” as good performance.

Continuous Monitoring and KPIs

Continuous monitoring of transactions is essential. Set key performance indicators (KPIs) that reflect both control coverage and control quality. Review them regularly to spot drift before a fraud event forces a reset.

Simple KPI dashboard ideas that AP leaders actually use:

• % of spend and invoices processed with three-way match (where applicable).
• Vendor master change volume per week (and % with dual approval and documented verification).
• Duplicate payment rate (confirmed duplicates per 1,000 invoices).
• Rush payments as a % of total payments (and how often the rush bypassed standard workflow).
• Exception queue aging (how long high-risk items sit before review).

60-Second AP Fraud Self-Assessment

Answer these quickly. If you have two or more “no” answers, your fraud risk is likely higher than you think.

• Do we require out-of-band verification for all vendor bank changes?
• Is vendor master maintenance separated from invoice entry and payment release?
• Can we produce a weekly vendor change report, and does someone review it?
• Do we have strong duplicate detection beyond invoice number only?
• Do “rush” payments still follow a documented workflow with approvals and evidence?

The AP fraud landscape is challenging, but with the right strategies, you can protect your organization from potential losses. Proactive controls, consistent monitoring, and a culture that supports verification can prevent expensive mistakes.

Want a quick AP fraud controls review?

If you want a second set of eyes on your AP workflow (vendor changes, approvals, duplicate detection, and payment controls), book a short call and I’ll help you map the biggest risks and the fastest fixes.

Book a call

---

Robert Ruhno Executive Director APPG

🟥 LinkedIn 🟧 X Twitter ⏹️ Facebook 🟨 Instagram

Back to top ↑

Quantum-Era Cybersecurity & AP

How Quantum-Era Cybersecurity Could Affect Accounts Payable

In a February 2026 blog post, Google warned that advances in quantum computing pose a serious and accelerating cybersecurity challenge for businesses. While quantum computers are still developing, their impact could eventually reach everyday business functions, including Accounts Payable.

Accounts Payable teams manage highly sensitive data such as invoices, vendor bank details, payment approvals, tax records, and contract files. Today, this information is protected using encryption. The concern is that powerful quantum computers could eventually break common asymmetric encryption methods like RSA and ECC. These methods are widely used for secure logins, digital signatures on invoices, and payment instructions. Symmetric encryption, such as AES, is expected to remain more secure, but many AP workflows still rely on systems that could become vulnerable.

One major risk is known as “store now, decrypt later.” Attackers can steal encrypted data today and save it. Years from now, possibly in the 2030s, they could decrypt it using quantum technology. For AP teams, this could expose decades of vendor payment history, tax records, and contracts. Since many financial records must be retained for seven to ten years or longer, this creates long-term fraud, audit, and regulatory risks.

There is also a trust concern. AP systems depend on digital signatures and secure portals to confirm that invoices and vendor bank changes are legitimate. If those protections weaken, fraud tactics like fake vendor updates and business email compromise could become easier.

AP teams do not need to panic or replace systems overnight. However, now is the time to plan. AP leaders should work with IT to map where encryption is used, ask vendors about post-quantum security plans, and prioritize flexibility in future system upgrades.

By acting deliberately now, Accounts Payable teams can safeguard financial integrity, preserve stakeholder trust, and position their organizations ahead of inevitable security and regulatory shifts toward quantum-safe standards.

Further Reading

For more on quantum-era cybersecurity and its implications for finance and payments:

Google's February 2026 warning: "The quantum era is coming. Are we ready to secure it?" by Kent Walker and Hartmut Neven.

Federal Reserve analysis: "Harvest Now, Decrypt Later": Examining Post-Quantum Cryptography and the Data Privacy Risks for Distributed Ledger Networks (September 2025).

Nacha report: Protecting Payments in the Quantum Era: What You Need to Know (Payments Innovation Alliance publication).

AI Generated Receipts

Don’t Ignore the Threat: AI-Generated Receipts and the AP Control Gap

As accounts payable professionals, we’ve long known that fraud is a rising risk in AP and expenses. What’s new, and alarming, is how generative artificial intelligence (AI) is fundamentally shifting the risk landscape. What used to require photo-editing skill or insider access now takes seconds with text prompts. In many cases, fraudulent expenses can now pass through reimbursement before anyone has time to look closely. That raises a serious question: is your AP and expense control environment keeping up?

What’s happening now

• According to vendor-reported data from AppZen, AI-generated receipts represented approximately 14% of detected fraudulent documents processed on its platform in September 2025, up from near zero the year prior. [2]
• Surveys show that nearly 70% of CFOs believe it is likely, or already confirmed, that employees are using AI tools to falsify travel and expense receipts. [3]
• Third-party AP and expense platforms report flagging over US$1 million in suspected fraudulent invoices and expenses in a 90-day period using AI-enabled detection systems during late-2025 pilot deployments. [4]

These figures are being reported by vendors operating at scale, processing millions of expense and invoice submissions annually, which provides early visibility into AI-driven fraud patterns before they appear in traditional loss statistics.

What’s striking is the low barrier to entry. No advanced Photoshop skills are required anymore. A user can prompt a generative-AI model (such as those from OpenAI or Google LLC) to output a receipt image with realistic textures, logos, timestamps, and even signatures. [7]

Why this matters for AP teams

Here are some of the direct implications for AP and expense processes:

• Traditional receipt review based on visual inspection alone is increasingly unreliable. As one controls leader put it, “Do not trust your eyes.” [8]
• Expense reimbursement processes sit squarely within AP or AP-adjacent workflows. Fraud here translates into direct financial losses, audit findings, and internal control failures.
• The growing sophistication of fake receipts elevates regulatory, tax, and compliance risk, including false business-expense reporting, improper tax deductions, and policy violations.
• As AP teams migrate toward automation and digital workflows, the attack surface expands. More electronic submissions, remote approvals, and faster processing can reduce time available for manual controls.
• For APPG members advising or operating in mid-market firms (10–30+ invoice or expense submissions per month), the assumption that small size equals low risk no longer holds. AI-enabled fraud scales quickly and cheaply.

It is also important to note that AI-detection tools are not perfect. Screenshots can strip metadata, some generators leave fewer artifacts, and human judgment still plays a role. Effective defense increasingly requires a hybrid approach combining technology, analytics, and informed review.

Key control gaps AP teams should assess today

Here are control areas AP leaders should audit or strengthen:

Control Area	Risk Gap	Remediation Focus
Receipt and image verification	Visual inspection only; no metadata or image-artifact checks	Use software that analyzes image metadata and pixel-level artifacts to flag suspicious patterns. [9]
Expense submission workflows	Delayed submission and weak policy enforcement	Require receipt upload at time of expense, enforce corporate card usage, and restrict cash reimbursements.
Approval and vendor verification	Approvers lack vendor familiarity; fictitious vendors go unnoticed	Strengthen vendor master controls, review high-frequency expense vendors, and monitor items outside normal patterns.
Data analytics and monitoring	Spot audits only; anomalies remain undetected	Implement analytics to flag repeated vendors, out-of-band amounts, rapid post-trip submissions, and shared image metadata.
Audit and detective controls	Fraud discovered after reimbursement	Deploy real-time alerts alongside retroactive sampling and integrate findings with AP and risk teams.

What AP teams can do now (90-day action plan)

Here is a practical action plan AP leaders can execute in the next 90 days:

1. Schedule a focused control-risk review addressing AI-generated receipts and document authenticity within the AP and expense framework.
2. Inventory expense submission channels, including paper versus digital, number of reviewers, and payment methods such as corporate cards, P-cards, or personal reimbursements.
3. Evaluate AI-detection or image-artifact analysis capabilities now available in many AP and expense platforms. [10]
4. Update expense and vendor policies to reinforce receipt requirements, defined submission time windows, corporate card usage, and random audits of high-risk claims.
5. Build analytics dashboards to monitor unusual patterns such as frequent small vendors, clustered submissions, or receipts sharing similar metadata or image characteristics.
6. Communicate clearly with AP teams and business units that AI-driven document fraud is a priority risk area for FY26, and that approvers are a critical part of the control environment.
7. Conduct a retrospective audit focused on high-risk expense categories, such as cash reimbursements, repeat vendors, and frequent low-dollar claims, rather than attempting a full historical review.

Why this matters for APPG members

For professionals working in accounts payable and expense management, this issue touches core APPG themes: process integrity, risk management, automation, and advisory value for internal stakeholders and clients.

As generative AI continues to improve in realism and accessibility through 2026 and beyond, staying reactive is no longer enough. Proactively strengthening AP controls around document authenticity is quickly becoming a core competency for modern AP teams.

Discussion prompt for the APPG community

Let’s turn this into a practical discussion. I invite APPG members to respond:

• When was the last time your organization reviewed its expense-reimbursement controls specifically for fraud and document authenticity?
• Do you currently use any tool or process to detect AI-generated or manipulated receipt images? If yes, what works; if not, what is the barrier?
• What is the biggest manual bottleneck in your expense workflow, and how might it be increasing fraud risk?

If you would like to help build an APPG peer checklist or benchmark on AP and expense fraud controls, reply below or send me a DM and we will organize a short member survey.

Thanks for reading. Let’s stay ahead of the fraud curve and continue elevating the strategic value of AP.

💡 Support Our Community:
Our sponsor helps AP teams reduce errors and speed approvals (fewer late fees and happier vendors).

Want tailored guidance on AP automation and vendor spotlights? Book a 15 minute chat

---

Robert Ruhno Director Accounts Payable Professionals Group

🟥 LinkedIn 🟧 X (formerly Twitter) ⏹️ Facebook 🟨 Instagram

Back to top ↑

PEPPOL Intro

PEPPOL, a simple introduction for Accounts Payable professionals

A 5-minute, plain-English guide for AP teams who are hearing “PEPPOL” for the first time.

PEPPOL is a global network that lets companies and governments send electronic invoices and other business documents in a standard, secure way. Instead of emailing PDFs, PEPPOL sends structured data directly from one system to another. This reduces errors, speeds up processing, and makes automation easier.

A brief history

PEPPOL was launched in 2008 as a project funded by the European Commission. Its goal was to help businesses send invoices to government agencies across Europe. In 2012, governance moved to OpenPeppol, and the network expanded globally. Today, PEPPOL is used in many regions and is no longer limited to Europe.

Where PEPPOL is required vs. growing

Most mandates began with government invoicing (B2G), but business-to-business rules (B2B) are expanding.

Country	Status	Notes
Italy	Mandated	Required for most B2G and B2B invoices
Belgium	Mandated	B2B mandatory as of Jan 1, 2026 (3-month tolerance for good-faith efforts such as connecting to PEPPOL)
Singapore	Mandated	National e-invoicing mandate using PEPPOL
Norway	Mandated	Strong public sector mandate
Denmark	Mandated	Public sector required
Finland	Mandated	Public sector required
Sweden	Mandated	Public sector required
Australia	Mandated	Government suppliers increasingly required
New Zealand	Mandated	Government suppliers increasingly required
Germany	Phasing in	B2B receipt mandatory; issuance phased 2027 to 2028
Netherlands	Voluntary	Strongly recommended for public sector
United Kingdom	Voluntary	No broad mandate
Japan	Limited	Small-scale use
United States	Very limited	No federal mandate

Will PEPPOL be used in the United States?

PEPPOL could grow in the US because many companies work globally and want one invoicing standard. It also helps reduce fraud and manual work. However, there is no federal e-invoicing mandate, and sales tax rules vary by state. Adoption today is voluntary, with pilot programs and industry efforts such as the Business Payments Coalition exploring standardized B2B exchange models inspired by PEPPOL.

Why this matters

Most US AP teams do not use PEPPOL today. Still, it is becoming part of global AP conversations. PEPPOL also supports more than invoices, including orders and other purchase-to-pay documents. Understanding the basics now helps AP professionals stay prepared as invoicing standards continue to evolve.

Quick question: Have you ever received a PEPPOL invoice, or is this brand new to you?

Last updated: January 2026. PEPPOL requirements change frequently. Always check official country guidance.

Accounts Payable Operations

How Big Can an Accounts Payable Department Really Get?

APPG research note (updated January 2026)

Accounts Payable is often described as a “back-office” function, but at scale, it becomes a major operational engine. This article examines what the largest Accounts Payable departments in the United States actually look like today, using conservative, defensible benchmarks rather than inflated estimates or guesswork.

First, let’s define scope (this matters)

For clarity, “Accounts Payable” in this article refers to:
Vendor invoice processing, supplier payments, AP help desk activity, and exception handling.

It does not include:
Procurement, payroll, insurance claims, customer refunds, treasury investing, or benefits administration, unless explicitly stated.

Many published headcount estimates become misleading because they quietly expand the definition of AP. The ranges below intentionally stay narrow and conservative.

Executive handout (PDF)

Forwardable, executive-safe summary of the definitions and benchmarks used in this article.

• Clear scope definition (what counts as AP)
• Realistic staffing ranges (modern in-house teams)
• Quick explanation of why estimates vary

PDF (short), no signup.

View the Executive FAQ (PDF)

So, how big is the biggest Accounts Payable department?

Based on AP benchmarking data, shared services research, and observed operating models, the largest modern, in-house Accounts Payable organizations in U.S.-based companies typically fall within this range:

Practical upper range (modern enterprises):
500 to 1,200 Accounts Payable full-time equivalents (FTEs)

In rare cases with unusually high invoice complexity or limited automation, totals may approach about 2,000 FTEs, but this is not typical.

Why do Accounts Payable headcounts vary so much?

• Invoice volume: Millions of invoices per year require scale, even with automation.
• Invoice complexity: Services, partial shipments, and multi-PO invoices increase manual work.
• Automation maturity: Best-in-class teams process 25,000 to 30,000 invoices per FTE.
• Centralization model: Shared services are often 30 to 40% more efficient.
• Scope definition: What counts as “AP” varies widely between organizations.

Sources and methodology

This article synthesizes publicly available benchmarking data, industry research, and practitioner insights, including commonly referenced metrics from APQC and IOFM related to invoices per FTE, staffing efficiency, cost per invoice, and automation maturity. Ranges reflect practical operating models rather than theoretical maximums.

Accounts Payable Around the World

APPG Quick Read

Accounts Payable Around the World (Same Job, Different Words)

AP is global. The invoices change, currencies change, even the tools change, but the mission stays the same: keep vendors paid and the business moving. What’s fun is what AP is called in different places.

One function, many names

Work in Accounts Payable long enough and you’ll notice a pattern: different languages describe AP in slightly different ways. Some emphasize “accounts.” Others emphasize “suppliers.” A few go straight to “money we owe,” which feels extremely AP.

A quick world tour

In Spanish and Portuguese, it’s refreshingly direct (literally “accounts to pay”). In French and Italian, the focus shifts to the vendor or supplier. German takes the scenic route with a longer phrase that reads like “liabilities from deliveries and services” (no shortcuts, just precision). Head north and you’ll see the “supplier debt” theme across the Nordics. In many Asian languages, the meaning lands close to “accounts that should be paid” or “purchase liabilities.”

Different words, same responsibility: trust, timing, accuracy, and strong vendor relationships.

Common translations for “Accounts Payable”

Note: These are common business and accounting terms, not just literal translations.

Language	Common term
Spanish	Cuentas por pagar
French	Comptes fournisseurs
German	Verbindlichkeiten aus Lieferungen und Leistungen (often shortened to Verbindlichkeiten)
Italian	Conti fornitori
Portuguese (Brazil / Portugal)	Contas a pagar
Dutch	Crediteuren
Swedish	Leverantörsskulder
Norwegian	Leverandørgjeld
Danish	Leverandørgæld
Finnish	Ostovelat
Polish	Zobowiązania handlowe
Czech	Závazky vůči dodavatelům
Hungarian	Szállítói kötelezettségek
Romanian	Datorii către furnizori
Greek	Υποχρεώσεις προς προμηθευτές
Russian	Кредиторская задолженность
Ukrainian	Кредиторська заборгованість
Turkish	Borç hesapları
Arabic	الحسابات الدائنة
Hebrew	ספקים / חשבונות לתשלום
Hindi	देय खाते
Chinese (Simplified)	应付账款
Chinese (Traditional)	應付帳款
Japanese	買掛金
Korean	매입채무
Thai	เจ้าหนี้การค้า
Vietnamese	Phải trả người bán
Indonesian	Utang usaha

What this tells us about AP

• Supplier-first language: Many regions talk about the vendor or supplier first (because that’s who feels the impact).
• Debt and obligations: Plenty of translations highlight “liability” or “debt,” which is the accounting reality.
• Action-oriented: Some versions basically say “what must be paid,” which is the most honest definition of AP on earth.

Quick question for the APPG community:

If you’ve worked with international teams or global vendors, what’s the biggest communication challenge you’ve run into (terms, payment methods, tax forms, time zones, something else)?

Visit AP-Professionals.com

AI Invoice Scams

Image by DC Studio / Freepik

AI Is Making Invoice Scams Smarter: How AP Teams Can Stay Ahead

AI has made fraud attempts look more legitimate, from convincing invoices to vendor email impersonation and urgency tactics that pressure AP teams to pay fast. The good news is that the strongest defenses are still practical and repeatable.

Why AI Has Supercharged Invoice Fraud

Business email compromise (BEC) remains one of the most costly fraud patterns for organizations, and AI lowers the effort it takes to imitate vendor language, fabricate documents, and tailor messages to your process.

How to Protect Your AP Process

Start with these five controls:

1. Require two-person verification. One person enters, another approves. Make it standard, not optional.
2. Verify vendor changes using trusted contact information. Confirm banking or remit-to updates by calling or messaging the vendor using details already on file, not what appears in the request.
3. Create an “expected invoice” habit. Regular check-ins with purchasing and operations help you spot surprises early.
4. Slow down urgency. New email domains, odd tone, or “pay today” pressure should trigger a pause and verification.
5. Train like fraud evolves (because it does). Short refreshers beat annual once-and-done training.

A 3-Minute AP Fraud Self-Check

Use this quick checklist to spot gaps in your current process. If you hesitate on any item, it is worth tightening.

• Vendor changes: Do bank or remit-to updates require independent verification using previously saved contact details?
• Approvals: Are invoice entry and payment approval always handled by separate people, even under time pressure?
• Urgency signals: Does your team know to pause when emails push same-day payment, secrecy, or last-minute changes?
• Invoice quality: Would an AI-generated invoice blend in perfectly with your real ones today?
• Training cadence: Has your team discussed fraud scenarios within the last 90 days?

Tip: If you answered “not sure” to more than one item, that uncertainty is exactly what fraudsters exploit.

Looking Ahead

Finance teams are increasingly looking at AI for practical workflow automation and fraud detection, but strong controls and clean vendor data still do the heavy lifting.

Rule of thumb: When something feels off, verify first. Over-communicating is cheaper than cleaning up a bad payment.

Join the Accounts Payable Professionals Group

What fraud signal has your team seen most recently, vendor change requests, urgency pressure, or invoice formatting that looks “too perfect”?

Sources

• FBI: Business Email Compromise
• CFO.com: Payments fraud remains rampant
• CFO.com: Invoice fraud costs and deepfakes
• CFO.com: Gartner finance conference takeaways