Fraud Is No Longer Breaking Your Process, It’s Using It
If a fraudulent payment left your organization today, would you know exactly how it happened?
Published on
Modern AP fraud often looks like ordinary business until the payment is gone.
If a fraudulent payment left your organization today, would you know exactly how it happened?
Or would you find yourself retracing steps, digging through emails, and trying to reconstruct a process that looked perfectly normal until the money was gone?
That question came up during a recent IOFM webinar on fraud-proofing Accounts Payable, and it stuck with me. Because it gets to the heart of what’s changed.
Fraud isn’t what it used to be.
It’s not sloppy emails. It’s not obvious red flags. It’s not the “Nigerian prince” anymore.
Today’s fraud is clean. Timed well. Often AI-assisted. And most importantly, it flows through your process instead of breaking it.
Data Snapshot
Recent data helps explain why this issue feels so urgent right now.
- According to AFP, 79% of organizations reported attempted or actual payments fraud in 2024.
- AFP also found that 63% of respondents identified business email compromise as the number one avenue for fraud attempts.
- The FBI’s IC3 reported 21,442 BEC complaints in 2024, with adjusted losses of more than $2.7 billion.
- FinCEN has continued warning about mail theft-related check fraud, reinforcing that paper checks still carry outsized risk.
The Uncomfortable Truth About AP Fraud
Here’s the reality:
Most AP teams already have controls. Policies. Procedures. Approval workflows.
And yet, fraud is still getting through.
Why?
Because those controls were built for a different era.
Today, fraudsters don’t need to hack your systems. They just need to trick your people.
- Impersonate vendors
- Submit fake bank account change requests
- Intercept emails
- Send invoices that look almost identical to real ones
And they do it at exactly the right moment.
That’s the key. Timing.
Fraud today is not random. It’s strategic.
What This Looks Like in Real Life
A payment fraud attempt does not always arrive looking suspicious.
- A vendor email arrives with “updated remittance instructions.”
- The logo looks right, the tone sounds normal, and the invoice amount feels believable.
- The timing creates pressure because the payment run is approaching.
- Someone makes the change because it fits the normal workflow.
- The process works exactly as designed, but the money goes to the wrong account.
That is why modern AP fraud is so dangerous. It often succeeds by looking routine.
Where AP Is Most Exposed
The biggest risks in AP are not always where we think.
1. Email
Email is still the backbone of AP communication. It is also one of the least secure channels.
2. Paper Checks
Checks remain one of the largest sources of fraud losses. They can be intercepted, altered, or stolen.
3. Manual Processes
Any process that depends on someone “just catching something” introduces risk.
4. Bank Account Changes
One of the fastest-growing fraud vectors, often still verified manually.
Why This Matters Now
This is also happening while the payments environment is tightening its expectations around fraud control.
Nacha’s fraud monitoring rule changes began Phase 1 on March 20, 2026 for large originators and third parties, with Phase 2 scheduled for June 22, 2026 for all other covered parties. That does not solve AP fraud by itself, but it does reinforce a larger point: payment risk management is becoming more structured, more visible, and harder to treat as an afterthought.
The Shift AP Needs to Make
The biggest takeaway is this:
Fraud prevention is no longer about being more careful.
It’s about being more structured.
1. Train Continuously, Not Once
Fraud evolves constantly. Training must be ongoing, practical, and relevant.
2. Reduce Trust, Increase Verification
Every change, especially bank account updates, should be independently verified.
3. Automate Where It Matters
Automation is not just about efficiency. It strengthens control.
- Flag unusual invoice patterns
- Detect duplicate submissions
- Identify abnormal payment amounts
- Support stronger audit trails and cleaner approval workflows
4. Move Away from Paper
Electronic payments significantly reduce fraud exposure.
Virtual cards are especially effective because they are:
- Single-use
- Amount-specific
- Vendor-specific
That does not mean every supplier will accept them. But it does mean AP leaders should be looking harder at where checks still remain and asking whether those payment types are creating avoidable exposure.
AP Fraud Pressure Test
If you want a quick gut check, start here:
- Are vendor bank changes independently verified outside email?
- Are paper checks limited and protected by positive pay?
- Are unusual or duplicate invoices automatically flagged?
- Are approval and payment functions separated?
- Is fraud training recurring instead of one-time?
If several of those answers are “no,” your AP process may be relying more on trust than structure.
Final Thought
Accounts Payable is no longer just a processing function.
It is a control function.
It sits at the intersection of cash, vendors, and execution, which makes it one of the most targeted areas in any organization.
The companies that recognize this shift will adapt.
The ones that don’t will eventually learn the hard way.
Questions for AP Leaders
Now I’d like to hear from you:
What do you believe is the single biggest fraud risk in your AP process right now?
And if a suspicious payment request landed in your inbox today, would your current process catch it, or would it let it pass through?
|
Robert Ruhno
Executive Director APPG 
|
🟥
LinkedIn
🟧
X
⏹️
Facebook
🟨
Instagram
|
