A Guide to Payment Fraud Detection and Prevention

As fraudulent schemes grow more complex and sophisticated, Accounts Payable (AP) departments continue to grapple with the rising threat of payment fraud.

During times like these, finance leaders must ensure that they are exhausting mitigation efforts and taking the necessary steps to increase security.

This guide explains the basics you should know about payment fraud, along with three tangible steps you can take to help your organization better mitigate the risk of payment fraud.

What is Payment Fraud?

Payment fraud is any type of false or illegal transaction completed by a cybercriminal. The perpetrator deprives the victim of funds, personal property, interest, or sensitive information via the Internet. Payment fraud comes in three forms: unauthorized transactions, lost or stolen items, and fake refund or return requests, including bounced checks.

According to the Association for Financial Professional Professionals 2022 Payments Fraud and Control Survey, 71% of organizations were victims of payment fraud attempts or attacks in 20212, costing businesses billions of dollars globally.

Fraud in the AP Department:

AP departments remain the function most susceptible to payment fraud in businesses across every size and industry. While no organization will ever be 100% immune to fraud, manual, paper-based accounting processes pose significant risks to finance departments that worsen their chances of a fraudulent attack because they have no fraud detection tools.

Types of Payment Fraud:

There are several types of payment fraud, but some major threats impacting finance teams are check fraud, business email compromise, vendor impersonation, and phishing.

Check Fraud:

Despite the push to go digital, paper checks remain the most popular form for B2B payments. Unfortunately, they are also a fraudster’s most popular way to infiltrate organizations, and 66% of professionals reported fraud attacks from using checks in 20212. Checks are highly prone to fraud because they contain vulnerable information that fraudsters can easily intercept and change. One example involves stealing a check from your business mailbox when mailed from your workplace, then ‘washing’ the check and forging it with their signature. In other instances, fraudsters engage in counterfeiting by appropriating account numbers and subsequently printing and utilizing checks from the compromised account.

Business Email Compromise (BEC):

Business Email Compromise (BEC) occurs when scam artists use emails to dupe accounting departments into transferring funds into illegitimate accounts. In 2022, the FBI received 21,832 BEC complaints, with estimated losses totaling more than $2.7 billion3. An example would be a company CEO asking an employee to purchase gift cards to send out as employee rewards. He asks for the serial numbers so he can email them out right away.

Vendor Impersonation

This increasingly frequent technique occurs when fraudsters send fake emails to companies asking for payment. One study revealed that an average vendor email compromise attack costs $183,000, and the highest amount requested thus far was $2.1 million4. Be aware that a fraudster, for example, might use john.kelly@compony.com (Note the extra “O” in company) instead of john.kelly@company.com to trick victims into thinking their email is legitimate.


As the old proverb goes, if it’s not broken, don’t fix it. Fraudsters know this tried-and-true method is quick to fool someone into sending money or vulnerable information. In this method, fraudsters send a fake message designed to trick a human victim into revealing sensitive information so the attacker can expose the victim’s device to malicious software and get their credit card info and passwords. An example would be you receive an email with a link to confirm your payment information. The sender is warning you that your account is suspended until you take time to verify your account information.

What steps can you take to detect and prevent payment fraud?

Mitigating internal and external fraud risks in today’s world can be challenging, but it doesn’t have to feel impossible. Here are 3 tangible steps you can take to help your organization better mitigate the risk of payment fraud.

  1. Regularly Update Fraud Risk Assessments:  

The Association of Certified Fraud Examiners (ACFE) 2022 Global Fraud Study reports that organizations lose an average of 5% of revenue to fraud each year5. Most importantly, nearly half of the cases in the study occurred due to a lack of internal controls.  

A fraud risk assessment is a process for identifying an organization’s exposure to fraud and developing a plan to mitigate that risk before it does financial, reputational, or legal damage6. Regularly updating this assessment is imperative as it can help you and your team members identify blind spots in your controls that fraudsters could easily take advantage of. If the evaluation determines these controls are lacking, they should be updated immediately.

2. Identify Red Flags:  

Having an updated fraud risk assessment makes it much easier to identify red flags associated with a fraudulent attempt. Additionally, conducting quarterly security training from an outside source can help educate your team in identifying suspicious activity.

Be Aware of:

  • Things that sound too good to be true (you’ve won a prize or gift you didn’t apply for).  
  • Someone presents you with an urgent request.
  • Unexpected charges appear on your bank account.
  • Someone threatens you if you don’t comply with their request.
  • You receive an email that doesn’t seem legit.
  • Someone asks you to pay in advance with a gift card.

3. Adopt an Electronic Payment Solution:  

Organizations are leveraging technology like finance automation to increase protection and mitigate fraud. In addition to helping users pay vendors quicker, a payment automation solution can help reduce the amount of paper checks and enhance security by encrypting account data and adding extra layers of security through multi-factor authentication.

Additional Security Benefits of Payment Automation:

  • Virtual Cards:

Virtual cards are safer than paper checks and provide additional security layers against fraud. Each one-time-use card has a unique account number, expiration date, and security code, meaning that extra funds can’t be stolen from fraudsters. Survey results show that 66% of companies paying by check experienced real or attempted fraud, compared to just only 3% when paying with single-use virtual cards2.

  • Cloud-Based Vendor Information Management:

Cloud-based AP automation digitizes and accelerates invoice approval workflows while making information accessible to authorized users and ensuring data security and compliance. It helps AP departments mitigate potential security and compliance risks by standardizing processes and providing visibility into the actions taken on a transaction.

  • Positive Pay and Payee Positive Pay on Checks:

Businesses can protect against fraudulent check scams by using Positive Pay and Payee Positive Pay, a standard offering among leading AP automation providers. Check payments are made using Positive Pay, a service that matches the account number, check number, and dollar amount of each check cashed. Payee Positive Pay also matches the name of the individual or the organization that the payment is meant to go to, further enhancing security.

  • White-Glove Customer Service:

Payment automation providers act as an extension of your AP team. Expert payment processors remit all payment information to vendors, ensuring every penny goes to the correct recipient.


Soaring fraud rates in recent years have made it increasingly difficult to fight fraud. As such, organizations must embrace tools like finance automation that not only save time and money but also increase security.

To learn more about increasing your security mitigation efforts with Paymerang’s award-winning Payment Automation platform, schedule a demo today.


1Big Commerce Essentials: Payment fraud: What is it and how it can be avoided?

22022 AFP Payments Fraud and Control Survey

3FBI Internet Crime Report 2022


5ACFE 2022 Global Fraud Study

6Outseer: Fraud Risk Assessment [What Is It & Why Do I Need One?]

Sierre Lindgren

Sierre Lindgren

Sierre Lindgren oversees the fraud team at Paymerang. Sierre graduated from Virginia Commonwealth University with degrees in Psychology and Criminal Justice. Before joining Paymerang, she worked in the finance industry for over 11 years. The last 5 years working for a local financial institution she focused on ACH, debit card, and wire fraud. When she is not fighting fraud, she is enjoying family time on the Rappahannock River.