Is Your Organization More of a Target After Fraudulent Payment? Yes

B2B payment fraud remains a major threat, with business email compromise (BEC) remaining the primary attach vector. New survey data shows not only rising vendor impersonation fraud, but also that fraudsters often strike multiple times before detection. Organizations must adapt and add strategies that mitigate the risk of repeated financial losses. 

B2B Payment Fraud

According to the 2025 AFT Payments Fraud Survey Report Key Highlights, for calendar year 2024 business email compromise (BEC), sending a fraudulent request via email,  remained the top fraud vector with 63% of organizations reporting it as an origin of payment fraud.  Vendor impersonation fraud, a form of BEC, increasing to 45% from 34% the year before. The report also found that of the successful payment frauds, wires transfers were the highest of payment methods at 63%, followed by ACH payments at 50% and check payments at 26%.  One critical find from the survey is that the number of organizations that use checks has increased to 91% from 75% in 2023.    

According to your membership peers, in a 2024 IOFM White Paper Infographic with AvidXchange entitled B2B Payment Security, the survey results of IOFM members revealed that more than three quarters (76%) of respondents experienced payment fraud in the past calendar year. 

Fraudsters Can and Do Attack Multiple Times

If a fraudster is able to send a fraudulent email, successfully change vendor remittance information to a bank account or remittance address they control, then receive a successful payment, they know they can do it again. Until the fraud is uncovered, they can continue to receive vendor payments either based on legitimate vendor invoices coming due or by sending fake invoices or payment requests to send more funds to that fraudulent bank account or remittance address.  Worse for check payments, they can take that information for the first successful fraudulent check payment and create counterfeit checks to continue to increase an organization’s loss. 

Real examples include:

·       Two Vendor Impersonation Scams In 30 Days

The City of Peterborough New Hampshire was notified by a vendor that they did not receive a $2.3 million dollar payment.  Once investigated, they found that an email had been received to change the legitimate vendors bank account, and once done, the payment was sent to the fraudsters’ account.  While dealing with that payment fraud incident, a different vendor notified them that their payment wasn’t received. It was found that the same fraudsters requested a change of banking for that vendor as well, and an additional payment fraud occurred. 

·       Multiple Successful Fraudulent Checks

A Huntsville, AL business was targeted, not once, but multiple times with check washing that resulted in a loss of more than $1.5 million.  Fraudsters obtained a check from the business, removed the ink of the payee and replaced it with a name that was used to deposit the check and obtain the funds.  Further, the banking information can be used to create counterfeit checks to continue the scam. 

To mitigate the risk of additional financial losses after a successful fraud, organizations must add a process to find out if other payment frauds have been successful. 

Find Other Payment Fraud – Fraud Response Plan for the Vendor Process

When a fraudulent payment occurs, the organization’s fraud response plan is put into action to provide a clear and structured process for identifying, managing investigating and responding to the fraud incident. 

What is also needed is a review of the previous transactions that lead to that successful payment fraud.  A review of vendor remittance changes during a certain timeframe is needed to identify if any other vendor payments have been sent to a fraudulent bank account. Thus, a strategic and unique response to define, investigate, report and mitigate fraud is required within the vendor process.

Here are the high-level steps:

1.     Establish the Fraud Response Team – Who will be involved and what will their duties be?

2.     Create a Contact List – Who do you need to notify of the fraud, internal and external?

3.     Define the Investigation Process – Gather facts and information and implement an immediate steps to prevent further loss or damage

4.     Investigate Vendor Master File Changes – Determine the time period to review and a process to analyze and report

5.     Implement Corrective Actions and Follow-Up – Determine how to resolve fraudulent incidents and how to strengthen the vendor process

Want a detailed fraud response plan for the vendor process?  During IOFM Finance and Accounting Appreciation Week, June 9-13, 2025,  a white paper Leading Through Fraud: A Fraud Response Plan for the Vendor Process will be available for download.

Stay Tuned.

Conclusion

Payment fraud isn’t a one-time event, it’s a persistent threat that can cause repeated, escalating losses. Fraudsters explain gaps in controls and capitalize on delayed detection.  As fraud tactics grow more sophisticated, organizations must implement a strategy to find additional fraudulent payments and prevent future repeated financial losses. 

Resources:

1.     2025 AFP Payments Fraud Survey Report Key Highlights https://www.afponline.org/training-resources/resources/survey-research-economic-data/details/payments-fraud

2.     B2B Payment Security White Paper Infographic:  https://www.avidxchange.com/resources/b2b-payment-security-infographic/

3.     New Hampshire town lost $2.3 million in email scam https://statescoop.com/new-hampshire-town-lost-2-3-million-in-email-scam/

4.     Huntsville business falls victim to check washing scam, loses over $1 million:  https://www.waff.com/2024/05/20/huntsville-business-falls-victim-check-washing-scam-loses-over-1-million/

5.     IOFM Finance and Accounting Appreciation Week:  https://www.iofm.com/events/appreciation-week