Corporate payments fraud remains a costly and persistent threat with wide-reaching financial consequences. As recently reported on CTMfile, a survey by FIS and Oxford Economics found that businesses lose an average of $98.5m each year due to a combination of cyberthreats, fraud, regulatory hurdles and operational inefficiencies. This is now reinforced by the findings of the 2025 AFP Payments Fraud and Control Survey, underwritten by Truist, which revealed that 79% of organisations experienced attempted or actual payments fraud in 2024.

Chris Ward, head of enterprise payments at Truist, put it bluntly: “The reality is, while the threat landscape is evolving, vigilance alone isn’t enough.”

This latest data reflects a broader, global picture of mounting fraud challenges. In the UK, a separate 2025 survey by fraud prevention firm Trustpair found that 93% of organisations had experienced at least one fraud attempt in the previous year. Meanwhile, data from NICE Actimize’s 2025 EMEA Fraud Insights Report reveals that payment fraud cases are rising sharply across the region, particularly in relation to real-time payments. Together, these findings point to a global threat landscape where fraudsters continue to innovate and corporates continue to suffer.

BEC scams and the evolving threat landscape

The AFP data shows that business email compromise (BEC) remains the most common method of fraud, cited by 63% of respondents. Spoof emails, in which a fraudster impersonates a trusted contact, were the most prevalent subtype of BEC, affecting 79% of organisations. Vendor imposter fraud, meanwhile, increased sharply, with 45% reporting incidents. This is an 11 percentage point rise on the previous year.

Across borders, the pattern is familiar. Trustpair’s UK study found vendor fraud to be the most frequently encountered form of attack, with 61% of respondents highlighting it as their primary concern. In EMEA, NICE Actimize also noted a rise in impersonation-based fraud, made worse by the proliferation of generative AI tools that allow for more convincing deception.

Payment methods under pressure

Cheques remain a key vulnerability, with 63% of AFP survey participants saying they experienced attempted or actual fraud through cheque payments in 2024. Despite this, over 75% of organisations indicated they had no plans to reduce cheque usage within the next two years.

Wire transfers and ACH credits are increasingly targeted by BEC scammers, with wire transfers overtaking ACH as the preferred route for fraud attempts in 2024. The AFP survey shows that 63% of respondents experienced BEC activity targeting wire transfers, up from 39% in 2023. ACH credits followed closely, with fraud attempts affecting half of respondents.

NICE Actimize’s data supports these trends. In EMEA, there has been an increase in BEC-related fraud tied to real-time payment rails, driven by the speed and irreversibility of these transactions.

Response, recovery and readiness

While some organisations have been able to recover funds lost to fraud, the numbers are sobering. Only 22% of AFP respondents recovered 75% or more of their losses in 2024, a sharp drop from 41% the previous year. However, the number of firms recovering at least some of their funds has increased, with 58% managing to recoup up to three-quarters of the total losses.

Globally, businesses are investing in stronger detection and prevention capabilities. However, the AFP report shows there is still significant room for improvement. For example, 47% of US respondents said their companies do not provide regular employee training on fraud and cyber-awareness. This compares unfavourably to sectors like insurance, where 75% of respondents report training employees as part of their prevention strategies.

Firms with a more structured approach appear better equipped. According to AFP, organisations with dedicated fintech teams were not only more confident in their ability to mitigate fraud but also saw greater sales growth following the adoption of embedded fintech solutions.

Embedding fraud controls as a strategic priority

Despite subtle regional differences, the core message from this data is consistent: payment fraud remains a serious, ongoing threat for corporates globally. While technology is improving the ability to detect and respond to fraud, bad actors are also becoming more sophisticated, aided by tools such as AI.

Jim Kaitz, President and CEO of AFP, summed it up in the report: “Although organisations remain vigilant in combatting payments fraud, many continue to be victims of fraud, as scammers have become more sophisticated with the help of AI and other technologies.”

The data suggests that while technical defences are critical, they must be supported by broader strategic measures, from employee training to payment process reviews and better vendor management. Ultimately, businesses that treat fraud prevention as a cross-functional priority, rather than solely a technical challenge, will be better positioned to anticipate, detect and counter the evolving threats ahead.