Fraud in payments is no longer just a risk—it’s a growing menace accelerating in sophistication, scale, deception, reach, and speed. This is precisely why certain discerning insights within the payments fraud landscape deserve closer attention.

In this article, we spotlight critical findings from recent survey reports and trusted research designed to empower corporate treasury, as the steward of financial risk management, to mitigate the mounting risks of payments fraud.

Email age serves as a powerful predictor of payments fraud risk

An analysis of over four million transactions by AtData, a leader in email intelligence and data security solutions, revealed that the longevity of an email address is a strong predictor of payments fraud risk in digital payments.

According to AtData, “Addresses created just days before a transaction were 25x more likely to be fraudulent. In the lending space, this risk escalates—email addresses less than 30 days old showed a 35x increase in fraud risk. Borrowers using newly created emails carried a 67.3% fraud rate in payment scenarios.”

Disposable email domains are a major red flag for fraudulent activity

Disposable email domains, commonly used to evade identity checks and carry out one-off fraud, are a strong indicator of payments fraud. AtData reports that across various industries, these domains exhibited fraud rates over 70%, surpassing the risk associated with legitimate internet service provider (ISP) domains.

Deepfake fraud attempts soar, yet only 50% of companies plan executive training  

Findings from the 2025 Identity Fraud Report by the Entrust Cybersecurity Institute show that a deepfake incident occurred every five minutes in 2024. Despite this surge in deepfake attacks—one that demonstrates no sign of slowing—it is alarming that only 50% of surveyed organizations plan to train their executives to recognize such threats, as per a new Ponemon Institute study commissioned by BlackCloak—Digital Executive Protection Research Report 2025.

Legacy payment methods most impacted by payments fraud

The Association for Financial Professionals® (AFP) 2025 Payments Fraud and Control Survey Report, sponsored by Truist, found that legacy payment methods remain a major vulnerability to payments fraud.

In 2024, payments fraud hit cheques (checks) and ACH debits the hardest, accounting for 63% and 38% of reported incidents, respectively. Nevertheless, more than 75% of organizations surveyed in the AFP report stated they have no intention of reducing cheque usage over the next two years—even in the face of the heightened fraud risk linked to legacy payment methods.

Sharp rise in ransomware payments and recovery costs

In 2024, the average cost of a ransomware attack reached US$5.13 million, as highlighted by cybersecurity company PurpleSec. This amount reflects not only ransom payments but also recovery expenses and indirect costs such as reputational damage and erosion of customer trust.

Over the past six years, the average cost of ransomware has grown dramatically by 574%, climbing from $761,106 in 2018 to $5.13 million in 2024, as noted by PurpleSec. During the same period, the average ransom payment alone skyrocketed by 1,343%—jumping from $28,920 to $417,410.

This upward trajectory shows no signs of slowing. In the first quarter of 2025, Check Point observed a 126% increase in ransomware attacks, with North America accounting for 62% of global incidents, followed by Europe at 21%, and Asia Pacific at 10%.

With threat actors employing more advanced tactics and targeting strategies, PurpleSec projects the average cost of a ransomware attack in 2025 to range between $5.5 million and $6 million—marking a 7% to 17% rise from 2024.

Real-time payments (RTP) fraud hits 45% of eCommerce merchants worldwide

RTP fraud has become the second most widespread fraud attack, affecting 45% of merchants globally, according to the 2025 Global eCommerce Payments & Fraud Report, produced by the Merchant Risk Council (MRC) along with Visa Acceptance Solutions and Verifi.

Variations in fraud impact across regions and business sizes are a key takeaway from the report. “The North American merchants are significantly more likely to suffer RTP fraud, while those in Latin America are significantly less likely. Small businesses are less likely than midsize and enterprise merchants to experience RTP fraud”, points out the survey report.

Real-time payments offer speed, cost efficiency, and greater cash flow visibility for both domestic and cross-border transactions. However, the very immediacy that makes RTP attractive also limits the time merchants have to detect and prevent fraud—likely contributing to its far-reaching impact across the global e-commerce landscape.

To conclude, as email-based payment fraud remains widespread and AI-generated deepfakes enable criminals to escalate their attacks, the landscape of fraud prevention has grown increasingly complex. Adding to this are the rising frequency of ransomware attacks and the soaring costs of payouts—which have elevated the issue to a board-level concern—making it clear that treasury, thought of as the superintendent of payment security, must adopt a highly proactive stance to secure payment systems and eliminate vulnerabilities.

Treasury should also expedite the phase-out of cheque usage in favour of safer, more modern payment methods that offer better protection against today’s rapidly evolving threats. The increasingly prevalent nature of payments fraud underscores the urgent need for targeted security training to develop a fraud-aware workforce capable of prevention, identification, and swift response. To stay ahead of crafty cybercriminals, treasury leaders must equip vulnerable departments with advanced tools and technologies—ensuring the organization remains resilient in the face of growing digital risks.