“Payments fraud activity continues to be elevated. Seventy-nine percent of respondents indicate that their organizations had been targets of either actual or attempted fraud activity in 2024, similar to the 80% reported in 2023”, as per  the Association for Financial Professionals® (AFP) 2025 Payments Fraud and Control Survey Report, sponsored by Truist. Over 500 treasury professionals from diverse industries and organizations of varying sizes participated in the AFP survey.

The findings from the 2025 AFP® Payments Fraud and Control Survey Report demonstrate that while organizations are taking payments fraud seriously —with numerous safeguards in place—perpetrators remain relentless and “Have not been deterred by any of the anti-fraud protections that organizations have put in place.”

Source: 2025 AFP® Payments Fraud and Control Survey Report

This is further evidenced by the fact that attempted and actual payments fraud activity has remained consistent with levels seen since 2015. The only notable deviation occurred in 2022, when reported fraud activity fell to 65%.

The AFP survey examines the types and extent of fraud attacks targeting business-to-business (B2B) transactions, highlighting both the most targeted payment methods and the increasing threat  of business email compromise (BEC). It also outlines the measures organizations are taking to protect against payments fraud. Here are the key takeaways:

Larger organizations more vulnerable to payments fraud attacks

According to the AFP study, “Larger organizations (those with annual revenue of at least $1 billion) were more susceptible to payments fraud attacks than were smaller ones (those with annual revenue less than $1 billion): 83% compared to 73%.”

Source: 2025 AFP® Payments Fraud and Control Survey Report

More survey participants from large organizations with limited payment accounts— specifically those earning at least $1 billion in annual revenue and managing fewer than 26 accounts—reported experiencing payments fraud in 2024 than respondents from other types of organizations.

Misplaced trust in legacy payment methods leaves companies exposed

In 2024, cheques (checks) and ACH debits—both legacy payment methods—were the most heavily impacted by payments fraud, accounting for 63% and 38% of incidents, respectively.

Source: 2025 AFP® Payments Fraud and Control Survey Report

Despite ongoing digitalization, organizations still rely heavily on cheques—91% of respondents say their companies use them, up from 75% last year.

Although the reasons behind the sharp increase in cheque usage in 2024 remain unclear, the AFP study suggests that some organizations mistakenly believe cheques are safer than digital payment —a belief that is not supported by data. AFP Payments Fraud surveys dating back to 2015 consistently show that cheques remain one of the most targeted and vulnerable payment methods. Still, some businesses may perceive the situation differently.

As the AFP study further asserts, “Payment technology has been evolving rapidly—as are fraud techniques that target newer payment methods. Consequently, many business leaders who are unfamiliar with these new technologies may be inclined to fall back on what they know, perhaps being lulled into thinking that the least secure method of payment is the most secure.” This misplaced confidence in legacy payment methods not only contradicts the data but may expose companies to even greater fraud risk at a time when vigilance is more crucial than ever.

Instances of payments fraud via wire transfers fell from 31% in 2022 to 24% in 2023, but rose again to 30% in 2024. While there had been a consistent decline between 2022 and 2023, the resurgence is likely due to the fact that, in 2024, wire transfers were the payment method “most frequently targeted by BEC scammers,” cited by 63% of AFP survey respondents—up from 39% the previous year. This suggests that bad actors are successfully adapting their tactics and undermining organizations' efforts to curb wire transfer fraud.

While wire transfers faced renewed threats in 2024, other payment methods like corporate/commercial credit cards and ACH credits experienced a different trajectory in fraud activity.

Between 2022 and 2023, fraud cases involving corporate/commercial credit cards saw a dramatic drop—from 36% to 20%. That figure held steady in 2024, inching up only slightly to 21%. ACH credit fraud followed a similar path, decreasing from 30% in 2022 to 19% in 2023, with a slight uptick to 20% in 2024, observed the AFP survey report.

Mixed success in recovering payments fraud losses

Insights from the AFP survey report reveal that “Twenty-two percent of organizations were able to recover 75% or more of the funds lost due to payments fraud in 2024. That is a sharp decrease from results reported for 2023, during which 41% of companies recouped the same amount.”

Source: 2025 AFP® Payments Fraud and Control Survey Report

Although the proportion of organizations recovering 75% or more of fraud losses declined in 2024, the broader recovery outlook showed signs of improvement. Only 20% of firms failed to recover any funds—down from 30% in 2023. Meanwhile, 58% managed to recoup up to 75% of their losses, a significant rise from just 29% the previous year.

Timely detection plays a critical role in fund recovery. Among companies that suffered actual losses due to payments fraud in 2024, 35% detected the fraud in less than one week, while an additional 21% uncovered it within one to two weeks. According to the AFP survey report, treasury departments are most often the ones to identify both attempted and actual payments fraud activity, followed by accounts payable (AP). These findings reinforce the need for treasury leaders to strengthen their fraud detection capabilities—because the longer fraud goes unnoticed, the lower the chances of recovering lost funds.

To conclude, with payments fraud via email continuing to be widespread, malicious actors are increasingly leveraging artificial intelligence (AI) to craft sophisticated, personalised, convincing, and targeted BEC and phishing messages. This growing use of AI is making it more difficult for corporate executives to distinguish fraudulent emails from authentic ones.

Furthermore, AI-generated deepfakes are empowering criminals to escalate payment fraud attacks, adding a new layer of complexity to fraud prevention. As a result, treasury—thought of as the superintendent of payment security—must take a highly proactive approach to secure payment systems and eliminate vulnerabilities, such as gradually phasing out cheque usage and adopting alternative, safer payment methods to guard against fraud risks.

These developments affirm the urgent need for focused payments security training to build an informed workforce that is better equipped to prevent, detect, and respond to fraud. Treasury chiefs should also prioritize reducing fraud exposure and staying ahead of highly skilled cybercriminals by “specifically equipping departments prone to attacks with tools and technology to mitigate fraud,” recommends AFP’s 2025 Payments Fraud and Control Survey Report.