What Treasurers Need to Know About Payment Fraud In An Increasingly Digital World

By Jen Martin, Head of Fraud, Citizens

CFOs and corporate treasurers are navigating an increasingly complex landscape of cybercrime and payments fraud, driven by expanded digital access points, the rise of AI, an increasingly dispersed workforce and sophisticated schemes like business email compromise, along with bank and vendor impersonation scams. Despite these expanding risks, many organizations still lack the tools, processes and training needed to effectively detect and prevent these threats.

Cybercrime is a global problem. According to GASA’s Global State of Scams 2025 Report, 57% of adults worldwide claimed to have had a scam experience and 23% lost money in the last 12 months. In the United States, the cost of cybercrime approached nearly half a trillion dollars ($452.3 billion) in 2024, a figure that has grown substantially since 2017. According to the latest estimates from Statista, this trend is primed to accelerate, with cybercrime costs projected to reach roughly $1.82 trillion by 2028.

As companies achieve greater digitization and connectivity in areas like payables and receivables, security measures improve but cyber criminals gain more points of access to exploit.

Although many organizations have increased the resiliency and redundancy of their systems in recent years, the emergence of powerful AI-enabled technologies has exposed new risks and vulnerabilities.

Emerging threats demand rapid response

The payments fraud threat vector has grown increasingly complex and varied for businesses of all sizes. Those threats having the most impact on corporations today include ransomware attacks, check fraud and social engineering scams (which include business email compromise (BEC) attacks and bank impersonation scams. These are human-based schemes that have caused damage for years in various forms. Malicious actors are drawn to them because preying on an unsuspecting victim’s gullibility and unpreparedness is an evergreen and highly effective strategy.

Ransomware attacks are a type of cybercrime that employs malicious software (malware) surreptitiously implanted on a victim’s computer. Once installed, the cybercriminals will typically lock up the victim’s files or entire systems and demand a ransom payment, often in difficult-to-trace cybercurrency. Reported incidents grew by 9% year-over-year in 2024, resulting in $16.6 billion in losses, a 33% increase over 2023.

With the rapid growth in digital payment usage, checks have experienced a long decline as a form of payment for both individuals and organizations. Yet, despite their waning importance, checks remain highly vulnerable to sophisticated scams. Check fraud remains the #1 category of payments fraud, with nearly two-thirds (63%) of companies impacted in 2024. Moreover, the U.S. Department of the Treasury reported a 385% increase in check fraud from the start of the COVID pandemic in 2020 through the end of 2023.

Social engineering scams targeting key business resources are also on the rise. These scams take a wide variety of forms, from business email compromise (BEC) to bank impersonation schemes conducted through “phishing,” “smishing” or “vishing” vectors.

"Phishing" is a technique where scammers use fraudulent emails that appear to come from legitimate sources, like a financial institution, reputable corporation or government agency. They are used to trick an unsuspecting recipient into engaging with the scammer, in the hopes they will provide access to sensitive information, files or systems. Smishing takes a similar approach, using short message service (SMS) or text messaging instead of email. And vishing refers to voice phishing, which involves the use of phone calls or voicemail to impersonate trusted individuals or organizations. Voice-based attacks are becoming harder to detect as AI deepfakes allow scammers to convincingly impersonate corporate executives or even close family members of the victims.

Bank impersonation scams are of particular concern to financial institutions and cybersecurity experts. According to the Federal Trade Commission (FTC), bank impersonation was the most widely reported scam occurring via text message in 2022, a twentyfold increase from 2019. In 2024, the FTC reported a four-fold increase in reports of impersonation scams preying on older adults.

A specialized form of phishing, business email compromise (BEC) has grown increasingly common as more companies transition to remote and virtual transactions. BEC relies on impersonating or stealing the identity of a company employee, usually a senior executive, and tricking victims into exposing valuable information or transferring funds outside the company. The volume of attacks is increasing, with 63% of finance teams citing BEC attempts in 2024. Wire transfers were the top target at 63%.

A rising subset of BEC that can cause significant financial losses is vendor impersonation fraud , where a bad actor poses as a legitimate vendor to fool an organization into remitting payments to their fraudulent accounts. The scheme may involve sending fake invoices, altering payment instructions or creating fake websites that mimic a legitimate supplier’s site to steal funds from the victim company.

New technologies present new opportunities for fraud

Other concerns on the horizon include the growing threat of AI deepfakes, as well as real-time payments (RTP and FedNow) fraud.

The wide availability of easy-to-use, inexpensive generative AI models like ChatGPT, Claude and Grok has put the power to create convincing deepfakes in the hands of even modestly resourced criminals. Anecdotally, more firms are reporting voice and video deepfakes being used in treasury fraud attempts, and some surveys note that fraudsters are testing highly sophisticated BEC tactics that combine voice, email and social engineering.

Real time payments also present emerging fraud risks, with 2% of organizations reporting faster-payment fraud attempts in 2024. Although this is a far cry from the 63% of companies that reported paper check fraud, it is a channel to watch as RTP grows in popularity. In addition, FedNow recently announced an increase in its single transaction limit from $1 million to $10 million in November 2025, raising push-payment risk exposure for corporate treasury departments.

Keeping pace with the latest threats

Most companies confirm that they have some type of payments fraud mitigation strategy at their organization. According to Citizens' 2025 Payment Trends Survey, customer authentication is the most commonly used method. Real-time fraud monitoring is also popular—and it stands out from other methods for potential effectiveness. Those respondents who did not experience fraud in the last year were much more likely to say that they used real-time fraud monitoring, compared with companies that did report recent fraud.

For BEC and vendor-imposter fraud, effective preventative measures include: out-of-band callback verification, verification of any changes in supplier contact info, and dual control and approval for all wire transfers.

To combat the rising threat of AI-enabled deepfakes, organizations should consider banning any payments or transfers authorized solely via audio or video approval. Liveness checks and second channel verification tactics are also recommended.

To mitigate check fraud, treasurers have a number of effective tools at their disposal. These include using secure mailboxes or drop boxes for customer payments, and Positive Pay— a cash management service that matches checks presented for payment against a list of those the company has issued, flagging any discrepancies for review before payment. Additionally, corporate finance departments should actively explore transitioning to digital payments to meet their customers’ and suppliers’ growing demands for security and convenience.

Mitigating payments fraud risk through education

A successful program of payments fraud mitigation should also include proactive awareness and education.

Companies have invested heavily in cybersecurity and the tools needed for the job are largely available in many of the online banking, accounting and enterprise resource planning (ERP) systems widely used today. That said, staff can benefit from increased awareness and businesses must be prepared to embrace new technologies and approaches as needed. Don’t exclude upper management and board members from your plans—be sure to schedule regular phishing and deepfake scenario drills to ensure everyone remains on alert for these evolving threats.

In many threat scenarios, the actual integrity of the online banking or security system is usually not compromised, but rather a user has inadvertently become a victim of a social-engineering scam. This is why education is critically important, and your payments fraud mitigation program should ensure that cybersecurity is a top-of-mind priority for everyone across the organization.

As a Foundation Member of the Global Anti-Scam Alliance (GASA), Citizens is proud of our role in helping to keep people worldwide safe from the financial and emotional trauma caused by online scams.