Digital Transactions Authoritative, insightful and timely information for payments professionals
An email from a work colleague requesting a funds transfer may seem routine, but quite often it could lead to serious fraud if completed. That type of fraud—business email compromise—is the top avenue for attempted and actual payments fraud, according to the 2025 AFP Payments Fraud and Control Survey.
Released Tuesday, the survey from the Association for Financial Professionals, found that 63% of respondents cited business email compromise as fraud they had experienced. Checks also are subject to fraud, with 63% of the 521 corporate professionals surveyed in January citing them as problematic for fraud.
The good news, at least by the numbers, is that the 63% experiencing business email compromise fraud in 2024 is flat with 2023 and down from 71% in 2022 and 68% in 2021. It peaked in 2018 at 80% in the AFP report, which covers 10 years of data and was underwritten by Truist Financial Corp.
AFP says increased vigilance is making a dent in lowering the number of successful email scams. Some common types of this fraud are spoof emails, which forge email header elements to look authentic; domain lookalike, where bad actors register a Web domain very similar to an authentic one; and account takeover, when a legitimate email is controlled by a fraudster.
The adage, “If it’s too good to be true, it probably isn’t,” is worth keeping in mind, suggests Chris Ward, Truist head of enterprise payments, via email.
“If it’s too good to be true, if it’s not making sense, if you’re unable to have independent confirmation of what you’re being asked to do—you shouldn’t do it. It’s just the modern-day scam,” Ward says of suspicious business emails. One way to counter this threat is to ensure every fraud-prevention tool available is being used, he says.
“Make sure you’re using every fraud-related tool and service available to you from your financial institution — including account verification, independent confirmation, positive pay for checks, account blocks — and that you’ve got the right controls at your company to protect yourself. I can’t overestimate the importance of having the right controls in your own organization,” Ward says.
The AFP survey estimated that 36% of organizations had a financial loss from business email compromises in 2024, up from 34% in 2023.
Checks, is still a prominent fraud avenue, with 63% of respondents experiencing attempted or actual check fraud in 2024, AFP says. The Federal Reserve’s latest Payments Study says business checks represented 76% of all commercial checks in 2021.
Though the number of checks written, including consumer and business, dropped in the Fed Payments Study from 13.6 billion in 2018 to 11.1 billion in 2021, most businesses—91%—continued to use checks as late as 2024. Only 25% of surveyed businesses intend to eliminate check use by 2027, down from the 30% in last year’s report that intended to do so by 2026.
“The thing that continues to surprise me is the high percentage of clients who are not planning on reducing checks,” Ward says. “With all the check fraud being experienced today, companies should be getting more aggressive with their plans to reduce checks, especially as they’re upgrading their own technologies to take advantage of electronic payments and all the tools available to protect themselves in the electronic space.”
