COMMENTARY: It’s Time to Stiffen Defenses Against Payment Fraud

Recent headlines prove that payment fraud continues to pose an ever-growing threat to businesses of all sizes. As payment methods evolve, so do the sophisticated tactics employed by fraudsters, creating a payment-protection predicament for businesses.

According to the Association for Financial Professionals, 80% of organizations were victimized by payment fraud in 2023, a 15-point increase from the previous year. This upward trend indicates that even more businesses will be targeted by payment fraud as we approach 2025, highlighting the urgent need for robust security measures in business payments.

Payment fraud does not discriminate based on payment method. Despite the increasing digitization of business-finance operations, for a number of various reasons, nearly half of businesses still make most of their B2B payments via check. This reliance on paper-based methods exposes companies to various fraud schemes, including forgery, counterfeiting, theft, and alteration. In fact, 63% of businesses have experienced fraudulent check activity.

ACH fraud has also seen a worrying rise, with a 7% increase in affected organizations in recent years. Fraudsters exploit the ACH system’s settlement timeframes, which can take several business days, giving them ample time to disappear with stolen funds before fraud is detected.

Equally concerning, particularly for B2B payments, is the prevalence of invoice fraud, costing mid-market businesses an average of $280,000 annually. Fraudsters employ various tactics, including altering payment details on legitimate invoices, making urgent requests to change payment information, or submitting inflated or falsified payment amounts, often in small quantities to fly under the radar.

The impact extends beyond financial losses. Compromised data can severely damage a company’s reputation, making vendors and customers hesitant to conduct business due to security concerns, while impacting the mental health of any victims.

Traditional, manual verification processes are increasingly inadequate in the face of sophisticated fraud attempts. Accounts payable and accounts receivable teams are not equipped to identify every fraud attempt, nor do they have the time to manually inspect every invoice or validate that every payment has been received as planned.  

Combining modern payments with robust security protocols and validation checks is vital to preventing B2B payment fraud, regardless of its complexity.

ACH validation, for example, screens for previous instances of fraud, any indications of a history of insufficient funds, and returns for closed accounts or incorrect amounts. These validation measures can help reduce ACH return ratios, expedite failed payment responses, and decrease fraud events.

For invoice fraud prevention, automated systems can detect suspicious information and inconsistencies, compare payment data against previous legitimate invoices, match data against purchase orders, and validate every invoice, regardless of dollar value.

Modern payment platforms also offer additional security measures, including:

Custodial Accounts

These separate accounts prevent fraudsters from accessing main business accounts. Funds are only transferred when it’s time to pay, eliminating exposure of primary account details.

Permission Controls

Implementing custom permissions and “dual control” ensures that no single person bears complete responsibility for payment approvals. This separation of duties adds a crucial layer of security.

Positive Pay

This service allows banks to confirm the validity of checks before processing, potentially preventing significant losses.

It is unrealistic for businesses to understand every type of fraud or implement the various prevention tools needed to combat them. Given the complexity of modern payment security, many businesses are outsourcing to specialized payment processors to access sophisticated security measures without the burden of implementation and maintenance.

As B2B payment fraud continues evolving and becoming more sophisticated, businesses must adapt their security measures accordingly. The transition from paper-based, manual processes to a single provider for automated payment technology and protection is no longer optional—it’s integral for survival in today’s business environment. By implementing robust automated solutions backed by fraud prevention, companies can better protect their financial assets, maintain vital vendor relationships, and ensure regulatory compliance. The question is no longer whether to automate payment functionality. Rather, it’s how quickly businesses can implement these crucial protections.

—Darin Horrocks is executive vice president, business payments, at Repay Holdings LLC.