Protecting your payments: strategies for fraud mitigation

The threat of fraud in the payments space is far-reaching and increasing, with 80% of organizations targeted in 2023 — up from 65% in 2022.¹ The impacts are significant. In terms of financial implications, fraudulent payments and bank transfers cost United States consumers $1.86 billion in 2023,² while nearly 90% of payments businesses in the U.S. report revenue losses of 1%-9% due to payments fraud.³ Moreover, as the global e-commerce market expands, merchant losses from online payments fraud are predicted to see a compound annual growth rate of over 40% between 2023 and 2028,⁴ by which time the associated cost incurred is expected to reach $91 billion.⁵ 

Beyond direct monetary losses, fraud can cause reputational damage to an organization, resulting in broader, long-lasting effects on revenues. Client losses and decreased customer lifetime value (LTV) are potential consequences, derived from negative client perceptions around a company’s security and trustworthiness. A 2024 survey revealed that before signing up for a service, 75% of end users and consumers in the U.S. and Europe factor in a company’s record with respect to fraud prevention.⁶

Certainly, clients are wary of and alert to the very real risk that payments fraud poses. As such, over 85% of payments decision-makers state that their customers are now more demanding when it comes to fraud prevention capabilities. 

With the stakes high and growing demand from clients for robust security and data protection measures, being equipped with the appropriate knowledge and toolkit of solutions is the best line of defense. 

Understanding payment fraud threats

Payments have transformed because of technology. From metal coins, paper money and checks to plastic cards and wire transfers to the latest, cutting-edge forms of real-time electronic payments, a wide range of payment options is now available to businesses and consumers alike. Unfortunately, fraudsters have tactics to target each and every one. 

By far, the most vulnerable method of payment remains the paper check. First printed in the 1760s, checks have been intercepted and manipulated for hundreds of years through tried and tested methods. Theft from mailboxes and postal distribution centers remains common, with payee details and amounts altered via a process known as check washing, and then deposited in fake business accounts. Taking this a step further, criminals are also using the personal data from the stolen checks to create fake business entities. Over 20% of organizations report being affected by fraud due to interference with the United States Postal Service (USPS) in 2023, up from 11% in 2022.⁷

Despite the ongoing risks, many organizations remain faithful to the stalwart check, with 70% of those that use them having no immediate plans to stop, according to the AFP’s 2024 Payments Fraud and Control Survey.⁸ Effective controls to mitigate attacks on this payment method are therefore paramount.

In comparison, digital transactions, still in their infancy, are far more advanced and equipped with more inherent fraud mitigation measures. But they are not immune to attack. Techniques used by fraudsters to either steal digital data, or manipulate people into transferring funds or sharing sensitive information, include using malware software, business email compromise (BEC) and phishing emails (not to mention phishing’s less familiar offshoots, smishing and vishing, which use the same principle, but via text or telephone). Once the data is obtained, without effective controls in place, criminals can access the target’s existing accounts or set up fake accounts using their details to then carry out unauthorized transactions. 

AI – artificial intelligence, or advancing imitation?

Moreover, in tandem with advances in payments technology that are intended to improve processes and deliver enhancements, fraudsters are leveraging these same technologies to carry out more sophisticated attacks. In the wrong hands, pioneering technologies like artificial intelligence (AI) can pose a real risk to vulnerabilities in digital data. And the stark reality is that those hands can be anywhere in the world, with coordinated gangs, or tech-savvy individuals working alone, being able to infiltrate channels and manipulate transactions remotely.

According to a recent industry survey, over three-quarters of payments decision-makers have seen a rise in the use of AI in fraud over the past year.⁹ Phishing emails, for instance, have increased in sophistication, with the style and tone of an individual’s written correspondence able to be analyzed and copied using generative AI. 

As well as enhancing more “traditional” fraud strategies, AI is enabling opportunities for almost “futuristic-style fraud.” Imitation is one such example. Fake audio calls and even video calls – also known as deepfakes — can effectively be utilized to fraudulently authorize payment instructions or obtain data. One such incident occurred in Hong Kong in 2024, when a finance worker was tricked into making a $25 million transfer after taking part in a video conference with someone they believed to be senior staff at the firm.¹⁰ There are also reports of individuals being conned into transferring money as a result of scams that use AI to replicate a loved one’s voice — a strategy for fraud estimated to be a growing trend.¹¹ 

Such intricate attacks are not commonplace. And despite the threats, it is an extremely high degree of sophistication that is needed to break the robust, resilient defenses of digital payments. With the right capabilities in place — including strong payment controls that can validate the person you are sending to and receiving payments from — businesses and consumers can be assured that they are positioned to navigate the payments space safely.  

On the front foot with fraud mitigation: defense strategies for secure payments

Certainly, payments fraud is far from insurmountable. Effective tools to protect payments are at hand, and the industry is continually investing in further strengthening risk mitigation capabilities to ensure the highest level of security. Knowledge of the solutions and resources available is essential for fraud mitigation strategies to be as effective as possible, and various industry participants have introduced guidance and resource libraries to support this process. Nacha, the governing body of the ACH Network, for example, has an Account Validation Resource Center, which features a list of preferred vendor partners that provide third-party validation services. 

Enhancing communication and data sharing around new threats and fraud patterns across industry participants is acknowledged as an important step for generating greater awareness of threats. Having powerful insights can help to optimize the speed of response — including warning businesses and consumers, and the payments community more broadly, of scams as early as possible — and enable a more united, effective line of defense across the industry. 

Initiatives to help improve existing levels of transparency and cooperation are underway. For example, Nacha, the governing body of the ACH Network, recently approved a set of network rule changes — the first phase of which comes into effect in March 2026 — that encourage an active culture of information sharing to help mitigate the risk of credit push fraud. At the core of this new risk management framework is an emphasis on every participant in the payment flow having a role to play in reducing payment fraud and helping to recover funds in instances when it does occur. 

Elsewhere, Swift and its member banks are exploring how advanced AI can be used to analyze data from different sources as a means of enabling a richer, coordinated approach to cross-border payments fraud detection.  

Collaborative efforts are also underway through industry alliances such as the Knoble, an alliance of financial service professionals, law enforcement, regulators, and NGOs joining forces to lead and innovate more effective ways to fight human crime. Members ranging from corporates and different financial service professions to law enforcement and regulators are focused on exploring new, effective ways to fight financial crime. Membership is open to interested parties.

Selected, trusted partnerships and collaborations — tapping into and harnessing the knowledge and solutions of specialists in fraud prevention — are undoubtedly central components of risk mitigation strategies. Through its partnership with Early Warning Services, for example, BNY’s Account Validation Services (AVS) allows clients to validate the status and ownership details of a beneficiary’s account before releasing a transaction. The bank is also currently working with Swift to integrate its Payment Pre-Validation API such that it can be utilized prior to a payment instruction being sent as a means of ensuring the validity of specific fields within that instruction. This service is currently under development with an approaching release date.

Cutting-edge tools such as these will further add to the robust, resilient and comprehensive sets of solutions that are already available to mitigate the risk of erroneous and unauthorized transactions — across the breadth of payment rails, including check, ACH, wire and real-time payments. BNY’s suite of tools, for instance, leverages leading digital payment and account validation capabilities and is accessible to clients through various channels, such as its electronic banking portal, APIs and file transfer (see Figure 1).  

With checks so vulnerable to fraud and remaining a popular method of payment — at least until instant payments become more embedded and ubiquitous — having effective strategies for thwarting check fraud is crucial. Holistic banking solutions, such as check positive pay/positive payee capabilities, help identify anomalies around payee, amount, check number and account number that could be a result of potential fraud. Ultimately, however, the most effective tactic to address check fraud is to adopt digital payments, which, pure and simple, offer higher levels of security than checks. They are protected by advanced authentication and identification methods, with transaction data safeguarded by secure, fortified networks. 

Figure 1: Selection of BNY’s robust payment fraud mitigation solutions

BNY Validation Services

Payments fraud is big business. In order to avoid being the fraudsters’ customers in this respect, organizations should implement a range of solutions that can effectively assess and determine physical identity, digital identity and transaction risk, harnessing data and AI to identify and prevent illicit activity. Banks are alert to the ongoing, evolving threat of payments fraud and many are continually investing in enhancing their suite of services and keeping clients informed of new capabilities, industry developments and broader mitigation methods and best practices.

As fraudsters leverage new and old ways to target today’s payments, it is the combination of being savvy to threats and implementing robust encryption and authentication processes to ensure data privacy and secure systems that is key to stopping fraudsters in their tracks. By plugging in to these advanced payment fraud detection techniques, businesses can be assured that they are positioned to combat fraud and protect their payments effectively.    

Additional resources: https://www.nacha.org/RiskFramework