A red 3D illustration of a laptop with a warning sign as a concept of cyber scam or security threat.

The rising cost of payment fraud

Written by:
Patti Otman for Comerica
November 19, 2025
Lemonsoup14 // Shutterstock

The rising cost of payment fraud

Payment fraud is an increasing and ever-evolving threat, impacting businesses of all sizes. According to the FBI’s 2024 Internet Crime Report, business email compromise (BEC) scams led to reported losses exceeding $2.9 billion, making it one of the most financially devastating cybercrimes tracked by the FBI. These different types of payment fraud can come in many forms. It is vital that business owners, security teams, and employees understand these forms, their impact, and the preventive measures that can be taken to safeguard against these attacks.

In this article, Comerica outlines the growing threat of payment fraud and how businesses can prevent it.

Types of Payment Fraud

  • ACH (Automated Clearing House) fraud occurs when a scammer gains unauthorized access to a company’s bank account credentials and routing number and then uses them to initiate transfers, withdrawals, and payments through the ACH network. Scammers will even use tactics such as email phishing scams to send links leading to fake websites that appear to be online banking portals. Once the victim provides these bank account credentials, the scammer has access to the company’s account and can siphon funds to their own account.
  • Wire fraud occurs when a scammer cons an employee or business owner to part with their money via wire transfer, a transaction that is usually irreversible. Never wire money to a vendor or entity that you have not met and/or that claims to be a government agency or utility company. Always remember that no government agency or utility company will ever make such an unusual request. Have your employees verify wire payment instructions by calling the requester at the number you have on file. Implement this practice for internal requesters who make large wire payments to ensure their email addresses have not been compromised.
  • Check fraud can occur when thieves steal physical checks from the mail or implement scams (such as BEC scams) to gather check information and create fake checks. Keep in mind that paper checks are less secure than payments processed via ACH. Always review transactions to ensure there are no irregularities, and if you notice an unusual withdrawal or any other suspicious activity, report it immediately.
  • Business email compromise (BEC) is a specialized cyberattack in which a scammer creates an email account that resembles the familiar email address of one of the victim’s contacts, so the victim will not recognize the sender as an outside source. This scam relies on the victim trusting that the sender is someone they know without verifying that the email address is genuine. Fraudsters also create email accounts that appear to be from trusted sources, such as your bank, well-known brands, or utilities.

The Financial Impact of Payment Fraud

The consequences of these types of fraud can be devastating, resulting in financial loss, reputational damage, and operational disruption. The 2025 AFP Payments Fraud and Control Report indicates that 79% of organizations have been the victim of fraud or attempted fraud. Phishing and cyberattacks can lead to routing numbers and other sensitive banking data falling into the hands of scammers, leading to serious financial loss. Furthermore, data breaches of this nature can lead to a loss of consumer trust, further impacting a business’s reputation. The cost in time and resources that a successful fraud attack can have on a business can lead to additional losses in employee and company resources. With proper preventive measures, however, a business can avoid these losses while remaining vigilant against such attacks.

Preventive Measures

There are steps that a company can take to protect itself from payment fraud and scammers. These precautions involve increased privacy protections, keeping employees informed and vigilant about the ever-evolving world of cybersecurity threats, and utilizing fraud prevention tools. Stay informed and take these precautions to ensure that cyberattacks against your company can be properly identified and dealt with:

  • Dual controls are a process by which payment initiation and approval duties are divided between employees. These checks and balances ensure that even if one person makes a mistake and falls prey to a payment fraud scam, someone else can prevent payment access from being fully compromised. Consider setting up these safeguards in your payment system and installing daily limits for users so that large payments can’t be accessed by a scammer.
  • Educate your employees regarding the dangers of payment fraud. Payment fraud scams often intersect with identity impersonation. With the rise of artificial intelligence (AI)-powered scams, employees should be aware of the different, ever-evolving forms that payment fraud scams can take and exercise caution before approving payment transactions, as well as clicking on links in emails from seemingly trusted contacts. They should check email addresses carefully, be wary of urgent and unusual payment requests, and verify the requester.

This story was produced by Comerica and reviewed and distributed by Stacker.


Trending Now