Digital Transactions Authoritative, insightful and timely information for payments professionals
It’s a sobering condition of today’s payments industry that fraud is a persistent, pervasive, and unwelcome counterpart to legitimate transaction activity. Testifying to that is that 76% of U.S. organizations experienced attempted or actual fraud in 2025, says the Association for Financial Professionals’ 2026 edition of its Payments Fraud and Control Survey Report.
That is down from 2024’s 79% and 2023’s 80% rates, but the impact is no less troublesome. The data, drawn from 465 responses from treasury professionals and analyzed by Rockville, Md.-based AFP’s research department, points away from assuming fraud is episodic, and shows it is much more pervasive.
“People used to think of fraud as episodic,” says Chris Ward, head of enterprise payments at Truist, a Charlotte, N.C.-based bank and sponsor of the AFP report. Fraud is no longer an exception, “It’s more the rule,” Ward says.
In practice, that translates to constant vigilance on policies and controls and expeditious attention to fraud activity, he says.
“Payments fraud is increasingly a policy problem, not just a controls problem,” Ward says. Organizations, be they banks, payments providers, or merchants, must have the right decisions and the right processes in place to ensure they are protected, he says. That means making the right decisions when a payment is executed, he says.
Because payments are diverse and most organizations make and receive multiple types, they need policies and controls for all of them. Conversely, Ward says, criminals only need one entry point to do what they want.
“Remember, the fraudster just has to get one through where, as a company, you’ve got to protect [your company from] all fraudulent attempts,” he says.
While this approach may appear to fit larger organizations well, it also works for smaller ones. Fraudsters do not discriminate and will target any size organization if they sense a payoff.
Some payment types are more prone to fraud than others, and at the top in the current report is check and ACH debit fraud. Check fraud was reported by 58% of organizations, the most of any payment type, followed by ACH debit, 30%, and wire transfer, 25%.
They were followed by corporate and commercial cards, 21%, and ACH credits, 18%. New payment types were not immune. Fraud on mobile wallets was reported by 2%, followed by faster payments and cryptocurrency, at 1% each.
Email continues to be the frontrunner in how criminals choose to commit fraud. Business email compromise is the most common threat vector, with 70% of organizations citing it. That’s up from the 2025 report, when 63% cited what’s known as BEC.
Ward suspects that business email compromise will continue to be problematic, especially as artificial intelligence is refined and criminals adopt it. “It will become harder and harder to detect,” Ward says.
This ties into his assertion that managing payments fraud is a quality-control issue. Organizations need to make the right decisions within their payments programs.
Ward suggests organizations not rely on one-time decisions to manage these programs. “Rechecking yourself over and over again, just make sure you’re checking your procedures, doing everything you can to protect yourself and taking advantage of every fraud tool and technology available to you,” he says.
