The Rising Cost of Payment Fraud

Payment fraud is an increasing and ever-evolving threat, impacting businesses of all sizes. According to the FBI’s 2023 Internet Crime Report, “reported losses from one type of fraudulently induced payment scam—fake investment opportunities—rose from $3.31 billion in 2022 to $4.57 billion in 2023.”¹ These different types of payment fraud can come in many forms and it is vital that business owners, security teams, and employees understand these forms, their impact, and the preventive measures that can be taken to safeguard against these attacks.

Types of Payment Fraud

• ACH (Automated Clearing House) Fraud occurs when a scammer gains a company’s bank account credentials and/or routing number and uses these to forward transfers, withdrawals, and payments using the ACH network. Scammers will even use tactics such as email phishing scams to send links leading to websites that look like fake online banking portals. Once the victim provides these bank account credentials, the scammer has access to the company’s payment system and can siphon funds to their own account.
• Wire fraud occurs when a scammer cons an employee or business owner to part with their money via wire transfer, a transaction that is usually irreversible. Never wire money to a vendor or entity that you have not met and/or who claims to be a government agency or utility company. Always remember that no government agency or utility company will ever make such an unusual request.
• Check fraud can take place when thieves steal physical checks from the mail or implement scams (such as BEC scams) to hack into automated payment systems. Keep in mind that paper checks are less secure than payments processed via ACH. Always review transactions to ensure that there are no irregularities and if you see an unusual withdrawal or any other odd activity, report it immediately.
• Business Email Compromise (BEC) is a specialized cyberattack in which a scammer creates an email account that resembles the familiar email address of one of the victim’s contacts, so that the victim will not recognize the sender as an outside source. This scam relies on the victim trusting that the sender is someone who they know without checking to ensure that the email address is genuine.

The Financial Impact of Payment Fraud
The consequences of these types of fraud can be devastating, resulting in financial loss, reputational damage, and operational disruption. The 2025 AFP Payments Fraud and Control Report indicates that 79% of organizations have been the victim of fraud or attempted fraud. Payment fraud can lead to routing numbers and other private banking data falling into the hands of scammers, leading to serious financial loss. Furthermore, data breaches of this nature can lead to a loss of consumer trust, further impacting a business’s reputation. The cost in time and resources that a successful fraud attack can have on a business can lead to additional losses in employee and company resources. With proper preventive measures, however, a business can avoid these losses while remaining vigilant against such attacks.

Preventive Measures
There are steps that a company can take to protect itself from payment fraud and scammers. These precautions involve increased privacy protections, keeping employees informed and vigilant of the ever-changing world of cybersecurity threats, and making use of Comerica’s fraud prevention tools. Stay informed and take these precautions to ensure that cyberattacks against your company can be properly identified and dealt with.

• Dual controls are a process by which payment initiation and approval duties are divided between employees. These checks and balances ensure that even if one person makes a mistake and falls prey to a payment fraud scam, someone else can ensure that payment access is not fully compromised. Consider setting up these safeguards in your payment system as well as installing daily limits for users so that unlimited payments can’t be accessed by a scammer.
• Comerica ACH Positive Pay™ ensures that you have the tools necessary to monitor and control your ACH activity, allowing you to create filters to accept or reject transactions based on amount, sender, or other criteria. For more information, see our commercial fraud solutions page. 
• Educate your employees regarding the dangers of payment fraud. Payment fraud scams often intersect with identity impersonation. With the rise in AI-powered scams, employees should be aware of the different, ever-evolving shapes that payment fraud scams can take and act with caution before approving payment transactions as well as clicking links in emails that are from seemingly trusted contacts.

Comerica offers strong fraud protection solutions and a vigilant commitment to client security. Sign up for Comerica ACH Positive Pay™ and report lost or stolen checks, online scams, and any other type of suspected payment fraud to Comerica via the Commercial Fraud Solutions page.