Financial Fraud Trends for Businesses in 2025: Emerging Risks & How to Prepare for Them

Financial fraud has always been a threat to businesses, but in the age of the internet, smart phones and especially artificial intelligence (AI), business fraud is increasing and becoming even more sophisticated. Two recent surveys targeted executive-level treasury professionals at a wide range of companies, many with over $1B in revenue. And the results highlight the impact. Trustpair’s 2024 Fraud Trends and Insights Survey reveals that 96% of U.S. companies were targeted by at least 1 fraud attempt in the last 12 months. While the Association for Financial Professional’s (AFP) 2024 Payments Fraud & Control Survey reports 80% of respondents were targeted in the last 12 months. 

94% of US companies surveyed said they were targeted more than once by fraudsters in the past year.

One positive result of the rise in fraud attempts is that more companies are educating their employees to better recognize fraud attempts. However, many businesses aren’t keeping pace and assume that fraud trends from the past decade still hold true today. After all, paper check fraud is still the leading type of payment fraud, likely because 70% of organizations using checks don’t plan to discontinue the practice. But despite some old methods persisting, scams deployed by financial fraudsters are changing rapidly.
 

Evolving Cyber Fraud in Banking

Technology is driving the latest wave of business fraud. According to the Trustpair survey, 83% of companies that reported fraud attempts experienced more advanced forms of cyber fraud. ChatGPT – AI capable of generating text, images, videos, or other data by learning the patterns and structure of almost any subject – is a big driver of this evolution.  Newer forms of fraud include text messages generated by ChatGPT, hacked websites, deep-fake phone calls and highly sophisticated phishing schemes. 

Because text messages are opened at a rate of 98%, they are highly successful for scammers. Text messages claiming to be bank fraud prevention alerts, or warning of package delivery problems are two of the most common tactics used. The Federal Trade Commission directs business employees to forward suspicious texts to 7726 (SPAM). Doing this will help your wireless provider block similar messages.

ChatGPT, with its many capabilities and easy access, is creating more possibilities for fraudsters. Using prompts common in many browsers, ChatGPT can be used by hackers to hijack social media accounts, which then harvest browser cookies – such as names, addresses and passwords – that the user entered in form fields. With stolen credentials, hackers can create malicious software customized to a specific user. This software can create compelling emails that trick others into sending money, often in the form of digital currency (commonly known as cryptocurrency). All this can be done with the user having no knowledge that their data and accounts are compromised.

In 2024, a Hong-Kong finance worker was duped into transferring $25M to a fraudster after deepfake video call from his company CFO.

Perhaps the most troubling fraud trend affecting companies are deepfakes. This type of fraud is created by generative AI – artificial intelligence that can generate very realistic images, sounds and voices, including personas that can simulate a real person's activities for carrying out financial transactions. Electronic Payments International found that in North America alone the number of deepfakes more than doubled in the past year. AI’s ability to mimic a person’s voice is rapidly advancing to where it can fool even friends and family. All it takes is a short voice sample – even a voicemail greeting is enough – and AI can learn a person’s speech mannerisms and cadence well enough to launch very convincing deepfake using the voice of an influential or high-level company employee to trick employees into sending payments to criminals. 

Other Fraud Threats to Businesses

In addition to the cybercrimes mentioned above, there are many other types of common financial fraud techniques. Businesses are also subject to financial fraud crimes like payment fraud, account takeover fraud (ATO), credit card fraud, return fraud and chargeback fraud.

Account takeover (ATO) fraud can occur when scammers gain access to online banking accounts, often by purchasing stolen information on the dark web.  They can also use keylogging software, which can be deployed through unsecured wi-fi, and records every keystroke on the victim's device before sending it to the attacker. Other methods for ATO are credential stuffing, where automated bots test lists and databases to find a match, or brute force attacks which deploy random words to guess a user's online banking passwords. This type of fraud is why many online accounts require complex passwords.

Return fraud refers to a group of illegal practices where scammers attempt to make product returns using falsified receipts. To fight against this, businesses with an ecommerce online presence often deploy transaction monitoring tools to identify patterns of potential return fraud based on past or unusual behavior.

Chargeback fraud can occur in two forms. First-party or ‘friendly fraud’ is when a customer disputes a valid charge or claims, in the case of an online purchase, that goods were never received. On this front, AI-based technology can offer some protection by helping merchants spot instances of friendly fraud so they can issue challenges. Third party fraud is perpetrated by scammers who obtain card numbers to make illegal purchases. Card holders then dispute the charges and receive refunds, which banks and merchants must issue. Chargeback losses are reported to be $50 billion and rising. In fact, merchants surveyed say that chargeback fraud grew by 20% in the past three years and that nearly one quarter of their refunds are fraudulent.
 

Emerging Trends in Payment Fraud

Payment disbursement is also an area of business hit by fraud, with 65% of companies reporting a recent payment scam. This type of fraud is often carried out by forged check or stolen card. However, corporate synthetic identity fraud is a growing concern and is now costing banks $6B in annual losses. Using stolen data, fraudsters build fake identities to apply for loans and lines of credit that they will never pay back.

Business Email Compromise (BEC), where company employees are baited by a scammer posing as a trusted vendor, was still the most prevalent type of payment fraud according to those surveyed. And many companies report that ACH credits have now surpassed wire payments as the payment method most impacted by BEC.
 

Preparing for Faster Payments

Every company wants to do things quicker, that includes moving money. The good news is that new technology is making faster electronic payments, often called instant payments, possible. These payments can be sent 24 hours a day, 7 days a week, and each payment will be received in just a few seconds. 

Surveys reveal two notable things: That by 2028, 76% of businesses plan to send business-to-business transactions via instant payments. However, 29% of companies plan to implement the same security standards they use for wire transfers, which offer a slim opportunity to be reversed. 

Even though banks will have strong security measures in place, the speed and irrevocable nature of instant payments means companies must take every step to verify that the recipient is legitimate, especially if beneficiary information has recently changed. We suggest companies adopt different yet stringent security procedures for using instant payments, and not rely on the same protocols used for wire payments.

Using Automation to Mitigate Risk

As fraud attempts increase and become more sophisticated, combined with the increased use of instant payments that settle in seconds, businesses must upgrade their defenses. Currently, payment validation is a vulnerability for many companies, as 67% report that they use manual, and therefore riskier methods to validate payments.

BEC schemes often exploit this weakness by claiming a trusted vendor has a change in payment information. Using validation software can give you an advantage against fraudsters as it runs continual checks throughout the payment chain and can catch changes that a scammer may insert. This type of software, along with intrusion detection systems to flag suspicious emails sent to your company, can help reduce the changes of payment fraud and increase efficiency. 
 

The Collateral Damage of Fraud

When evaluating what fraud mitigation procedures to put in place, it’s important for a business to consider the many consequences of fraud. In the short-term, a successful fraud scheme can cause an immediate loss of funds. But in the long term, it can cause friction in a buyer-supplier relationship, loss of business partnerships and overall reputational damage. In fact, 66% of companies said they would stop doing business with an organization if a fraud attack also impacted them. Companies would be wise to keep the larger financial consequences of fraud in mind.

Fighting Fraud in a New Era

The cyber era of business fraud is here and booming. AI, with ability to craft language and create realistic voices and images, will only make scams harder to spot. And more would-be criminals will harness its ability to deceive, increasing fraud attempts from here and abroad. Fighting this new, tech-driven fraud will take a combination of constant internal training, along with external and bank-supplied automation, like fraud detection software and other tools that can detect anomalies and prevent or mitigate losses. For businesses, the old methods will no longer be enough. They must objectively assess the trends, embrace technology for better protection and continually raise their defenses against fraud to stay ahead. 

Sources:
AFP (Association for Financial Professionals) 2024 Payments Fraud and Control Report
Trustpair 2024 Fraud Trends and Insights
2023 AFP Real-time Payments Survey Report
Retail Touchpoints - Shining a Light on a Growing Ecommerce Threat: Chargeback Fraud
2024 Chargeback Field report, Morningstar.com
KPMG, Synthetic Identity Fraud