Rob Rogers
Vendor Impersonation Fraud: How It Works and How to Stop It
The Fraud That Starts Before the Invoice Arrives Vendor impersonation fraud is not a new phenomenon. Organizations have always faced the risk of someone claiming to be a supplier they are not. What has changed is the precision, the scale, and the sophistication of the deception — and the degree to which a threat once associated with unsophisticated schemes has evolved into one of the most technically and operationally advanced forms of payment fraud facing AP functions today. According to the
Business Email Compromise
The Attack That Doesn't Need to Hack Anything Most fraud prevention thinking is organized around technical intrusion — firewalls, endpoint security, multi-factor authentication. Business Email Compromise largely ignores all of it. The most financially damaging form of cyber-enabled payment fraud in the world today does not, in most cases, require the attacker to penetrate a network, plant malware, or exploit a software vulnerability. It requires only a convincing email and an AP or treasury fun
Payment Fraud Prevention Strategies
The Question Is No Longer Whether — It's When Every organization that disburses funds is a target. That is not a rhetorical provocation; it is the operating reality that fraud data consistently confirms. The 2024 Report to the Nations from the Association of Certified Fraud Examiners found that a typical organization loses five percent of its annual revenue to fraud. The FBI's Internet Crime Complaint Center reported that Business Email Compromise alone accounted for more than $3 billion in los
Real Time Payments & Instant Payment Risks
Introduction: The Newest Rail and Its Unforgiving Characteristics Real-time payments are the newest entrant in the organizational disbursement landscape, and they arrive with a risk profile that finance and treasury functions have not fully absorbed. The operational appeal is straightforward and genuine: funds move in seconds, settlement is final, and the rails operate around the clock every day of the year. For time-sensitive vendor payments, emergency disbursements, and counterparties who pla
Virtual Card Payment Controls
Introduction: The Payment Method Marketed as a Control Virtual cards occupy an unusual position in the payment risk landscape. Every other payment method covered in this series — ACH, checks, wire transfers and real-time payments — is evaluated by finance and risk professionals primarily in terms of the fraud exposure it carries. Virtual cards are frequently evaluated in the opposite terms: as a control mechanism, a fraud reduction tool, a way to impose transactional discipline on disbursements
Wire Transfer Fraud Risks
The Highest-Stakes Payment Method in Common Use Wire transfers occupy a unique position in the organizational payment landscape. They are not the most used disbursement method — ACH handles far greater transaction volume, and checks remain more prevalent by number of payments at many organizations. But wire transfers are, by a significant margin, the highest-stakes payment method in routine use. They settle quickly, they are irrevocable upon completion, and they are the preferred endpoint of th
Checks: The Oldest Payment Method and Its Modern Fraud Risks
Introduction: Reports of Its Death Have Been Greatly Exaggerated Every few years, the payments industry announces that the check is finally dying. The data tells a more complicated story. Checks have declined as a share of total payment volume — that much is true. But in dollar terms, and particularly in business-to-business payment contexts, checks remain a significant component of the disbursement mix at many organizations. The Association for Financial Professionals' 2024 Payments Fraud and
ACH Payments: How They Work, How They're Exploited, and How to Defend Them
Introduction: The Rail That Moves American Commerce The Automated Clearing House network is the circulatory system of American business payments. In 2024, the ACH network processed more than 31 billion transactions totaling over $80 trillion — payroll, vendor payments, tax disbursements, insurance premiums, mortgage payments, and thousands of other recurring and one-time payment types. For most organizations, ACH is the primary mechanism by which vendor payments are made (and payroll is deliver
Payment Methods and Risk: An Overview
The Payment Method Is the Risk Profile Not all disbursements carry the same risk. A check mailed to a vendor carries a different fraud exposure than a same-day wire transfer. An ACH credit processed through a validated banking relationship presents different vulnerabilities than a real-time payment that settles in seconds and cannot be recalled. A virtual card introduces controls that paper checks cannot replicate — and limitations that experienced fraudsters know how to work around. For CFOs,
Ensuring Vendor Data Accuracy and Completeness: Governance, Hygiene and Controls
Data Accuracy as a Governance Imperative The other articles in this section have addressed specific categories of vendor data validation: bank account verification, TIN matching, address verification, and entity relationship identification. Each addresses a defined vulnerability in the vendor record. Each provides a layer of assurance that a specific data element is what it purports to be. Data accuracy governance addresses the layer beneath all of the categories of vendor data validation, det