Social Engineering Frauds – 2021 Stats [UPDATED!]
The 2021 numbers are in... and fraudsters are still gonna fraud.
Case Studies
Real-life examples of how organizations use PaymentWorks to improve compliance, reduce workload, and add value.Stuff to Watch
Library of short and sweet videos featuring product demos, customer interviews, and sessions with experts.
Podcasts
The perfect way to geek out on all things vendor management, and get tips from our guests, partners, and customers.
Vendor Management Appreciation Day
Dedicated to celebrating the unsung heroes of vendor management and up-leveling your strategy.
Events
We go places. We do things. Join us!The 2021 numbers are in... and fraudsters are still gonna fraud.

[This blog was originally published in June 2021 but has been updated in February 2026 to reflect new data about procurement fraud.]
The 2021 numbers are in… and fraudsters are still gonna fraud.
While these statistics reflect 2021 data, the underlying patterns remain highly relevant today—many of the same control gaps continue to drive successful fraud.

Back in 2021, we offered a rundown based on the Association of Financial Professionals 2022 Payments Fraud and Controls Survey and the FBI’s Internet Crime Report for 2021.
Together, these reports offer a snapshot of how organizations were managing payments and procurement fraud at the time—and where gaps persisted despite growing awareness.
That data showed that attempts and actual frauds were down year over year (71% in 2021 vs. 74% in 2020). There are no conclusive data points to explain why, but there is a notion that education is paying off for those who are usually targeted. Our counterpoint to this? Fraud tactics evolve all of the time. So be sure your employee education also evolves at this rate: all of the time.
At the time, a good chunk of you (17%!) were not doing any payment beneficiary, aka, supplier banking verification. And those of you who were? You were not necessarily checking every one of your suppliers banking data in your verification process. Or, more likely, you believed your process was being followed 100% of the time, but have not actually audited it to be certain.
This year, we’ve looked at the 2025 AFP® Payments Fraud and Control Survey and the FBI’s latest Internet Crime Report —and while some trends remain familiar, the data underscores just how persistent and costly payments and procurement fraud continues to be.
First, the sobering news: Payments fraud is rising. According to AFP, 79% of organizations were victims of payments fraud attacks or attempts in 2024, up from prior years. Business Email Compromise (BEC) remains the dominant threat vector, with 63% of respondents identifying it as the leading avenue for fraud attempts. The FBI reported 21,442 BEC complaints in 2024 alone, resulting in a staggering $2.77 billion in losses.
Payment methods under attack continue to evolve. Checks remain the most frequently targeted payment method, with 63% of organizations reporting check fraud. Meanwhile, wire transfers have reclaimed the top spot as the payment type most vulnerable to BEC—surpassing ACH credits. Fraud tactics themselves are also shifting. Executive impersonation schemes declined to 49%, while vendor impersonation rose to 60%. Third-party impersonation remains the most common BEC tactic at 63%. The lesson? Fraudsters adapt quickly—and so must your defenses. Employee education, verification protocols, and monitoring practices cannot remain static.
Now, a mixed picture on recovery. Only 22% of organizations were able to recover 75% or more of funds lost to payments fraud in 2024—a sharp drop from 41% in 2023. However, 58% were able to recoup up to 75% of lost funds, an improvement from the prior year. Recovery is possible—but far from guaranteed, and increasingly uncertain.
And finally, a critical control issue remains: supplier banking verification. While awareness has increased over the years, many organizations still struggle with consistent enforcement. Whether it’s incomplete verification of supplier banking changes, inconsistent adherence to internal procedures, or a lack of audit validation to confirm controls are operating as intended, gaps in execution continue to create opportunity for fraudsters. In other words, procurement fraud isn’t going anywhere.
The overarching takeaway? Fraud is not declining. It is evolving. Controls must evolve just as quickly—continuously reviewed, tested, and reinforced.
In February we had a live event with Christopher Arehart, SVP Product Manager a at Chubb where we were reflecting on the 2021 AFP survey, where 65% of respondents said they had a process in place to verify banking. From his seat as the product manager for crime, where he sees the aftermath of successful payments fraud scams daily, he offered this:
Bernallio County, New Mexico sent nine payments to a fraudster. How? Their process wasn’t followed, and no one was auditing it. It’s worth noting that in this case, even if the process had been followed, it does not appear to involve verifying the bank account ownership.
St. Peterborough, NH paid a $2.3M price for a “simple human failure to follow established procedures [which] allowed the scam to succeed…” This one was three payments initiated by three different fraud scams in four weeks. In each of these instances, the process was not followed.
We will be at the TMANY New York Cash Exchange in June, with Mr. Arehart from Chubb, talking about what you should be asking your risk team and your insurance company about your process, what is protected, and how these types of scams succeed despite your best efforts.

Payments Fraud and Your Vendor Master: The Risk Inherent in Your Verification Process
June 7, 11 AM
Vendor Management Appreciation Day (VMAD) returns this year—and we’d love to have you join the celebration. There’s never a wrong time to recognize one of the most essential yet often overlooked functions in every organization: vendor management.
We’re already preparing for this year’s festivities, and we want the entire community to be part of it. VMAD was created to bring vendor management professionals together, spotlight the innovation happening in the field, and give this important work the recognition it deserves.
Throughout the year, we’re rolling out monthly gifts and resources to help elevate your vendor management practice. We’re also planning a series of events designed to spark connection, learning, and celebration across the profession.
While you wait for the big day, explore what’s new—and grab some free vendor management goodies.
Explore our blogs below. They’re filled with action items you can implement right away.
What Is Business Identity? Why It Matters, and How to Get It Right
Why Supplier Verification Is the First Line of Defense Against Risk
The Supplier Risk Assessment Process: A Step-by-Step Framework
Why Supplier Lifecycle Management Is the New Frontline of Cybersecurity
Procurement fraud refers to schemes that exploit purchasing, vendor management, or payment processes for personal or financial gain. These schemes can involve internal employees, external vendors, or a combination of both. Common examples include fake or shell vendors, invoice manipulation, and unauthorized changes to vendor master data. Procurement fraud often occurs gradually and blends into routine operations, making it difficult to detect without strong controls and visibility.
Procurement fraud is challenging to detect because it often hides within legitimate-looking transactions and established workflows. Many organizations rely on manual reviews, email approvals, and trust-based processes that provide limited transparency. When documentation is incomplete or audit trails are weak, fraudulent activity may go unnoticed for months or even years. In many cases, procurement fraud is uncovered only during audits, whistleblower reports, or after financial losses have already occurred.
The highest-risk stages include vendor onboarding, vendor master data maintenance, invoice approval, and payment changes. These points involve sensitive data and often lack consistent validation. For example, if banking changes can be requested via email, attackers or insiders may exploit that channel. Similarly, inadequate segregation of duties—where one individual can create vendors and approve payments—significantly increases fraud risk.
Reducing procurement fraud requires a combination of policy, process, and technology. Key measures include segregation of duties, standardized onboarding and change workflows, validation of supplier data, and strong audit trails. Automation plays an important role by enforcing controls consistently and reducing reliance on manual judgment. Regular monitoring, internal audits, and employee awareness also help identify red flags before losses escalate.
We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.
© Copyright 2026 - PaymentWorks