A quiet but dangerous imbalance has formed inside corporate finance teams, and new data from Trustpair makes it painfully clear. AI-powered fraud is now evolving faster than the systems meant to stop it, and in many organizations, human processes are still the last line of defense. Seventy-one percent of U.S. companies report that fraud attacks have accelerated over the past year, yet nearly half continue to rely on manual checks—callbacks, emails, spreadsheets, human approvals—to defend against attacks that are now automated, adaptive, and endlessly scalable. It’s a mismatch that feels almost unfair, like bringing a notepad to a drone fight, but it’s happening every day inside large enterprises.
The financial and human cost is no longer abstract. One in four companies surveyed reported six-figure losses from fraud incidents, almost half said a single incident can consume multiple days of response time, and 17% admitted they had to terminate employees due to fraud-related mistakes. That last number lingers a bit longer than the others, because it shows how AI-driven fraud doesn’t just drain budgets—it pushes errors downward onto people who were never equipped to fight machines at machine speed. The report, developed with experts from Kinexys by J.P. Morgan and based on a survey of 250 CFOs and senior finance executives, paints a picture of organizations under pressure from all sides: faster payments, tighter regulations, and attackers who now generate scams in bulk, on demand, with near-perfect impersonation.
Business Email Compromise remains the most common attack vector, hitting 62% of organizations, but it’s no longer alone. Fake websites and SMS-based scams are closing in fast, and all of them are amplified by AI’s ability to mimic tone, timing, and internal workflows. While the share of companies relying mainly on manual validation has dropped from 69% to 48% year over year, that still leaves nearly half of large enterprises depending on processes that simply cannot scale. As Trustpair’s CEO Baptiste Collot puts it, AI has raised the baseline of fraud, but internal processes haven’t caught up. Not because companies don’t care, but because many believe modernization requires tearing everything down at once, when in reality the real problem is that legacy checks were never designed for this world.
Underneath the attacks lies a structural weakness that fraudsters know how to exploit. Vendor data is scattered across systems, validated sporadically, and quickly becomes outdated. Only 32% of companies continuously or real-time validate vendor bank details, leaving wide open windows between onboarding and payment. This is exactly where modern fraud thrives, slipping into gaps that humans assume are still safe. The timing could not be worse, as regulatory pressure is increasing. Nacha’s March 2026 rules will require upfront account validation, adding new compliance demands on top of existing SOX controls. Yet nearly half of surveyed companies aren’t even aware these rules are coming, and 13% admit they have no vendor bank validation process at all, which is almost hard to believe until you remember how many processes still live in inboxes and shared drives.
The good news, if it can be called that, is that the shift has begun. Half of companies increased fraud prevention budgets in 2025, and adoption of automated account validation tools is slowly rising. Training still matters, but awareness alone won’t stop attacks generated at machine speed. The real progress comes from embedding automated, continuous validation directly into finance and procurement workflows, reducing reliance on human heroics and shrinking the attack surface without slowing operations. The message of the report is simple and uncomfortable: fraud has already modernized. The only question left is how long enterprises will keep defending the past while attackers operate in the future.
Leave a Reply