76% of U.S. Companies Were Subjected to Fraud in 2025

The latest AFP Payments Fraud and Control Survey paints a stark picture of the U.S. payments landscape: three‑quarters of organizations reported fraud activity in 2025. While the headline rate fell modestly from 79% in 2024, the breadth of exposure remains unprecedented. Companies of every size—from multinational banks to midsize merchants—are grappling with a relentless stream of attacks that span traditional checks, ACH debits, and wire transfers. The data suggest that fraud is no longer an outlier; it is a baseline operational risk that must be baked into daily treasury functions.

Payment‑type vulnerability varies, but check fraud tops the chart at 58%, reflecting lingering reliance on paper instruments and legacy processing systems. ACH debit fraud follows at 30%, and wire transfers affect a quarter of respondents. Meanwhile, digital channels are not immune: business email compromise (BEC) was the most common vector, cited by 70% of firms, and its rise aligns with sophisticated phishing campaigns that leverage artificial intelligence. As AI‑generated content becomes more convincing, fraudsters can craft highly targeted emails that bypass traditional filters, making detection increasingly challenging.

Industry leaders now emphasize a shift from reactive controls to proactive policy governance. Truist’s Chris Ward argues that fraud management should be treated as a quality‑control function, requiring continuous policy reviews, real‑time decisioning, and layered technology stacks. Organizations are urged to adopt automated monitoring tools, integrate AI‑driven anomaly detection, and enforce rigorous employee training. By institutionalizing a culture of perpetual vigilance, firms can reduce exposure, protect cash flow, and maintain stakeholder confidence in an environment where fraud is the rule rather than the exception.