AI payment fraud and a shifting threat landscape: why CFOs need proactive payment controls

Treasury teams are managing more fraud vectors than at any point in recent memory. The surprising part isn't the number of threats. It's that every one of them finds the same way in.

AI-powered fraud is accelerating across payment operations. Geopolitical instability is raising the stakes for financial infrastructure. Kyriba’s 2026 CFO survey reflects both pressures: security and fraud prevention ranks as a top priority, while 81% of CFOs say they are concerned about political instability and conflict. The weaknesses being tested are operational: inconsistent payment controls, siloed data, limited visibility, and too much reliance on manual review were not built for the current environment.

The threat environment has outpaced traditional payment controls

AI-powered fraud and geopolitical cyber risk are not abstract concerns for treasury teams. They are active, accelerating pressures that traditional payment controls were never designed to handle.

Why AI payment fraud is outpacing traditional defenses

CFOs and treasurers know AI payment fraud is real. The harder issue is whether their controls can keep up. AI-powered attack methods are evolving faster than human-based controls can respond. That’s the mismatch. Fraud has scaled up with machine-speed tools. Too many defenses still depend on human review.

AI-powered attacks are dangerous because they combine speed, believability, and scale. Impersonation attempts are more convincing. Timing is better calibrated to exploit gaps in approval workflows. Phishing is harder to catch because the obvious red flags are gone.

The treasury teams most vulnerable to AI fraud are not the ones with the oldest technology. They're the ones who upgraded five years ago and stopped. Fraud evolves. Static controls don't.

Geopolitical unrest raises the cyber stakes further

The pressure on payment infrastructure does not come from fraud alone. U.S. banks and financial firms are operating under heightened alert as Iran-related cyber risk has intensified. Recent conflicts, including Russia/Ukraine and Hamas/Israel, have also generated elevated cyber threats directed at financial institutions. Waiting for a confirmed attack at the payment layer before strengthening controls is not a risk management strategy. It is a recovery plan.

While AI fraud and geopolitical cyber risk may look like different problems, they expose identical structural weaknesses. Those weaknesses are operational blind spots that make fraud and systemic disruption harder to catch and harder to contain.

Why reactive controls no longer work

Reactive review was designed for a slower payment environment, where fraud was easier to recognize and finance teams had time to intervene. AI-powered fraud breaks that model. Attacks are timed to exploit approval gaps, vendor impersonation can pass human review, and by the time a callback or email confirmation happens, the window may already be closed.

Callback phishing surged 500% in Q4 2025. The attack works because 48% of organizations still rely on callbacks and email confirmations to validate vendor bank account information. Fraudsters are exploiting the very control designed to stop them. That gap is not a technology limitation. It's a design choice fraudsters have learned to exploit.

Adding more manual steps to a broken model doesn't fix it. It just slows down the inevitable failure.

What proactive payment fraud prevention actually looks like

The shift from reactive to proactive is about moving control upstream, into the payment flow itself, so that risk is assessed before authorization rather than investigated after the fact.

In practice, a proactive control framework rests on three capabilities that most treasury teams are still building toward.

1. Pre-payment validation and continuous beneficiary verification. Vendor payment fraud often surfaces after the initial relationship is established: when a bank account is updated between payment cycles, when the first payment goes to a newly registered account for an existing vendor, or when a change is imported from an ERP without independent verification. Validating account ownership once at setup is not enough. Recurring validation against account ownership records and sanctions lists, before every outgoing payment, is what closes the gap. Organizations still relying on callbacks and email confirmations to verify those changes are operating with a control fraud has already learned to defeat.

2. Real-time payment screening and connected visibility. Fragmented systems create blind spots, and blind spots are where fraud hides. Treasury teams need a unified view across banks, ERPs, and payment workflows so that anomaly detection can actually work. An AI model flagging unusual payment behavior cannot do its job if it is only seeing part of the picture. When payment data flows in real time across the full ecosystem, controls can screen for policy exceptions, behavioral anomalies, and high-risk patterns before funds leave the organization.

3. Centralized controls. Human judgment will always have a role in payment operations. Where that judgment is applied, and whether it is supported by good data and clear policy, determines whether controls hold under pressure. The risk is controls that exist in silos: treasury payments running through proper approval workflows in the TMS, supplier payments coming out of the ERP without the same controls applied. Same policy on paper; different enforcement in practice. Controls embedded in workflows and applied consistently across every payment type, regardless of origin, reduce the reliance on any single person making the right call at the right moment. When a payment is flagged, the response should be structured, not improvised.

Three steps CFOs should take to strengthen payment fraud prevention now

The best-positioned organizations will not necessarily be the ones with the most sophisticated technology. They will be the ones that close the most obvious gaps first.

Start with an honest assessment of where manual validation still lives in your organization. Map every point in your payment process where a human is the primary control. Ask whether that control can operate at the speed and scale the current threat environment requires. The answer in most organizations will reveal more exposure than expected.

Connect payment data across treasury, AP, procurement, and IT. Payment fraud does not respect organizational boundaries, and neither does cyber risk. The fragmentation that makes treasury operations harder to manage also makes them easier to exploit. Shared visibility across payment initiation, approval, and bank connectivity is a fraud prevention requirement, and CFOs are positioned to drive it.

Treat payment resilience as a treasury strategy priority, not a compliance checkbox. Some CFOs still delegate payment fraud entirely to IT or compliance and call it risk management. At the speed the threat environment is moving, that is not delegation. It is abdication. The decisions about where to invest, which controls to prioritize, and how to sequence the work belong at the treasury leadership level.

More pressure, no more excuses

The pressures on treasury payment operations are not going to simplify. AI-powered fraud is accelerating. Geopolitical instability adds risk to the infrastructure payments depend on. And the pace of change in how money moves means the window for catching a fraudulent transaction keeps shrinking.

The organizations that build proactive, connected payment controls now are not just reducing fraud risk. They are building the operational foundation that modern treasury requires regardless of what the threat environment does next. Reactive cleanup is expensive. Proactive control is strategy.

In the months to come, the CFOs who acted now will be managing faster payment operations with measurably lower fraud losses. The ones who waited will be explaining to their boards why a preventable incident cost them a quarter's worth of margin.