Payment Fraud Is Rising: How Accounting Firms Can Fight Back with Automation and AI
If you work in accounting, you’ve probably already had the conversation. A client calls, panicked, because a check went missing, got “washed,” and started showing up cashed in three different states. It sounds like a plot twist from a crime drama. In reality, it’s Tuesday for a lot of accounting firms.
Payment fraud is fast becoming an expected cost of doing business unless firms actively defend against it. According to the Association for Financial Professionals’ 2025 Payments Fraud and Control Survey, 79% of organizations experienced attempted payments fraud in 2024, holding roughly steady with 80% the year before. Those aren’t outlier numbers. They describe the everyday reality for the businesses that accounting firms serve.
The good news: automation and AI have changed what’s possible for firms willing to use them. The tools that used to be “nice to have” are now the difference between a close call and a genuine disaster.
A Story That Says It All
One accounting firm shared a case that illustrates the stakes perfectly. A client’s paper check was stolen, chemically “washed” to remove the ink, and then duplicated. The fraudulent checks didn’t stop after one attempt either. They kept surfacing, cashed in multiple states, over several months. Eventually, a detective sat down with the firm, the client, and the client’s legal and security teams to close the case.
The finding: not a single dollar was ever taken. Why? Because the payment platform’s own routing and account numbers appeared on the check, not the client’s actual bank account number. And every check was automatically run through Positive Pay, a service that matches payee names and amounts before a check clears. None of the fraudulent checks matched, so none of them cleared.
Compare that to a similar case just a month later, where a client’s check was stolen and washed outside of that protected workflow. That business is still recovering, and had to open an entirely new bank account to contain the damage.
Same type of fraud attempt. Two very different outcomes. The difference was the technology standing between the fraudster and the funds.
Why Employee Fraud Deserves Equal Attention
External fraud gets the headlines, but plenty of losses come from inside the building. Embezzlement by on-staff accountants is more common than most firms want to admit. A simple but effective defense is building workflows around the separation of duties. No single person should be able to initiate, approve, and release a payment alone. There’s a well-documented psychological effect at play here, too: people behave more honestly when they know their actions are visible and reviewed.
What to Look for in a Payments Technology Partner
Not all payment platforms are built with security as a first principle. When evaluating tools or advising clients on theirs, you should look for:
- Tokenization and encryption, so payment data is never stored in a form fraudsters can actually use, whether at rest or in transit
- AI-driven fraud detection that analyzes transaction patterns in real time and flags anomalies like sudden vendor bank-account changes, duplicate invoices, or unusually large payments
- Role-based access control (RBAC), so only the right people can initiate, approve, or release payments
- Automated vendor verification against trusted databases before funds ever go out
- Multi-factor authentication and secure vendor portals to protect identity at every login and transaction
Prevention, Detection, and Transparency, all wrapped up together
The strongest defense isn’t any single feature. It’s the combination of:
- Preventive automation: encryption, tokenization, and role-based permissions that stop problems before they start
- Detective AI: real-time anomaly and fraud monitoring that catches what slips through
- Transparent processes: audit trails and continuous reconciliation that make every transaction traceable
Together, these layers reduce manual risk, speed up processing, and create a genuine shield against fraud and error, and not just a checkbox compliance exercise. For firms wanting a broader framework to benchmark their own controls against, the NIST Cybersecurity Framework offers a widely respected, vendor-neutral starting point.
Cybersecurity Is a Client Service, Not Just an IT Task
For accounting firms, especially those offering Client Accounting Services (CAS), payment security should be core to the value you provide. Clients trust their accounting partner to protect their money as carefully as their books. Choosing technology and partners that take that responsibility seriously is one of the clearest ways firms can differentiate themselves.
It’s worth asking: does your current payments workflow rely on hope, or on layered, automated defense? The firms that can answer “defense” are the ones best positioned to protect their clients (and their own reputations) as payment fraud continues to climb.









