Keeping payments cyber-safe in the AI age

Payments01 Oct 2025

B2B payments expert Brandon Spear at TreviPay highlights the AI cyber-security threat facing the payments industry

The digitalisation of B2B transactions has greatly improved transparency and convenience, but it has also introduced new electronic vulnerabilities that cyber-criminals, now aided by AI, are increasingly exploiting. Centralised cloud systems, in particular, allow attackers to compromise multiple endpoints at once, magnifying the consequences of any breach.

More than one-third of online merchants experienced identity theft last year, and we expect that number to rise this year as AI advances.

AI fraud in B2B payments

Fraud in B2B transactions often doesn’t resemble the classic ‘stolen funds’ scenario. Instead, it frequently begins with identity misrepresentation, such as fraudsters posing as legitimate businesses to secure credit lines. A typical example might be a fake company ordering thousands of pounds’ worth of equipment and vanishing before payment, leaving the goods to surface later on resale sites.

As businesses digitise more of their operations, criminals are exploiting the shift. AI is giving them unprecedented scale: generating fake data, crafting persuasive phishing campaigns, and even developing sophisticated malware with minimal effort. What once demanded manual skill and technical expertise can now be largely automated.

This capability extends to business documents, too. Fraudsters can now spin up purchase orders, invoices, or payment instructions that are almost indistinguishable from the real thing. In organisations handling high transaction volumes or complex approval chains, these forgeries can easily slip past human review, something I’ve seen occur in practice.

Taking proactive defensive action

Every touchpoint in the order-to-cash cycle, from invoice creation to reconciliation, needs heightened vigilance. Traditional ERP systems are often ill-equipped for this new environment. They were built for an era when employee trust was assumed, workflows were predictable, and AI-driven attacks weren’t on the horizon. Today’s reality of AI-powered deception exposes vulnerabilities that older systems cannot cover.

One of the most immediate defences lies in stronger identity checks. Rigorous validation of payment cards, addresses, and counterparties, combined with multifactor authentication (MFA), helps block unauthorised access.

Furthermore, addressing these challenges requires not only sophisticated technology but also efficient processes for investigation and response. Because AI accelerates fraud, rapid detection and fast response are essential. So part of your defence must be real-time monitoring and analysis. Security teams must continuously analyse transaction data, spot anomalies, and flag suspicious activity for immediate review.

Partnerships can also be a force multiplier. A modular or composable approach, where certain security or credit risk functions are delegated to specialists, can significantly strengthen defences. Outsourced fraud-prevention services, for instance, bring expertise and advanced tools that many in-house teams can’t easily replicate.

Encouragingly, businesses can also fight fire with fire. Some organisations are deploying sophisticated technology not only to validate invoices and purchase orders, but also to authenticate payment instructions before they move through the system. Advanced payment platforms further enhance resilience by ensuring procurement and payment stages remain transparent, traceable, and auditable—making unauthorised alterations far harder to conceal.

A final word of caution

In building defences, one principle remains key: don’t let security suffocate efficiency. Controls must protect against fraud without overburdening legitimate transactions. Striking the right balance between safeguarding, usability, and cost ensures both resilience and a positive customer experience.

Ultimately, organisations that invest in modern technology, strengthen identity verification, and collaborate with fraud-prevention experts put themselves in the best position to stay ahead of evolving threats. With preparation, vigilance, and the right tools, businesses can outpace cyber-criminals, even in the AI age.

Brandon Spear is the CEO of global B2B payments and invoicing platform provider TreviPay

Main image courtesy of iStockPhoto.com and jariyawat thinsandee