2 February 2026

^{Trustpair CEO Baptiste Collot}

 

AI-powered fraud is accelerating faster than most enterprise defenses can keep pace with, exposing a growing mismatch between the scale of modern attacks and the manual controls still embedded in corporate finance operations. In an exclusive interview with MoveTheNeedle.news, Baptiste Collot, co-founder and CEO of Trustpair, explains how generative AI has reshaped the fraud threat landscape and why many organizations remain structurally exposed. His analysis accompanies new Trustpair research published in late 2025, based on a survey of 250 CFOs and senior finance executives at large U.S. enterprises.

The findings point to a systemic problem. Seventy-one percent of surveyed companies reported an increase in AI-powered fraud attempts over the past 12 months. Nearly half still rely primarily on manual checks to prevent fraud. One in four organizations reported six-figure fraud losses, 45% said responding to a single incident took multiple days, and 17% indicated fraud-related mistakes led to employee terminations.

A confidence gap in vendor data

A central theme in Trustpair’s research is the disconnect between perceived control and operational reality. While many companies express confidence in their vendor data, fraud losses continue to rise. Collot attributes this to an overreliance on static assumptions.

“The confidence gap starts because vendor data appears stable within systems, but it isn’t continuously monitored or proven to be accurate. Finance teams often assume the master file is trustworthy because it’s structured and ‘approved,’ yet fewer than a third continuously monitor its accuracy.”

As enterprise payment environments accelerate, that assumption becomes increasingly risky. “This gap continues to grow because, at the same time, AI is making fraudsters' jobs easier to fly under the radar, undetectable by humans and manual controls,” Collot said. “Fraud thrives in the gaps between controls; when supplier details change, when processes move quickly and when no one is validating that the data is still correct in real time.”

Fraud operating at machine scale

Generative AI has not introduced entirely new fraud channels, but it has dramatically increased their effectiveness. Business Email Compromise (BEC) remains the most common attack vector, affecting 62% of organizations, followed by phone impersonation and fake websites.

“Gen AI has changed fraud from ‘spot the suspicious message’ to high-volume, highly believable, undetectable impersonation that blends into normal workflows,” Collot explained.

The result is a threat environment in which fraudulent requests increasingly resemble legitimate operational activity. Even experienced finance teams struggle to detect attacks that arrive with the right tone, timing, and context.

Despite this shift, manual controls remain widespread. Trustpair’s data shows reliance on manual validation declined from 69% to 48% year over year, yet nearly half of enterprises still depend on human review as their primary defense.

Why manual verification fails in an AI-driven environment

Callbacks and email confirmations have long been considered best practice, but Collot argues they are no longer sufficient safeguards: “Callbacks and email confirmations assume the person you’re interacting with is legitimate, and in an AI-driven fraud environment, that’s no longer a safe assumption."

He described scenarios in which traditional controls validate communication rather than payment legitimacy. “Companies might receive an email from a supplier's legitimate address requesting a change to banking details. The sender address checks out, the signature matches, even a callback to the known contact number confirms the request, but fraudsters have compromised their email account and are responding as them.”

In these cases, every manual step succeeds while the payment destination remains fraudulent. “Every manual verification step passes, yet the bank account details are fraudulent,” Collot said. “The only way to detect this is by validating the actual account ownership, not the communication channel.”

Scale compounds the issue. Large enterprises manage thousands of suppliers and process frequent updates across onboarding, invoicing, and payments. Manual reviews are episodic by design, creating predictable exposure windows.

Fraud exploits operational disruption

Trustpair’s research shows that fraud is most likely to succeed during periods of operational change, when speed takes precedence over control.

“The AI-driven fraud most likely to slip past experienced teams is the fraud that rides on top of real operational disruption,” Collot said.

Over the past year, 18% of surveyed companies changed suppliers, and 14% accelerated nearshoring or reshoring initiatives. These shifts increase the volume of vendor data changes and compress validation timelines.

“These are exactly the kinds of ‘emergency mode’ conditions in which normal controls get bypassed, and fraudsters know to capitalize."

At the same time, the overall threat level continues to rise. “Seventy-one percent of organizations reported an increase in AI-powered fraud attempts, Fraudsters are exploiting the gaps this creates across the procure-to-pay process because when vendor data is changing fast, and verification is still manual or episodic, it’s easier to redirect a payment without triggering suspicion.”

A structural weakness in enterprise data

Beyond individual incidents, the report identifies a broader structural issue. Vendor data is often fragmented across ERP, procurement, and payment systems, validated at onboarding and rarely revisited. Only 32% of surveyed companies validate vendor bank account details continuously or in real time.

This leaves extended exposure between data changes and payment execution. In faster payment environments, a single unverified update can result in an irreversible loss.

Regulatory pressure is increasing. Nacha’s March 2026 requirements will mandate upfront account validation for ACH payments, reinforcing existing internal control expectations such as SOX compliance. Yet nearly half of surveyed companies said they were unaware of the upcoming rules, and 13% reported having no vendor bank-account validation process at all.

Automation moves from option to requirement

While the risks are growing, Trustpair’s research shows early signs of change. Half of surveyed companies increased fraud-prevention budgets in 2025. Adoption of automated account validation tools rose modestly, from 31% to 34%.

For Collot, this reflects a necessary shift in mindset. “The biggest weakness is that companies are still fighting AI-powered fraud with manual, human-only defenses. AI didn't just make fraud more sophisticated; it made it scalable.”

Training remains important—54% of organizations prioritize fraud awareness—but automation is increasingly seen as essential. “Thirty-nine percent already view automation as one of the most impactful improvements they can make to reduce human error,” Collot pointed out.

The goal, he stressed, is balance. “Training builds awareness and is absolutely essential. But automation is what makes fraud prevention consistent, scalable and tireless.”

Redesigning fraud prevention

Collot argues that enterprises must move beyond incremental improvements: “Enterprises need to shift their fraud model from reactive, manual to continuous, automated, starting with the data that drives payments."

In this model, automation handles end-to-end validation, real-time checks, and anomaly detection, while human oversight focuses on exceptions, approvals, and escalation. “When automated account validation becomes a built-in safeguard across procurement and finance, teams can move quickly without creating openings for fraudsters."

Continuous validation as a baseline

Continuous bank account validation, once considered an advanced capability, is becoming a baseline requirement.

“Vendor payment data is no longer static, and fraud is no longer easily detectable nor slow,” Collot said. “As payments accelerate and supplier environments change, a single unverified update can turn into a misdirected payment before teams even realize something is wrong.”

As a result, “the future standard is always-on verification,” he added.

Preparing for Nacha 2026

For companies preparing for Nacha 2026, Collot’s recommendation is explicit. “Make vendor bank account validation a built-in, automated control before payments are sent. Nacha 2026 is pushing companies to move from a good-faith effort to demonstrating a consistent, documented line of defense that's audit-ready with traceable documentation of every verification. The most effective way to get there is to operationalize upfront account validation at the moments that matter most.”

An inflection point for enterprise finance

Trustpair’s research points to an inflection point for enterprise finance and fraud prevention. AI has transformed fraud into a machine-speed threat, exposing the limits of manual controls and episodic validation. While awareness and investment are increasing, the gap between attack sophistication and defensive maturity remains significant.

For finance leaders, the question is no longer whether fraud prevention must evolve, but how quickly organizations can transition from human-scale defenses to controls designed to operate at the same speed as the threat.

 

Liked this article? You can support our independent journalism via our page on Buy Me a Coffee. It helps keep MoveTheNeedle.news focused on depth, not clicks.