Finance
Invoice Invasion: Defending the Finance Department From Hidden Fraud Risks | PYMNTS.com
Businesses can’t grow without getting paid, and businesses won’t get paid without an invoice.
But fraudsters have taken notice, capitalizing on the fact that the invoice, whether it’s digital or paper, represents one of a company’s most attractive attack surfaces.
Against this backdrop, invoice fraud is a rapidly growing threat, with cybercriminals and internal fraudsters increasingly finding ways to manipulate the payment process for illicit gain.
Invoice and vendor fraud can take many forms, from fake invoices sent by external cybercriminals to fraudulent activities carried out by employees with access to internal systems.
And as the contemporary threat landscape digitizes, with businesses becoming more reliant on digital transactions, the risk continues to rise, especially for companies with outdated systems or weak internal controls.
Cybercriminals have become adept at exploiting weaknesses in digital payment systems. Invoice fraud often starts with a phishing attack or a compromised email account. In these cases, attackers will intercept or spoof communications between businesses, posing as a legitimate vendor or supplier. They then send altered invoices or payment instructions, redirecting funds to fraudulent accounts.
For many B2B companies, these vulnerabilities have become a significant source of financial and operational risk.
Read more: Why Business Email Compromise Scams Target Valuable B2B Relationships
Outdated Systems and Weak Internal Controls: A Recipe for Disaster
The PYMNTS Intelligence report “Automating Accounts Payable for Cost Savings” found that 34% of businesses process more than 5,000 invoices per month. At the same time, separate PYMNTS Intelligence in the report “Getting Paid: Digital Payments for Improving Cash Flow and Customer Experience” found that 75% of companies still use paper checks.
Those two statistics underscore a growing gap in the payments industry: the disconnect between accounts payable (AP) workflows and payments, which can leave businesses vulnerable to inefficiencies and fraud.
That’s because manual and paper-based processes expose companies to risks such as invoice duplication, payment fraud and vendor impersonation. Paper-based systems also make it difficult to implement stringent security controls, while fragmented tech stacks may not offer effective safeguards.
Fraudsters “will call your back-office staff who are not trained in payments fraud prevention and try to communicate false information over the phone. And these staffers, they are great, smart, hardworking people, but they do not have the tools and that is why the fraudsters are attacking them,” Ernest Rolfson, founder and CEO of Finexio, told PYMNTS in an interview posted in July.
“Fraud is the biggest and most important thing we hear from customers today in B2B payments … They want more automation, as much as possible, and they want no fraud,” Rolfson added.
Read also: Unlocking the 3 Biggest Benefits of Automating Accounts Payable
Strategies for Prevention and Risk Mitigation
Data shows the average enterprise receives half of its invoices on paper, with nearly four in 10 (38%) of payments being made manually. Against this backdrop, over a third of firms (36%) cite automating their AP function as a key priority.
Companies that rely on manual processes and systems that are prone to human error and offer limited visibility into transactions can find that they’ve inadvertently made it easier for both external and internal fraudsters to exploit them.
“The inflexibility of traditional systems and platforms have prevented lots of companies from moving forward and keeping up,” Boost Payment Solutions Chief Operating Officer Illya Shell told PYMNTS.
Many businesses, especially small- to medium-sized businesses, also operate with limited financial oversight, allowing fraudulent invoices to slip through the cracks.
But advances in digital payments technology, including automated invoicing and payment platforms with built-in fraud detection capabilities, can help reduce the risk of human error and flag suspicious transactions in real time. These systems offer greater visibility into the payment process and can quickly identify anomalies, such as changes to bank account details or unusual payment requests.
Ultimately, the human layer of defense, as emphasized by many of the risk management leaders PYMNTS has spoken to, is increasingly critical in shrinking enterprise attack surfaces — making individual education around best practices crucial for a company’s own employees.
Developing strong relationships with trusted vendors and suppliers can also help reduce the risk of fraudulent invoices. Businesses should verify vendor details before making payments and regularly review supplier contracts to ensure that services are being rendered as agreed.
Looking ahead, as businesses invest in advanced technologies, strengthen internal policies and educate their employees on fraud risks, the future intersection of both payments automation and fraud prevention looks bright.
“There are a lot of changes happening across a lot of outdated or antiquated industries. We’re in a good space right now to see a lot of change,” Priority Head of Commercial Court Toomey told PYMNTS. “It’s ironic that one of the areas for most companies that is the most outdated are their financial tools, when just a small investment from that same team can go a long way in improving efficiency and also cost savings.”
Photographer: Christopher Dilts/Bloomberg
© 2025 Bloomberg Finance LP
Crypto has always traded on a different clock. Bitcoin does not close for weekends, liquidity does not pause for holidays, and leverage does not wait for clearing desks to reopen on Monday morning. For years, that difference helped separate crypto-native venues from regulated financial infrastructure.
That separation is narrowing. CME Group said its regulated cryptocurrency futures and options will be available for 24-hour, seven-day trading beginning May 29, pending regulatory review, with trading continuing on CME Globex except for a weekly maintenance window. The move is more than an operational extension. It is a sign that traditional finance is being pulled toward the market structure crypto normalized first.
The harder question is not whether institutions can trade crypto around the clock. They already can, through offshore venues, prime brokers, market makers, and liquidity providers. The harder question is whether regulated finance’s clearing, custody, surveillance, privacy, and risk systems can operate in markets where leverage, information, and volatility never really switch off.
Crypto’s 24/7 derivatives era is not simply making digital assets look more institutional. It is forcing traditional finance to become more continuous.
Derivatives are becoming crypto’s institutional layer
The center of gravity in crypto markets has been moving away from simple spot trading for years. Spot markets still matter, especially for retail flows, exchange liquidity, and ETF-related demand. But derivatives are where much of the institutional market now expresses risk, hedges exposure, prices volatility, and manages leverage.
That shift is visible in the data. CCData’s January 2026 Exchange Review reported combined centralized exchange volumes of $5.26 trillion, while spot trading accounted for $1.27 trillion. The implication is clear: derivatives represented the majority of centralized exchange activity that month.
This matters because derivatives do not just reflect price discovery. In crypto, they increasingly shape it. Futures, perpetual swaps, and options influence liquidity, funding rates, volatility expectations, and institutional positioning. When derivatives become the dominant venue for market expression, trading hours become less a convenience issue and more a structural one.
That is why CME’s move is significant. Regulated access is no longer just about listing a bitcoin or ether contract. It is about matching the operating rhythm of the asset itself.
CME also said client demand for digital asset risk management helped drive a record $3 trillion in notional cryptocurrency futures and options volume in 2025. That is not a fringe market asking for extended access. It is a regulated derivatives marketplace responding to institutional demand for more continuous risk management.
Continuous trading still runs into legacy settlement
The tension is that continuous execution does not automatically mean continuous settlement. CME’s model extends trading access, but it still preserves familiar institutional mechanics. Weekend and holiday trades are assigned the next business day’s trade date, and clearing, settlement and regulatory reporting continue to flow through the next business day framework.
That is the bridge traditional finance is trying to build: crypto-speed execution on top of regulated market infrastructure. It is a practical compromise, but also a revealing one. Crypto markets solved for continuous trading first and institutional controls second. Traditional finance is trying to do the reverse.
There are good reasons for that. Regulated derivatives markets cannot simply discard reporting obligations, margin discipline, risk controls, and clearing protocols. Their value proposition is precisely that institutions can trade within a transparent, supervised framework.
But always-on markets compress the time available to react. A move that happens on a Sunday morning can affect collateral needs, counterparty exposures, hedge ratios, and liquidity conditions before traditional workflows fully resume. In that environment, operational readiness becomes part of market structure.
The next competitive edge may not be who lists the product first. It may be who can monitor risk, margin exposure, custody flows, and compliance exceptions in real time without weakening the controls institutions rely on.
Transparency becomes a risk surface
Crypto’s always-on design also introduces a second challenge: information moves continuously too. Public blockchains make settlement visible, auditable, and difficult to falsify. That can reduce certain intermediary risks. But the same transparency can expose flows that businesses would normally treat as confidential.
“It does both simultaneously,” said Natalie Newson, Senior Blockchain Investigator at CertiK, when asked whether public blockchain transparency reduces systemic risk or creates new attack surfaces. “Settlement finality is also publicly auditable,” she said, but “front-running and MEV are persistent issues in blockchain.”
That duality is central to the institutional adoption question. Public auditability is useful when markets need trust in settlement. It is less straightforward when market participants reveal treasury movements, collateral positioning, payroll flows, or supplier payments in real time.
Newson framed the business risk directly. “If your treasury wallet is known, and on-chain, it eventually becomes known, counterparties, suppliers, and competitors can watch your liquidity position in real time,” she said.
For trading firms, that visibility can affect execution. For corporations, it can expose working capital strategy. For institutions, it can turn settlement infrastructure into a source of market intelligence for competitors. In a 24/7 derivatives environment, information leakage does not wait for office hours either.
This is where the conversation moves beyond cybersecurity. The issue is not just hacks, exploits, or smart contract vulnerabilities. It is whether an always-on financial system can protect commercially sensitive behavior while preserving the auditability that makes blockchain infrastructure useful in the first place.
Privacy is becoming part of market infrastructure
The early crypto argument treated transparency as a feature. That was true for open monetary networks and early DeFi systems, where public verification helped establish trust. But what works for a speculative or experimental market does not automatically work for enterprise finance.
“Transparency becomes a structural constraint the moment a business tries to use blockchain for real operations,” said Varun Kabra, Chief Growth Officer of Concordium. “Payroll, supplier contracts, treasury flows, pricing structures, these are not marketing data points.”
That is the institutional bottleneck hiding inside the 24/7 trading conversation. It is not enough for markets to stay open. The systems around those markets need ways to prove identity, authorization, eligibility, and compliance without exposing more information than necessary.
Kabra’s broader point is that the next phase of adoption depends on combining privacy with accountability. “The next phase of adoption won’t come from arguing with regulators,” he said. “It will come from building systems where privacy and accountability coexist by design.”
That logic is already moving beyond financial markets. Concordium’s partnership with the Danish Ice Hockey Union includes a Verified Fan Programme using zero-knowledge proofs and an Agentic Commerce initiative around verified AI agents, showing how users or automated agents could prove access rights or authorization without disclosing unnecessary personal data.
The sports example is not the point. The infrastructure pattern is. As markets become more automated and more continuous, identity and selective disclosure become part of the same control stack as margining, custody, and surveillance.
Traditional finance is learning to operate on crypto’s clock
The obvious reading of CME’s 24/7 move is that crypto is becoming more institutional. That is true, but incomplete. The more interesting reading is that traditional finance is beginning to adopt pieces of crypto-native market structure because client demand, volatility, and liquidity have already moved in that direction.
This does not mean regulated finance will become decentralized. It will not. Institutions still need clearinghouses, custodians, reporting systems, market surveillance, and legal accountability. What changes is the cadence. Risk systems that were designed around market closes and business-day workflows will need to function in a market where exposure changes continuously.
That transition will not happen all at once. Execution hours can expand faster than settlement systems. Trading access can move faster than compliance architecture. Liquidity can move faster than privacy standards. The result is a hybrid market structure: crypto assets trading on a crypto clock, through increasingly regulated venues, with traditional finance rebuilding its control layer around a more continuous environment.
For investors, this means crypto derivatives are becoming more than a trading product. They are becoming the test case for how legacy market infrastructure adapts to always-on finance.
The next phase of institutional crypto adoption will not be defined only by which assets get listed or which venues gain market share. It will be defined by whether the financial system can manage risk, identity, privacy, and settlement at the speed crypto markets already demand.
RALEIGH, N.C. (WTVD) — Families are navigating the already stressful college planning process, and a new set of financial grades is prompting many to look more closely at the stability of the schools they are considering.
Forbes’ annual financial report card for private, nonprofit colleges and universities is putting a spotlight on how well schools can manage their finances. The rankings are based on each institution’s ability to cover immediate expenses with cash on hand — a measure that is increasingly resonating with parents.
In the Triangle, the grades vary widely. Duke University received an A+, while Meredith College earned a B-. Shaw University was rated C-, and Saint Augustine’s University received a D.
For families, those grades are becoming an important part of the decision-making process, alongside academic and campus life.
“This college experience is much more than the books and the tuition,” Wake Forest parent Meranda Van Ningen said.
Van Ningen said a school’s financial condition is now a key factor as she — and many other parents — evaluate long-term value and security.
“We had to really lean in and ask the questions, make sure that we were getting the answers we appreciated,” she said. “They want us. They want our money to come in and to pay for that next year.”
She said the financial grades offer insight into how well schools can navigate economic challenges.
“Show that they can handle this tough, tough economy, to be honest, and that they know how to roll with it because campuses have good years and bad years as well,” Van Ningen said.
Financial planners say that shift in focus is well-founded, especially as some colleges across the country face financial strain or closure.
“A lot of smaller colleges are closing throughout the country,” said Gray Pendleton, president of Pendleton Financial. “I think it’s important to look at the financial health of the school.”
Experts say the added scrutiny reflects the high stakes of higher education, often one of the largest investments a family will make. Along with reviewing financial grades, they encourage families to thoroughly research institutions before committing.
They also stress the importance of early financial preparation to manage rising costs.
“Even like, $10 to $100 a month,” Pendleton said. “The NC 529 savings plan is great. And that’s an aggressive, age based plan. That’s a good opportunity.”
As financial grades draw more attention, families are increasingly weighing not just where students will thrive academically, but also which schools are best positioned to remain financially secure over the long term.
Copyright © 2026 WTVD-TV. All Rights Reserved.
Investors and analysts said the market was moving beyond the smaller hotel conversions that dominated the past two years, with more sizeable transactions expected as financing conditions improve, distressed sales accelerate, and buyers hunt for assets capable of generating stable income.
“This year and next year, there will be more sizeable transactions,” said Kavis Ip, CEO of Centaline Investment.
Unlike earlier student housing projects typically backed by smaller private investors, the Regal deal was structured with an equity partner and sized for eventual exit to institutional buyers such as insurers, sovereign wealth funds and private equity firms.
“We always wanted to do deals of this size,” Ip said. “Large institutional-grade assets create a completely different buyer pool when you eventually exit.”
-
Washington, D.C7 minutes agoAPPLY NOW: The College Fix’s paid fall 2026 D.C. journalism fellowships | The College Fix
-
Cleveland, OH10 minutes agoCavaliers Already Have Obvious General Manager Replacement for Mike Gansey
-
Austin, TX15 minutes ago
UC Santa Barbara Baseball Drops 6-4 Nailbiter to Texas at Austin Regional Final
-
Alabama22 minutes agoAlabama troopers launch 101 Days of Summer Safety campaign
-
Alaska25 minutes agoReporting From Alaska- Don’t be fooled by ‘Build the Line!’ propaganda
-
Arizona37 minutes agoArizona to start seeing average 100-degree highs ahead of June
-
Arkansas40 minutes agoArkansas baseball notebook: Pitching depth catches up with Razorbacks in Kansas | Whole Hog Sports
-
California45 minutes ago‘Sneaker wave’ sucks California fisherman out to sea
