Home/Blog/Finance & Accounting
Finance & Accounting Automation

The 2026 Payments Fraud Playbook: Deterministic AI Controls vs Manual Review

Payments fraud hit 76% of organizations last year, business email compromise struck nearly three in four, and attackers now clone executives’ voices to authorize fraudulent transfers. Against this, most finance teams still rely on manual review — and only 17% use AI to fight fraud at all. Closing that gap is less about detection software than about making controls consistent, automatic, and auditable.

Kognitos 14 min read
The 2026 payments fraud playbook: the threat picture (76% hit, 74% BEC, deepfakes emerging, checks top target) and the five-move defense built on deterministic AI controls that enforce verification and approval discipline consistently, versus inconsistent manual review. By Kognitos.

Payments fraud hit 76% of organizations last year, business email compromise struck nearly three in four, and attackers now clone executives’ voices to authorize fraudulent transfers. Against this, most finance teams still rely on manual review — the human who checks the payment — and only 17% use AI to fight fraud at all. The gap between how fraud works now and how most teams defend against it is the subject of this playbook, and closing it is less about detection software than about making controls consistent, automatic, and auditable.

TL;DR

Payments fraud remains pervasive and is getting more sophisticated. The 2026 AFP Payments Fraud and Control Survey found 76% of organizations experienced attempted or actual payments fraud in 2025, with business email compromise (BEC) affecting 74% (a significant increase), and checks remaining the most-targeted method at 58%. For the first time, the survey examined AI-enabled fraud, including deepfake voice and video used to impersonate executives and vendors — a threat manual review is poorly equipped to catch. Yet only 17% of organizations use AI to combat fraud, a striking gap between the threat and the defense.

The core argument: fraud prevention is now an operating model, not a single control, built on verification, disciplined approvals, and timely detection, and reinforced by technology. The question is not manual review versus AI in the abstract, but how to make the fundamentals (verifying payees and bank details, enforcing approval discipline, detecting anomalies) consistent and reliable at the speed and scale payments now move. Manual review fails not because humans are careless but because manual controls are inconsistent: a tired approver, a convincing deepfake, a skipped verification under time pressure, and the control gap opens.

This is where deterministic AI controls differ from both manual review and probabilistic detection. Deterministic controls enforce the verification and approval rules the same way every time, with no fatigue, no shortcut under pressure, and a complete audit trail of every check performed, while still escalating genuine exceptions to humans for judgment. Unlike a probabilistic fraud score, every decision is explainable and reconstructable.

The playbook: harden the fundamentals, automate them deterministically so they fire every time, reserve human judgment for genuine exceptions, and keep a complete audit trail. For the related vendor-data fraud angle, see The Top AI Tools for Vendor Management and Supplier Onboarding in Finance.

The 2026 payments fraud picture

The data describes a threat that is widespread, persistent, and evolving. According to the 2026 AFP Payments Fraud and Control Survey, conducted in January 2026 among 465 treasury practitioners, 76% of US organizations experienced attempted or actual payments fraud in 2025. While slightly down from the prior year, this remains an elevated level, and larger organizations, particularly those with fewer payment accounts, face heightened exposure.

The threat vectors are clear. Business email compromise affected 74% of organizations in 2025, a significant increase from 2023 and 2024, making it the leading fraud channel. BEC works by impersonating a trusted party — an executive, a vendor — to induce a fraudulent payment or a change to bank details. Checks remain the payment method most frequently targeted, with 58% of organizations reporting check fraud, and despite this, 72% of organizations using checks plan to continue, often because vendors require them. So the most-targeted instrument is one most companies cannot abandon.

The newest and most concerning development: for the first time, the AFP survey examined the impact of AI-enabled fraud and deepfake technologies, highlighting growing concern about voice and video used to impersonate executives, vendors, and other trusted parties. This is a step-change in the threat. An attacker no longer needs a convincing email; they can clone a CFO’s voice to authorize a wire or deepfake a video call. Research on voice cloning has found people distinguish real from fake voices barely better than chance, which makes the human, the manual reviewer, an unreliable last line of defense against this category of fraud.

Against all this, the defensive gap is stark: only 17% of organizations use AI to combat payments fraud. The threat is escalating and getting AI-powered, while the defense remains overwhelmingly manual. That gap is the problem this playbook addresses.

Why manual review falls short

Manual review — a person checking and approving payments — is the default control in most organizations, and it is failing not because people are careless but because manual controls have structural weaknesses that fraud exploits.

Manual controls are inconsistent. A human approver applies scrutiny that varies with workload, time of day, fatigue, and pressure. The verification that happens carefully on a quiet morning gets shortcut on a busy afternoon when a payment is marked urgent, which is exactly the pressure attackers engineer with their “the CEO needs this wire now” tactics. A control that is applied rigorously only some of the time is a control with predictable gaps, and fraud finds them.

Manual review does not scale with payment velocity. As payment volume grows and payments move faster, the time available for genuine human scrutiny of each one shrinks, so manual review becomes either a bottleneck or a rubber stamp. Neither protects against fraud.

Manual review is increasingly outmatched by AI-enabled fraud. When an attacker can deepfake an executive’s voice convincingly enough that humans cannot reliably tell it is fake, the human reviewer’s judgment — the thing manual review relies on — is precisely what the attack defeats. Manual verification of a request that appears to come from a trusted, recognizable executive is no longer reliable when that appearance can be synthesized.

This does not mean humans have no role — they remain essential for genuine judgment on real exceptions. It means relying on manual review as the primary control is a mismatch against the 2026 threat: inconsistent where fraud needs only one gap, unscalable as payments accelerate, and outmatched by synthetic impersonation. The fundamentals AFP identifies — verification, disciplined approvals, timely detection — are correct, but they have to be applied consistently and at scale, which is exactly what manual application cannot guarantee.

Deterministic AI controls vs probabilistic detection vs manual review

“Using AI against fraud” is not one thing, and the distinction matters for finance specifically. There are three approaches, and they are not equivalent.

Manual review relies on a human applying controls. Its strength is genuine judgment; its weaknesses, as above, are inconsistency, poor scaling, and vulnerability to sophisticated impersonation.

Probabilistic AI detection uses machine learning to score transactions for fraud risk, flagging anomalies for review. Its strength is catching patterns humans miss and surfacing suspicious activity at scale, and AFP found organizations using AI reported better deepfake detection (45%) and real-time identification (43%). Its weakness for finance is that a probabilistic score is not an explanation: it says a transaction is 87% likely to be fraudulent without a reconstructable reason, which is hard to act on confidently, hard to audit, and prone to false positives that erode trust. It is valuable for detection but weak on auditability and consistency of enforcement.

Deterministic AI controls enforce defined verification and approval rules automatically and identically every time. Rather than scoring risk probabilistically, they execute the control: verify the payee against the approved master record, confirm bank details match and any change went through change control, enforce that the required approvals are present, check the payment against policy, and escalate to a human only when a genuine exception arises. Their strength is consistency (the control fires every time, with no fatigue or shortcut), scalability (rules execute at machine speed), and auditability (every check performed is logged with the rule applied, fully reconstructable). Their limit is that they enforce defined controls rather than discovering novel patterns, which is why they complement rather than replace detection.

The 2026 answer is not one of these but the combination AFP describes as an operating model: deterministic controls enforcing the fundamentals consistently, probabilistic detection surfacing novel anomalies, and human judgment reserved for genuine exceptions. The piece most organizations are missing is the deterministic enforcement layer, because manual review cannot apply the fundamentals consistently and probabilistic scoring alone does not enforce them. Making verification and approval discipline automatic, consistent, and auditable is the gap between the 17% using AI and the controls the threat now requires. (On why a score is not an audit trail, see When Confidence Scores Lie; on the architecture behind deterministic controls, What is Neurosymbolic AI?)

The payments fraud playbook for 2026

Five moves, building on the fundamentals AFP identifies, with deterministic enforcement as the through-line.

1. Harden the fundamentals: verification and approval discipline

The base of fraud prevention is verifying who you are paying and ensuring the right approvals occurred. Verify payee identity and bank details against an approved, governed master record. Require and enforce appropriate approval thresholds. Confirm that the payment matches a legitimate, approved obligation. These fundamentals stop most fraud, including BEC, when applied consistently, because BEC ultimately relies on getting a payment or a bank-detail change approved without proper verification.

2. Lock down bank-detail changes with change control

Because BEC and vendor impersonation frequently target bank-detail changes, treat every change to payee bank details as a controlled event: verified through an independent channel (not the one the request came in on), validated, and documented — never an ad-hoc update. This single discipline closes the most common BEC payoff path. It connects directly to vendor master-data quality, covered in The Top AI Tools for Vendor Management and Supplier Onboarding in Finance.

3. Automate the controls deterministically so they fire every time

This is the core move and the one that addresses manual review’s central weakness. Rather than relying on a human to apply verification and approval discipline perfectly every time, automate these controls so they execute identically on every payment, regardless of workload, urgency, or pressure. Deterministic automation means the verification happens on the “urgent” afternoon payment exactly as it does on the quiet morning one, removing the inconsistency fraud exploits, and it removes the human-judgment surface that deepfakes target, because the control is verifying facts (does this bank detail match the governed record, did this change go through change control) rather than judging whether a voice or email seems genuine.

4. Reserve human judgment for genuine exceptions

Automating the fundamentals does not remove humans; it focuses them. With deterministic controls handling routine verification consistently, human attention goes to the genuine exceptions the controls escalate — the cases that actually need judgment — rather than being spread thin rubber-stamping every payment. This is both better fraud prevention (human scrutiny where it matters) and better use of finance staff. Pair it with probabilistic detection to surface novel anomalies the defined rules would not catch.

5. Keep a complete, reconstructable audit trail

Every control check and every decision should be logged — what was verified, what rule applied, why a payment was approved or held — so the entire control process is reconstructable. This matters for three reasons: it satisfies the audit and regulatory scrutiny that payments controls attract (including under frameworks like the US Treasury’s 2026 AI Risk Management Framework, discussed in AI Treasury Management), it enables investigation and recovery when fraud does occur, and it is what distinguishes a defensible control from an opaque one. A probabilistic score cannot provide this; a deterministic control logs exactly what it checked. (For the broader requirement, see AI Audit Trail Requirements.)

Where deterministic AI fits, honestly

A note on where this connects to Kognitos, in the honest spirit the topic demands. Fraud prevention is a broad operating model involving banking partners, dedicated fraud-detection tools, treasury controls, and employee training, and no single platform is the whole answer. Dedicated fraud-detection systems (often probabilistic, often provided by banks and specialized vendors) play an important role in surfacing anomalies, and organizations should use them.

Where a deterministic agentic platform like Kognitos fits is the enforcement layer: applying the verification, approval, and change-control rules consistently and automatically across finance processes, with every check logged and reconstructable. Because Kognitos executes defined controls deterministically (the same inputs produce the same control outcome every time) and in plain language with a full audit trail, it is suited to making the fundamentals — payee and bank-detail verification, approval discipline, change control — consistent at scale, which is the gap manual review leaves. It is not a dedicated fraud-detection product and does not replace bank fraud tools or probabilistic anomaly detection; it addresses the consistency-and-auditability of control enforcement, which is the piece the data suggests most organizations are missing. The honest framing: deterministic enforcement is one essential layer of the operating model AFP describes, alongside detection and human judgment, not a silver bullet.

Book a working session with a Kognitos solutions engineer → Try Kognitos free →

Putting it together

The 2026 payments fraud picture — 76% of organizations hit, BEC up sharply, deepfakes emerging, checks still the top target — describes a threat that has outpaced the manual review most organizations still rely on. The answer the data points to is not manual review and not probabilistic AI alone, but an operating model built on consistent fundamentals: verifying payees and bank details, enforcing approval discipline, controlling changes, and detecting anomalies, applied reliably at the speed payments now move. Manual review cannot apply those fundamentals consistently, which is the gap fraud exploits, and deterministic AI controls close it by enforcing the rules the same way every time, escalating genuine exceptions to humans, and logging everything for audit. With only 17% of organizations using AI against fraud today, the deterministic enforcement layer is the most underused defense available, and the one this playbook argues finance teams should prioritize.

Frequently Asked Questions

Payments fraud remains pervasive. The 2026 AFP Payments Fraud and Control Survey found that 76% of US organizations experienced attempted or actual payments fraud in 2025, a slight decline from the prior year but still an elevated level, with larger organizations facing heightened exposure. Business email compromise was the leading channel, affecting 74% of organizations, a significant increase from prior years, and checks remained the most-targeted payment method at 58%. Notably, the 2026 survey examined AI-enabled fraud and deepfake technologies for the first time, reflecting growing concern about voice and video impersonation of executives and vendors. Despite this widespread and evolving threat, only 17% of organizations reported using AI to combat payments fraud, indicating a substantial gap between the sophistication of the threat and the defenses most organizations have deployed.
Business email compromise (BEC) is the leading payments fraud channel, affecting 74% of organizations in 2025 according to the 2026 AFP Payments Fraud and Control Survey, a significant increase from prior years. BEC works by impersonating a trusted party, typically an executive or a vendor, to induce a fraudulent payment or a change to bank account details, often using urgency and authority to pressure the target into bypassing normal verification. By payment method, checks are the most frequently targeted, with 58% of organizations reporting check fraud, and they remain vulnerable partly because many organizations continue using checks due to vendor requirements. An emerging and growing concern is AI-enabled fraud, including deepfake voice and video used to impersonate trusted parties more convincingly than traditional BEC emails, which the 2026 survey examined for the first time. These threats share a common mechanism: getting a payment or bank-detail change approved without proper verification.
Manual review falls short not because people are careless but because manual controls have structural weaknesses. They are inconsistent: a human approver’s scrutiny varies with workload, fatigue, and pressure, so verification that happens carefully at one time gets shortcut under the urgency attackers deliberately engineer. They do not scale: as payments grow in volume and speed, the time for genuine scrutiny of each one shrinks, turning review into either a bottleneck or a rubber stamp. And they are increasingly outmatched by AI-enabled fraud: when attackers can deepfake an executive’s voice convincingly enough that humans cannot reliably distinguish real from fake, the human judgment manual review depends on is exactly what the attack defeats. Humans remain essential for genuine judgment on real exceptions, but relying on manual review as the primary control leaves predictable gaps that fraud exploits, which is why consistent, automated enforcement of the fundamentals is needed alongside human judgment.
Probabilistic AI detection uses machine learning to score transactions for fraud risk and flag anomalies, which is valuable for catching novel patterns and suspicious activity at scale. Its limitation for finance is that a probabilistic score is not an explanation: it indicates a transaction is, say, 87% likely fraudulent without a reconstructable reason, which is hard to act on confidently and hard to audit. Deterministic AI controls instead enforce defined verification and approval rules automatically and identically every time: verifying payees and bank details against approved records, confirming required approvals, checking changes went through change control, and escalating genuine exceptions to humans. Their strengths are consistency (the control fires the same way every time), scalability, and auditability (every check is logged with the rule applied and is fully reconstructable). The two are complementary: probabilistic detection surfaces novel anomalies, while deterministic controls consistently enforce the fundamentals, and the strongest approach combines both with human judgment for exceptions.
AI helps prevent BEC most effectively by enforcing the verification and approval controls that BEC relies on bypassing. Since BEC works by impersonating a trusted party to get a payment or bank-detail change approved without proper verification, deterministic controls that automatically verify payee and bank details against approved records, require independent-channel confirmation of bank-detail changes, and enforce approval discipline, every time, regardless of how urgent or authoritative the request appears, close the path BEC exploits. This is more reliable than relying on a human to detect the impersonation, especially as AI-enabled deepfakes make impersonations harder for people to catch. Probabilistic AI detection also contributes by flagging anomalous payment requests and patterns. The key insight is that BEC defense should not depend primarily on a human recognizing a fraudulent request, which deepfakes increasingly defeat, but on consistently enforcing the verification that makes the fraudulent request fail regardless of how convincing it is.
There is no single most effective control, because fraud prevention in 2026 is an operating model rather than one control, built on verification, disciplined approvals, and timely detection, reinforced by technology. That said, the highest-leverage fundamentals are rigorous payee and bank-detail verification and disciplined change control over bank-detail changes, because these close the path that BEC, the leading fraud channel, depends on. The critical addition is enforcing these controls consistently, which is where deterministic automation matters: a control applied rigorously only some of the time has predictable gaps. So the most effective approach combines hardened fundamentals (verification, approval discipline, change control), deterministic automation so those controls fire on every payment without exception, probabilistic detection to surface novel anomalies, human judgment reserved for genuine exceptions, and a complete audit trail. The consistency of enforcement is often the missing piece, since only 17% of organizations currently use AI to make their controls reliable at scale.
Deepfakes significantly raise the risk because they defeat the human judgment that manual fraud controls rely on. Traditional BEC used emails, which a careful person might recognize as suspicious; AI-enabled fraud lets attackers clone an executive’s voice or create deepfake video to impersonate trusted parties far more convincingly. Research on voice cloning has found people can distinguish real from fake voices only slightly better than chance, which means a human asked to verify a request that appears to come from a recognizable executive can no longer reliably do so when that appearance can be synthesized. The 2026 AFP survey examined this threat for the first time, reflecting growing concern. The implication is that fraud defense should shift away from depending on humans to detect impersonation and toward consistently enforcing factual verification controls, confirming bank details against governed records and routing changes through independent verification, that make a fraudulent request fail regardless of how convincing the impersonation is.
Kognitos is not a dedicated fraud-detection product and does not replace bank fraud tools or probabilistic anomaly-detection systems, which play an important role and should be used. Where Kognitos contributes is the control-enforcement layer: it applies verification, approval, and change-control rules consistently and automatically across finance processes, with deterministic execution (the same inputs produce the same control outcome every time) and a complete, plain-language audit trail of every check performed. This addresses a specific and common gap, the inconsistency of manually applied controls, by making the fundamentals like payee and bank-detail verification and change control fire reliably on every payment regardless of urgency or workload, and by keeping every control decision reconstructable for audit and investigation. In the operating-model view of fraud prevention, Kognitos is suited to the deterministic enforcement layer, working alongside probabilistic detection and human judgment rather than replacing them. It is one essential component of a fraud-prevention operating model, not a complete fraud solution on its own.

Related reading

Last updated: June 2026. Statistics are from the 2026 AFP Payments Fraud and Control Survey (conducted January 2026 among 465 treasury practitioners, underwritten by Truist) as publicly reported, and other cited sources. Figures should be validated against the primary source. This article is informational and does not constitute financial, security, or compliance advice.

K
Kognitos
Kognitos

Manual review is inconsistent. Fraud needs only one gap.

BEC and deepfakes defeat the human judgment manual review depends on. Kognitos enforces payee and bank-detail verification, approval discipline, and change control deterministically — the same way on every payment, with a complete audit trail behind every check, while escalating genuine exceptions to people.

Book a Working Session
Or try it free →