Finance & Accounting Automation

Why Only 17% of Companies Use AI to Fight Payments Fraud

It is one of the most striking gaps in finance right now: payments fraud hit 76% of organizations last year, business email compromise struck nearly three in four, and attackers have started using deepfakes to impersonate executives, yet only 17% of organizations use AI to fight back. The threat is escalating and getting AI-powered. The defense remains overwhelmingly manual. Why is the gap so wide, and what would close it?

Kognitos June 16, 2026 12 min read

Why only 17% of companies use AI to fight payments fraud in 2026: the gap between a 76% fraud rate and 17% AI adoption, the barriers (trust, auditability, integration, ROI, false positives, threat newness), and what the 17% are gaining. By Kognitos.

Last updated: June 16, 2026 · Reading time: 12 minutes · Category: Finance & Accounting Automation

TL;DR

The 2026 AFP Payments Fraud and Control Survey found that only 17% of organizations use AI to combat payments fraud, despite 76% experiencing attempted or actual fraud in 2025 and 74% being hit by business email compromise. This is a remarkable mismatch between a widespread, escalating threat and the adoption of a tool that helps fight it, especially as attackers increasingly use AI themselves, including deepfake voice and video.

The gap exists for understandable reasons, not negligence. Finance teams hesitate to adopt AI against fraud because of trust and the black-box problem (probabilistic AI that flags a payment as risky without an explanation is hard to act on in a function where decisions must be justified), auditability concerns (AI decisions that cannot be reconstructed are a problem for a function that gets audited), integration complexity, unclear ROI and not knowing where to start, fear of false positives disrupting legitimate payments, and the sheer newness of AI-versus-AI fraud. These barriers are real, and they cluster around a single theme: finance needs AI it can trust, explain, and audit, and much of the AI marketed for fraud does not clearly meet that bar.

The 17% who do use AI report concrete gains: better efficiency in fraud reporting, improved deepfake detection, and real-time identification of threats. The benefits are real for those who get past the barriers.

What would close the gap is AI that addresses the trust and auditability concerns directly: deterministic, explainable controls whose decisions can be reconstructed and justified, rather than opaque probabilistic scores, combined with detection. The path to higher adoption runs through trust, not through more impressive detection claims. This post examines why the 17% figure is so low, what the adopters are gaining, and what would move the number.

For the practical how-to, see The 2026 Payments Fraud Playbook: Deterministic AI Controls vs Manual Review (companion guide).

The gap, in numbers #

The 2026 AFP Payments Fraud and Control Survey, conducted in January 2026 among 465 treasury practitioners, lays out the mismatch starkly. On the threat side: 76% of US organizations experienced attempted or actual payments fraud in 2025. Business email compromise affected 74%, a significant increase from prior years and the leading fraud channel. Checks remain the most-targeted method at 58%. And for the first time, the survey examined AI-enabled fraud and deepfake technologies, voice and video used to impersonate executives and vendors, reflecting a threat that is itself becoming AI-powered.

On the defense side: only 17% of organizations use AI to combat payments fraud.

Put together, those numbers describe a finance function facing a pervasive, escalating, increasingly AI-driven threat while overwhelmingly relying on non-AI defenses, primarily manual review and traditional controls. More than three-quarters are getting attacked; fewer than one-fifth are using AI to help defend. As fraud itself becomes AI-powered through deepfakes and AI-crafted BEC, the defensive gap arguably widens even at constant adoption, because the threat side is getting a capability the defense side mostly lacks.

The natural question is why. If AI helps fight a threat that is hitting nearly everyone, why are so few using it? The answer is not that finance teams are careless. It is that several real barriers stand between them and adoption, and understanding those barriers is the key to closing the gap.

Why adoption lags: the real barriers #

1. Trust and the black-box problem

Finance runs on decisions that can be justified. When an AI flags a payment as 87% likely to be fraudulent without explaining why, a finance team is left with a number it cannot easily act on or defend. Holding a legitimate payment on an unexplained algorithmic hunch creates business friction; releasing a flagged one that turns out fraudulent looks negligent. Probabilistic AI that produces scores without reasons asks finance professionals to trust a black box in a domain where they are accountable for outcomes, and that is a hard ask. This trust gap is arguably the single largest barrier, because it is not solved by better accuracy claims, it is solved by explainability. See why “94% confident” is not an audit trail.

2. Auditability concerns

Payments and fraud controls get audited, and increasingly so under frameworks like the US Treasury’s 2026 AI Risk Management Framework for financial services. An AI control whose decisions cannot be reconstructed and explained is a liability in that context: “the model flagged it” or “the model cleared it” is not a satisfying answer to an auditor asking why a control did what it did. Finance teams are rightly cautious about deploying AI whose decisions they cannot reconstruct, because they will have to account for those decisions later. Opaque AI and audit requirements are in tension, and that tension holds back adoption. See the 2026 AI audit trail checklist.

3. Integration complexity

Payments flow through banks, ERPs, treasury systems, and AP platforms, and inserting AI into that flow is non-trivial. Concerns about integration effort, disruption to payment operations, and the work of connecting AI to existing systems make teams hesitant, especially when payment continuity is critical and any disruption is costly. The perceived complexity of deployment is a practical brake on adoption even where the will exists.

4. Unclear ROI and not knowing where to start

Fraud prevention ROI is inherently hard to quantify, the value is partly in losses that did not happen, which are difficult to measure. Combined with uncertainty about which AI capability to adopt first and where it would help most, this makes the business case feel fuzzy, and a fuzzy business case loses to clearer priorities in the budget process. Many teams simply do not know where to start, so they do not. For a structured approach, see The CFO’s Guide to Measuring ROI on Finance AI.

5. Fear of false positives

A fraud control that wrongly flags legitimate payments creates real operational pain: delayed payments, frustrated vendors, and manual work to clear the false alarms. Teams worry that AI fraud detection, particularly probabilistic detection tuned aggressively, will generate false positives that disrupt legitimate business, and that fear, justified or not, makes them cautious about turning it on. The concern is really another facet of the trust problem: without confidence in why the AI flags what it flags, teams fear it will flag the wrong things.

6. The newness of AI-versus-AI fraud

AI-enabled fraud (deepfakes, AI-crafted BEC) is genuinely new, examined in the AFP survey for the first time in 2026. Defenses against it are still maturing, and many teams are still understanding the threat, let alone deploying AI to counter it. The newness itself is a barrier: organizations are earlier on the learning curve than the threat is on its development curve.

The common thread across these barriers is trust, explainability, and auditability. Integration, ROI, and false-positive concerns are real, but they sharpen to a point: finance teams need AI they can trust, explain, and account for, and much of the AI marketed for fraud, being probabilistic and opaque, does not obviously clear that bar. That is the core of why the number is 17% and not far higher.

What the 17% are gaining #

The organizations that have adopted AI against fraud are reporting concrete benefits, which makes the low overall adoption more striking. According to the AFP survey, organizations using AI for fraud mitigation reported enhanced efficiency in fraud reporting (49%), improved detection of deepfake technology (45%), and real-time identification capabilities (43%).

Those are meaningful gains, especially the deepfake-detection and real-time-identification benefits, which target exactly the emerging AI-enabled threats that manual review struggles against. The adopters are getting better at catching the newest and hardest fraud, faster. This suggests the barriers above are surmountable and the payoff is real for teams that get past them, which in turn suggests the 17% figure reflects hesitation and friction more than a verdict that AI does not work. The teams using it are largely glad they are.

It also frames the opportunity: as the barriers are addressed, particularly trust and auditability, the gap between the 17% who benefit and the 83% who do not should narrow, and the teams that move earlier gain the defensive advantage while fraud continues getting more sophisticated.

What would close the gap #

If the barriers cluster around trust, explainability, and auditability, then what closes the gap is AI that addresses those directly, not AI with more impressive detection claims. A few things would move the number.

AI whose decisions can be explained and reconstructed. The trust and auditability barriers, the two largest, are fundamentally about explainability. AI that shows why it flagged or cleared a payment, in terms a finance professional and an auditor can follow and reconstruct, removes the black-box objection. This is where the architecture matters: deterministic, explainable approaches produce reconstructable decisions, while purely probabilistic black-box models do not. The path to adoption runs through explainable AI.

Deterministic enforcement alongside probabilistic detection. Much of the fraud-AI conversation centers on detection (scoring transactions for risk), which is valuable but probabilistic and hard to audit. Pairing it with deterministic control enforcement, AI that consistently applies verification and approval rules the same way every time, with every check logged, addresses the consistency and auditability concerns and gives teams an AI application they can trust because it is doing something explainable (enforcing a defined rule) rather than something opaque (scoring a hunch).

Lower-friction deployment and clearer starting points. Addressing the integration and where-to-start barriers, with focused, well-scoped initial applications rather than rip-and-replace projects, lowers the practical barrier to entry.

This is where a deterministic neurosymbolic agentic platform like Kognitos is relevant to the adoption question, honestly framed. Kognitos addresses the trust-and-auditability barrier directly: it enforces verification and control rules deterministically (the same inputs produce the same outcome every time) and in plain English-as-code, logging every decision so it is fully reconstructable for an auditor. That explainability and auditability is precisely what the black-box objection is asking for. Kognitos is not a dedicated fraud-detection product and does not replace bank fraud tools or probabilistic detection, which remain important; rather, it represents the kind of explainable, auditable, deterministic AI whose absence is part of why adoption has lagged. The broader point is not about one platform: it is that the gap closes when finance teams are offered AI they can trust, explain, and audit, and that is a solvable problem.

Book a working session with a Kognitos solutions engineer → Try Kognitos free

Putting it together #

The 17% figure is striking not because finance teams are careless but because real barriers, trust in black-box AI, auditability of AI decisions, integration complexity, unclear ROI, fear of false positives, and the newness of AI-versus-AI fraud, stand between a pervasive threat and a tool that helps fight it. Those barriers cluster around a single, solvable issue: finance needs AI it can trust, explain, and audit, and much of the AI marketed for fraud does not clearly meet that bar. The 17% who have adopted report real gains in efficiency, deepfake detection, and real-time identification, which shows the payoff is genuine. The gap will close as explainable, auditable, deterministic AI addresses the trust concerns head-on, and the teams that move earlier gain the advantage while fraud keeps getting more sophisticated. The low number is not a verdict on AI’s usefulness against fraud; it is a measure of a trust gap that the right kind of AI can close. For the broader banking-operations context, see The Top AI Automation Tools for Banking Back-Office Operations, and the Finance & Accounting Automation Solutions overview.

Sources & disclaimer #

Association for Financial Professionals (AFP)2026 AFP Payments Fraud and Control Survey (conducted January 2026 among 465 treasury practitioners, underwritten by Truist).
U.S. Department of the Treasury2026 AI Risk Management Framework for financial services.

Last updated: June 2026. Statistics are from the 2026 AFP Payments Fraud and Control Survey (conducted January 2026 among 465 treasury practitioners, underwritten by Truist) as publicly reported. Figures should be validated against the primary source. This article is informational and does not constitute financial, security, or compliance advice.

Frequently asked questions

Why do so few companies use AI to fight payments fraud?

According to the 2026 AFP Payments Fraud and Control Survey, only 17% of organizations use AI to combat payments fraud despite 76% experiencing fraud in 2025. The low adoption is driven by real barriers rather than negligence: trust and the black-box problem (probabilistic AI that flags payments without explaining why is hard to act on in a function where decisions must be justified), auditability concerns (AI decisions that cannot be reconstructed are a liability in an audited function), integration complexity across banks and ERPs, unclear ROI and uncertainty about where to start, fear of false positives disrupting legitimate payments, and the newness of AI-enabled fraud like deepfakes. These barriers cluster around a single theme: finance teams need AI they can trust, explain, and audit, and much of the AI marketed for fraud is probabilistic and opaque, so it does not clearly meet that bar. The gap reflects this trust problem more than a judgment that AI does not work.

Is AI effective against payments fraud?

Yes, based on the experience of organizations that use it. The 2026 AFP survey found that organizations using AI for fraud mitigation reported enhanced efficiency in fraud reporting (49%), improved detection of deepfake technology (45%), and real-time identification of threats (43%). These are meaningful benefits, particularly the deepfake-detection and real-time-identification gains, which address exactly the emerging AI-enabled threats that manual review struggles to catch. The fact that adopters report concrete benefits, while only 17% have adopted, suggests the low overall adoption reflects barriers like trust, auditability, and integration friction rather than a verdict that AI is ineffective. AI is effective against fraud for the teams that deploy it well, especially when it combines explainable control enforcement with detection, and the evidence indicates the payoff is real for organizations that get past the adoption barriers.

What is stopping finance teams from adopting AI fraud tools?

The main barriers are trust, auditability, integration, ROI clarity, false-positive fears, and the newness of the threat. The largest is trust: probabilistic AI that scores a payment as risky without an explanation asks finance teams to act on a black box in a domain where they are accountable for justifying decisions. Closely related is auditability, since payments controls get audited and AI decisions that cannot be reconstructed are hard to defend to an auditor, a concern heightened by frameworks like the US Treasury’s 2026 AI Risk Management Framework. Integration complexity across banks, ERPs, and treasury systems, unclear fraud-prevention ROI (value is partly in losses that did not happen), fear that false positives will disrupt legitimate payments, and the sheer newness of AI-versus-AI fraud all add friction. The unifying theme is that finance needs AI it can trust, explain, and audit, which is why explainable, auditable AI is the key to higher adoption.

What kind of AI is best for fighting payments fraud?

The most effective approach combines two kinds of AI with human judgment. Probabilistic AI detection scores transactions for fraud risk and surfaces anomalies, which is valuable for catching novel patterns and emerging threats like deepfakes at scale. Deterministic AI controls enforce verification and approval rules consistently and identically every time, verifying payees and bank details, confirming approvals, and routing changes through control, with every check logged and reconstructable. The deterministic approach directly addresses the trust and auditability barriers that hold back adoption, because it does something explainable (enforcing a defined rule) rather than something opaque (scoring a hunch), and its decisions can be reconstructed for an auditor. The strongest defense pairs deterministic enforcement of the fundamentals with probabilistic detection of novel anomalies, plus human judgment for genuine exceptions. For finance specifically, the explainability and auditability of deterministic controls is often what makes AI adoption feasible at all.

How does AI-enabled fraud like deepfakes change the picture?

AI-enabled fraud significantly raises the stakes and widens the defensive gap. Attackers now use deepfake voice and video to impersonate executives and vendors more convincingly than traditional BEC emails, and the 2026 AFP survey examined this threat for the first time. Because research shows people can barely distinguish cloned voices from real ones, the human judgment that manual fraud review relies on is exactly what these attacks defeat. This means that as fraud becomes AI-powered, manual defenses become relatively weaker, and the gap between the threat and a defense that is 83% non-AI arguably widens even at constant adoption. The implication is that defending against AI-enabled fraud requires shifting away from relying on humans to detect impersonation and toward consistently enforcing factual verification controls that make a fraudulent request fail regardless of how convincing the impersonation is, which is a key reason explainable, deterministic AI controls are increasingly important.

Will AI adoption for fraud prevention increase?

It is likely to increase as the barriers are addressed, particularly the trust and auditability concerns that are the largest brakes on adoption. The 17% who already use AI report real benefits, which creates a pull toward adoption, and the threat is escalating and becoming AI-powered, which creates a push. What has held adoption back is not a lack of benefit but friction around trust, explainability, integration, and ROI clarity. As explainable, auditable, deterministic AI, whose decisions can be reconstructed and justified, becomes more available and better understood, the trust barrier that most limits adoption should ease, allowing the gap between the benefiting 17% and the rest to narrow. Regulatory developments like the US Treasury’s AI Risk Management Framework may also accelerate adoption by clarifying governance expectations. The teams that adopt earlier gain a defensive advantage while fraud continues to grow more sophisticated, which is itself an argument for not waiting.

Does Kognitos help with payments fraud prevention?

Kognitos is not a dedicated fraud-detection product and does not replace bank fraud tools or probabilistic anomaly-detection systems, which remain important parts of a fraud-prevention operating model. Where Kognitos is relevant is the control-enforcement layer and, specifically, the trust-and-auditability problem that holds back AI adoption against fraud. It enforces verification and control rules deterministically, the same inputs produce the same outcome every time, in plain language, logging every check so the decision is fully reconstructable for an auditor. This explainability and auditability is precisely what the black-box objection to fraud AI is asking for, which makes it the kind of AI finance teams can adopt with confidence. In the context of why adoption lags, Kognitos represents the explainable, deterministic, auditable AI whose absence is part of the trust gap, addressing the consistency of control enforcement rather than probabilistic detection. It works alongside detection tools and human judgment as one layer of fraud prevention, not a complete solution on its own.

What does the AFP 17% statistic actually measure?

The 17% figure comes from the 2026 AFP Payments Fraud and Control Survey, conducted in January 2026 among 465 treasury practitioners and underwritten by Truist. It reflects the share of surveyed organizations that report using AI to combat payments fraud. Alongside it, the same survey found 76% of US organizations experienced attempted or actual payments fraud in 2025, business email compromise affected 74%, and checks remained the most-targeted method at 58%. For the first time, the survey also examined AI-enabled fraud and deepfake technologies. Read together, the figures describe a pervasive, escalating, increasingly AI-driven threat met overwhelmingly by non-AI defenses such as manual review and traditional controls. As with any survey statistic, the exact figures should be validated against the primary source, but the direction is clear: the threat side is far ahead of the AI-defense side.

Kognitos