Financial Security Trends '23

by Ponemon Institute

A growing concern for organizations worldwide
Featured In:



Business wire press release "Payment Transaction Fraud Among Key Risks to Business Operations – and Reputation" Published September 27, 2023


Hit by transaction fraud


Average loss/ incident



ponemon-institute-logo-vectorExplore illuminating insights from interviews with 659 finance executives featured in the 2023 Ponemon Institute Report. In a groundbreaking market survey conducted in March 2023, Creednz partnered with the renowned Ponemon Institute, helmed by Dr. Larry Ponemon, a former senior partner at PWC and founder of the firm's global compliance risk-management group.

This pioneering research marks a significant milestone, capturing responses from 659 finance executives representing 18 diverse industries across the United States. These executives hail from corporations with average annual revenues in the $400 million range and maintain supply chains averaging 2,800 suppliers.

Traditionally, industry statistics have relied upon aggregate data, such as the FBI Internet Crime Reports (The IC3), which reported a staggering $50 billion in losses from scams like Business Email Compromise between 2013 and 2022. However, these figures lacked granularity, leaving questions unanswered regarding the affected companies and the prevalence of such losses.

Our research revolutionizes this landscape by providing valuable insights for companies to recalibrate their risk focus. By shedding light on the accountability aspects of payment scams, we bridge the gap between finance and cybersecurity departments, revealing how these financial challenges squarely fall within the purview of corporate finance.

Evaluating the Risk of Transaction Fraud

This survey brought to light that payment fraud is a much more severe problem than is being addressed. Organizations that ignore the risks of payment fraud do so at their peril.


Common Risks and Fraud Scenarios

Vendor & Executive Impersonation

Impersonation tactics are used to deceive organizations into fraudulent payments or divulging sensitive information. Business Email Compromise (BEC) is a common tactic where they impersonatevendors or key personnel to manipulate financial processes.

Third-Party Compromise

Occurs when an organization’s vendor or
supplier is hacked, leading to the manipulation of billing details or bank accounts, potentially resulting in fraudulent transactions.

Account Takeover

Happens when an attacker gains unauthorized access to a corporate bank account belonging to a legitimate finance individual, often using stolen or compromised credentials, to make unauthorized transactions or divert funds.

Malicious Insider/
User Entitlement Fraud

Intentional actions by current or former
employees, contractors, or business partners, and instances of attackers gaining access to user accounts with higher privileges, often through compromised credentials, to manipulate payment transactions.

Sanctioned Entities 

 Payments made to sanctioned entities, resulting in potential legal repercussions, financial losses, and reputational damage.

Systems & Human Error

Although not fraud, these unintentional errors can cause identical financial losses.
This includes instances where someone inputs incorrect information or payment files become corrupted, leading to discrepancies or erroneous transactions.

Industries Surveyed

The summary presented here pertains to a research survey on payment fraud, which was carried out by the Ponemon Institute. Participants consisted of 659 executives from a range of finance governance roles across 18 industries.

  • Finacial Services
  • Services
  • Public Sector
  • Manufacturing
  • Retailing
  • Energy & Utilities
  • Hospitality
  • Communications
  • Pharmaceuticals
  • Transportation
  • Healthcare
  • Industrial
  • Defense
  • Education
  • Consumer Products
  • Tech
  • Entertainment 
  • Agriculture

The Devastating Aftermath of Fraud

Transaction fraud not only affects the financial well-being of businesses, but it also damages their reputation, erodes public confidence, and can result in costly regulatory scrutiny. Additionally, recovering from fraud requires significant time and resources that could otherwise be allocated toward growing the business.

Thumbs Down
Tarnished Reputation

report damage to organization’s

report loss of shareholders’

Loss of Trust

suffered a negative impact on
organization’s compliance with


noticied a loss of confidence in
management’s ability to prevent
payment transaction fraud

Additional Cost

of organizations terminated
employees responsible for
making payments

of organizations had to pay
legal fines

Businesses Know the Risk

Finance teams of larger organizations deal with numerous transactions across multiple bank accounts. Organizations represented in this research have average annual revenues of $446M, averaging 2,836 vendors on their supply chain with an average of 25,000 monthly payment volumes.

This complexity makes effective vendor management and payment security measures crucial. However, many surveyed financial teams lack trust in their existing risk mitigation practices and fail to take adequate action to guard against vulnerabilities despite being aware of the risks.

distrust internal controls

Distrust their current internal controls to prevent fraudulent payments.

External controls

Distrust their external
controls at the bank to stop
suspicious transactions

Even After Experiencing Fraud

Could Technology be the Solution?

The survey revealed that more than half of all respondents acknowledge they lack the appropriate tools or technology to prevent various forms of payment fraud. Further findings indicate that tech upgrades were one of the most frequently employed strategies in response to instances of payment fraud.



View inadequate tools as a primary barrier to fraud prevention.



Invest tech upgrades following fraud discovery.

Modern Scams Need Modern Solutions

Master Vendor Alignment
Gain Vis
Bank Account Validation
Effective Collabortion 

Amidst the increasing sophistication of scams, finance teams are locked in a perpetual battle against the looming specter of financial loss due to fraudulent activities.

These threats materialize in various guises, whether through the cunning disguise of an external phishing attack masquerading as a colleague, a vendor's data breach, or even an internal compromise. To secure your organization's financial assets, steadfast vigilance, master vendor alignment, bank account validation, and effective collaboration become imperatives.

Our comprehensive toolkit is meticulously crafted to bolster and elevate financial controls across treasury, accounts payable, and accounts receivable functions. It equips your team with the precision to manage bank account access, enforce rigorous treasury policies, and systematically validate transactions, guaranteeing the highest levels of security and precision in financial operations. Safeguard your financial integrity with unwavering confidence.

Don’t wait for a breach – act now to secure your financial future and safeguard your organization’s assets.