The fraud surface in accounts payable has changed in three ways at once. Open banking has made account verification a real-time operation rather than a one-off check. Generative AI has lowered the cost of producing convincing invoices and impersonation emails. And bank-detail switching, the single largest vector of AP loss, has industrialised. The defensive stack that worked in 2022 will not hold in 2026.
The fraud surface in 2026
Three patterns now drive the majority of AP losses in the UK. The first is the bank-detail switch, where an attacker compromises supplier email and substitutes their own account details on a legitimate invoice. The second is supplier impersonation, where a plausible but fake supplier is added to the vendor master and used to extract payments. The third is the AI-generated invoice, where automation has lowered the cost of producing a credible request to the point that small-value attacks at high volume become profitable. The wider thesis sits in our piece on why AP fraud will scale in the AI era.
All three share a feature. They live below the threshold where traditional controls fire. The four-eyes principle, threshold approval, and quarterly sample audits were calibrated for a different volume and a different attacker.
What open banking actually changes
Open banking standardised the act of verifying account ownership in real time. Three concrete shifts follow.
First, live account ownership checks. The buyer can confirm at the moment of payment that the account named on the invoice matches the supplier's verified business identity. This was not technically available at scale before 2019.
Second, transactional context. Open banking data, where consented, can show whether the supplier's account behaves the way a trading entity's account should behave. A newly opened account with no inbound history, named after a long-established supplier, is a signal.
Third, real-time balance and flow signals where the supplier consents to share. This is currently used in lending more than in AP, but the data is the same.
Confirmation of Payee, and what it does not catch
Confirmation of Payee, where deployed, has reduced the simplest form of bank-detail fraud meaningfully. The check verifies that the name on the invoice matches the name on the receiving account. Where the names diverge, the payer is warned before the payment is processed.
What CoP does not catch is the second-order attack. Where an attacker has set up a legitimate-looking account in a name close enough to the supplier's, or where the attacker has gained control of an account legitimately held by a shell entity, the name check passes. CoP is a useful first filter but not a sufficient one.
It also does not catch the temporal dimension. A supplier verified clean at onboarding can have its bank details switched mid-cycle. A one-off check at onboarding is not a control. A continuous one is. This is part of why supplier verification and payment behaviour are converging into a single ongoing discipline.
The behavioural layer that closes the gap
The control that catches what CoP does not is behavioural. It compares each payment against the supplier's verified pattern: how often they invoice, in what range, from what entity, against what contract, and into what account. A request that breaks the pattern triggers exception review.
The catch is that the pattern only becomes useful when it is built from network-level data. A single buyer sees fewer than ten invoices per year from most of its smaller suppliers. That is not enough data to build a baseline. A supplier identity graph sees thousands across all buyers and can baseline the supplier in days rather than years.
A practical control stack
The stack that holds up under current attack patterns has four layers.
Identity is the foundation. Verified at onboarding, refreshed continuously against beneficial ownership and PSC data.
Account verification is the second layer. Real-time CoP at payment, supplemented by transactional context where open banking consent allows.
Behavioural anomaly detection is the third. Continuous comparison of each payment against the supplier's network-level pattern, with exception review for outliers.
Network-level signal sharing is the fourth. When a supplier's behaviour pattern changes across multiple buyers at once, that is a near-certain compromise signal. No single buyer would catch it. The network does.
What to ask any AP or fraud vendor
Three questions filter the field quickly. Does the vendor verify identity continuously, or only at onboarding? Does the vendor have the network data needed to build a behavioural baseline for small suppliers? And does the vendor share exception signals across customers, or is each buyer running its own siloed model? Vendors that cannot answer all three are sitting on yesterday's threat model.
.jpg)