Published July 01, 2026, 4:58 p.m. EDT
|
Updated July 01, 2026, 5:06 p.m. EDT
4 Min Read
Alex/Getty Images/iStockphoto
A business owner I know recently watched his company fall apart. It wasn’t from losing clients or a bad market. His CFO had been creating fictitious vendors, opening a separate bank account, and routing money through it. Millions of dollars, gone. It wasn’t discovered until the CFO went on vacation and the bank called about a transaction that didn’t add up.
Processing Content
The first thing to catch my eye was that the CFO never took vacation.
I have an audit background. I was trained to look for exactly this kind of scheme. Fake vendors, unauthorized accounts, employees who never take time off. The fraud itself was not sophisticated. What was remarkable was how long it went undetected in a business that had someone with financial training involved. That is the interesting part worth examining.
As CPAs, these are the traditional activities we are trained to look for. However. what we haven’t been trained for is how AI can be a bad actor. Our skills as accounting professionals have to be upleveled to meet this new challenge.
The patterns are familiar. The terrain has changed.
I recently spoke with Mary Kay Bowman, executive vice president and head of payments and financial services at BILL
, who has spent more than 25 years working across Visa, Square, and Amazon. She said something that reframed the whole conversation for me: “The fraud patterns have always been there. The tools are different now.”
That matters for anyone advising small and midsized businesses on their financial operations. The schemes haven’t fundamentally changed. Someone creates a fake vendor. Someone moves money to an account they control. Someone exploits a business owner who has handed over complete financial trust to one person and stopped looking. A 2025 report from BILL found that 56% of businesses saw fraud attempts increase over the past year, and 42% say those attacks are growing more sophisticated
— more frequent and harder to catch at the same time. What has changed is the speed at which it happens and, critically, when it becomes visible.
Bowman described it this way: Things that used to be invisible until the end of a closed period are now surfacing within the period, and often in real time. That’s a meaningful shift. The window for catching something early is wider than it’s ever been. But only if the technology sitting behind your clients’ transactions is actually doing that work.
The same BILL report found that 92% of business leaders worry about fraud. Your clients are almost certainly among them, whether they’ve told you or not. When you recommend a payment management platform or agree to handle a client’s bill payments, they hear something specific: You understand this and you’ve evaluated it. You’ll know if something goes wrong.
Most small-business owners are not watching their payment flows closely. The construction company owner I mentioned earlier didn’t know accounting. He hired a CFO and trusted him completely. He didn’t look at the details until the money was gone.
That’s a reasonable dynamic for clients to fall into. The question is whether you have a framework to actually back up the trust they’re placing in you.
Because recommending a platform without evaluating its fraud protection capabilities is accepting liability you may not have accounted for.
Bowman offered a practical way to evaluate this when you are evaluating software today.
- Does the company handle its own data security?Specifically whether they hold PCI DSS compliance and the appropriate payment network licensing. “If they’re not doing that, it would be hard to believe that they’re doing the other legs of the fraud management stool very well,” she said. That’s your baseline.
- What’s their operational expertise?Fraud detection requires people actively monitoring transaction patterns alongside the technology and watching for anomalies like transactions that come in at unusual times or require unusually fast settlement. Bowman was candid about the balance involved: “I could prevent 100% of fraud, it’s just that very little transactions would go through.” Knowing how a provider manages that balance — their false positive rate, their coverage across transaction types, how long they’ve been doing this work — tells you a great deal about how seriously they take it.
- Does the system learn continuously?Static fraud detection is already behind the current threat. What you want from a partner is a system updating in real time based on patterns across their entire transaction network, before, during and after every transaction cycle.These are not overly technical questions. They’re the same questions your training prepared you to ask. They’ve just moved to a different context.
Theinstincts you built as an accountant are still valid.
Noticing when one person has unchecked financial control, when a vendor appears without a clear business reason, when something in the pattern is slightly off — those instincts matter. The CFO who never took vacation was a red flag that existed long before any technology changed.
What’s different now is that the right technology partner can function as a second set of eyes on every transaction, every day. That second layer of oversight is what your clients are counting on when they hand you their trust. Knowing whether your technology partners are actually providing it is part of what it means to advise them well.
