TL;DR: B2B payment fraud often emerges after onboarding, through spend behaviour, vendor relationships, approval workflows, reimbursements, and subscription management, with the ACFE's 2026 Report to the Nations finding organisations lose 5% of annual revenue to fraud and wait a median of 12 months to detect it. The control problem is not verification alone, but continuous visibility, enforcement, and lifecycle monitoring across the payment stack.
NHIMG editorial — based on content published by Sumsub: B2B payment fraud across the full payment lifecycle
By the numbers:
- A typical organization loses 5% of annual revenue to fraud, with a median of 12 months before detection.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
Questions worth separating out
Q: How should organisations reduce B2B payment fraud after onboarding?
A: They should treat onboarding as only the first control point and add continuous monitoring across approvals, vendor changes, reimbursements, and subscription activity.
Q: Why does payment fraud persist even when identity checks are strong?
A: Because identity checks verify entry, not future behaviour.
Q: What do finance teams get wrong about fraud monitoring?
A: They often rely too heavily on reconciliation and post-payment review, which means the money has already moved before anomalies are challenged.
Practitioner guidance
- Rebuild controls around post-onboarding risk Map the payment lifecycle from vendor approval through reimbursement, renewals, and exception handling, then assign a control owner at each stage.
- Enforce transaction controls at the point of payment Move threshold checks, category restrictions, and approval routing into the payment workflow so violations are blocked before settlement.
- Link KYB, UBO, and monitoring data Use a shared control layer that joins business identity data with transaction telemetry, so changes in vendor status or behaviour are visible in near real time.
What's in the full article
Sumsub's full report covers the operational detail this post intentionally leaves for the source:
- The six recurring payment-risk patterns in full operational context, including threshold splitting, reimbursement blind spots, and duplicate vendor payments.
- The finance and risk workflow details behind how policy enforcement changes when controls are embedded before money moves.
- The LATAM-specific analysis that explains why regional payment behaviour alters fraud exposure and monitoring priorities.
- The identity verification, KYB, and transaction monitoring layers that the report says must work together across the payment lifecycle.
👉 Read Sumsub's report on B2B payment fraud across the full payment lifecycle →
B2b payment fraud after onboarding: where controls break down?
Explore further
Payment fraud after onboarding is a lifecycle control problem, not an onboarding failure. The article correctly shifts attention away from entry checks and toward the operational layer where spend behaviour, approvals, and vendor changes evolve. That is where identity assurance decays if it is not continuously revalidated. Practitioners should treat post-onboarding monitoring as part of identity governance, not as a separate finance function.
A question worth separating out:
Q: Who is accountable when automated payment workflows are abused?
A: Accountability should sit with the business owner of the workflow, the finance control owner, and the security or identity team responsible for access governance. If automation uses service accounts, API keys, or delegated approvals, those identities must be governed like privileged access. Shared ownership only works when every control point has a named operator.
👉 Read our full editorial: B2b payment fraud grows after onboarding, where controls fail