A business owner I know recently watched his company fall apart. It wasn’t from losing clients or a bad market. His CFO had been creating fictitious vendors, opening a separate bank account and routing money through it. Millions of dollars, gone. It wasn’t discovered until the CFO went on vacation and the bank called about a transaction that didn’t add up.
Processing Content
The first thing to catch my eye was that the CFO never took vacation.
I have an audit background. I was trained to look for exactly this kind of scheme. Fake vendors, unauthorized accounts, employees who never take time off. The fraud itself was not sophisticated. What was remarkable was how long it went undetected in a business that had someone with financial training involved. That is the interesting part worth examining.
As CPAs, these are the traditional activities we are trained to look for. However. what we haven’t been trained for is how AI can be a bad actor. Our skills as accounting professionals have to be upleveled to meet this new challenge.
The patterns are familiar. The terrain has changed.
I recently spoke with Mary Kay Bowman, executive vice president and head of payments and financial services at
That matters for anyone advising small and midsized businesses on their financial operations. The schemes haven’t fundamentally changed. Someone creates a fake vendor. Someone moves money to an account they control. Someone exploits a business owner who has handed over complete financial trust to one person and stopped looking. A 2025 report from Bill found that
Bowman described it this way: Things that used to be invisible until the end of a closed period are now surfacing within the period, and often in real time. That’s a meaningful shift. The window for catching something early is wider than it’s ever been. But only if the technology sitting behind your clients’ transactions is actually doing that work.
What your clients assume when they trust you
The same Bill report found that 92% of business leaders worry about fraud. Your clients are almost certainly among them, whether they’ve told you or not. When you recommend a payment management platform or agree to handle a client’s bill payments, they hear something specific: You understand this and you’ve evaluated it. You’ll know if something goes wrong.
Most small-business owners are not watching their payment flows closely. The construction company owner I mentioned earlier didn’t know accounting. He hired a CFO and trusted him completely. He didn’t look at the details until the money was gone.
That’s a reasonable dynamic for clients to fall into. The question is whether you have a framework to actually
Three questions to ask
Bowman offered a practical way to evaluate this when you are evaluating software today.
- Does the company handle its own data security? Specifically whether they hold PCI DSS compliance and the appropriate payment network licensing. “If they’re not doing that, it would be hard to believe that they’re doing the other legs of the fraud management stool very well,” she said. That’s your baseline.
- What’s their operational expertise? Fraud detection requires people actively monitoring transaction patterns alongside the technology and watching for anomalies like transactions that come in at unusual times or require unusually fast settlement. Bowman was candid about the balance involved: “I could prevent 100% of fraud. It’s just that very little transactions would go through.” Knowing how a provider manages that balance — their false positive rate, their coverage across transaction types, how long they’ve been doing this work — tells you a great deal about how seriously they take it.
- Does the system learn continuously? Static fraud detection is already behind the current threat. What you want from a partner is a system updating in real time based on patterns across their entire transaction network, before, during and after every transaction cycle. These are not overly technical questions. They’re the same questions your training prepared you to ask. They’ve just moved to a different context.
The advisor your clients need you to be
The
What’s different now is that the right technology partner can function as a second set of eyes on every transaction, every day. That second layer of oversight is what your clients are counting on when they hand you their trust. Knowing whether your technology partners are actually providing it is part of what it means to advise them well.
Credit: Source link









