As AI tools become increasingly accessible, B2B fraud is shifting from “sporadic events” to “systemic attacks.” We sat down with Tom Abbey (Account Executive, Trustpair) and Mo Ahmad (Global Procurement Technology Executive, SAP) to discuss how organizations can defend themselves in 2026.
Key Takeaways for P2P Leaders
- The 80% Rule: Most fraud occurs during onboarding or bank detail modification, not at the payment stage.
- AI Scale: Deepfake voices and cloned identities have made manual “callback” procedures obsolete.
- The Overconfidence Gap: 77% of companies trust their data, yet 70% fail to monitor it continuously.
- Clean Core Strategy: Automated bank verification must be native to the SAP environment to eliminate manual error.
Beyond BEC: The Rise of AI-Enabled Impersonation
Q: We’ve heard about the “Arup” case—a $25 million loss due to a deepfake CFO. Is this the new normal for Procurement?
Tom (Trustpair): It’s becoming day-to-day. Fraudsters only need a few minutes of audio from a YouTube clip to clone a CEO’s voice. In the Arup case, they used a Teams call to forge the CFO’s face and voice. When 71% of businesses report an increase in AI-driven fraud, the “manual callback” isn’t just slow—it’s a liability.
Mo (SAP): Exactly. As we digitize—introducing supplier self-service and payment automation—we create more entry points. Fraudsters are smarter now; they exploit the gaps between digital systems. It’s no longer just about a fake email; it’s about increased exposure meeting high-speed AI tactics.
Bridging the “Overconfidence Gap” in Vendor Master Data
Q: Most companies feel they have a handle on their vendor data. Why do the statistics suggest a different reality?
Tom: There’s a massive contradiction. 77% of companies say they are confident in their vendor master data, yet 70% don’t continuously monitor it. We see cases of “low and slow” internal fraud—like the British Airways incident—where details are edited in the master file and go unnoticed for years because there is no continuous audit.
Mo: We see this often during ERP transformations, like moving from SAP ECC to S/4HANA. Companies have ambitions to automate, but when they look under the hood, the data is in a much poorer state than they believed. At SAP, we preach a “Clean Core,” which means you can’t have a clean process if you’re feeding it 15 years of “poisoned” or stale data.
Designing a Fraud-Resistant SAP Ecosystem
Q: How do Trustpair and SAP integrate to secure the source-to-pay journey?
Tom: We focus on the “Pair.” First, we identify the company; second, we validate the bank account; and third, we create the “cement” by tying that specific company registration to that specific bank account. We only give a “Green” status when that link is guaranteed globally across 195 countries.
Mo: We partner with Trustpair because they provide a depth of banking telemetry we don’t have. Whether you’re onboarding in SAP Ariba or running payments in S/4HANA, Trustpair acts as an automated approval step directly in the workflow. This removes the “manual handshake” where most fraud slips through.
The “Winning Move” for Finance and Risk Leaders
Q: If you could give one piece of advice to a CFO or CPO today, what would it be?
Mo: Don’t treat fraud prevention as an “optional” add-on. It has to be designed into the source-to-pay process from the start. The only winning move in fraud prevention is to stop the payment before it leaves.Tom: Get ahead of the curve. Most organizations only call me after they’ve been defrauded. Think of it like a speed camera: don’t wait for the accident to happen. Automation is the only way to outpace AI.
Watch the full replay of this interview here.
