How to protect your business from payment diversion fraud

International payments create a wide fraud surface before a payment ever leaves your business. Currencies, jurisdictions, supplier entities, invoice formats, and time zones all create more places for a fraudster to impersonate a supplier, alter an invoice, or slip a false payment instruction into a routine workflow. AI makes those attempts cheaper to produce and harder to spot.

The fraud happens before release. A bad actor manipulates payment instructions, supplier identity, invoice details, or bank details so a genuine supplier payment ends up with the wrong beneficiary.

So how do you protect supplier payments that cross borders?

Prevention starts with awareness, process discipline, and platform-level controls that cover the payment workflow before funds move. In this guide, we cover what payment diversion fraud is, how it targets international B2B payments, and how to build a prevention posture that catches diversion risk early.

What is payment diversion fraud?

Payment diversion fraud is a type of fraud where criminals impersonate a trusted supplier or contact to redirect a legitimate payment away from the intended beneficiary.

How payment diversion differs from other invoice fraud

Invoice fraud is the broader category, covering fake vendor scams, phantom invoices, overbilling, and duplicate invoice submission. Payment diversion fraud is the slice that targets payment routing rather than the invoice itself.

The distinction matters operationally.

Invoice fraud can often be caught through invoice validation, but payment diversion fraud passes validation because the invoice is real — only the bank details have changed. Invoice interception fraud is one of the mechanics behind it, where a fraudster intercepts a legitimate invoice and swaps the bank details before it reaches the paying company.

The controls that catch payment diversion sit at the payment verification layer, where teams check supplier identity, beneficiary details, approval rights, and payment status before funds move.

How are mandate fraud, invoice interception fraud, and diversion fraud connected?

Mandate fraud, invoice interception fraud, and diversion fraud are three labels for the same underlying attack — someone manipulating the bank details on a payment to a trusted payee.

• Mandate fraud is the framing used by banks and the payments industry, focused on the altered payment instruction.
• Diversion fraud and payment diversion are the terms anti-fraud organisations and law enforcement use, focused on where the money ends up.
• Invoice interception fraud names a specific vector (interception at the invoice stage).

The language changes by context. Operationally, the risk is that money goes somewhere other than the trusted payee you intended to pay. 

How does payment diversion fraud work in international B2B payments?

International B2B payments face amplified exposure. Per-transaction values can be significant, supplier relationships often span multiple jurisdictions, and payment-detail changes can be harder to verify when the supplier, bank and finance team all sit in different places.

Email spoofing and supplier impersonation

The attack starts with reconnaissance. Fraudsters research the business through public records, websites, and social media to map key contacts and payment patterns. In cross-border relationships, supplier directories and trade data often sit in public registers.

Email spoofing means creating an address nearly identical to a genuine supplier's, swapping a single character.

In international payment relationships where email is the primary channel across time zones, spoofed supplier requests are harder to catch. The fraudster contacts the AP team requesting a change to bank details, citing plausible reasons like regional account consolidation.

Why does it work so often?

Because these relationships already involve infrequent bank detail changes, unfamiliar jurisdictions, and limited ability to verify directly across time zones. The sensitive information behind the attack is often available through ordinary research channels.

Manipulated payment instructions and duplicate invoices

The second common vector targets the payment instruction itself.

Fraudulent payment requests may involve a forged invoice sent from a compromised account, an altered beneficiary name, or a payment instruction that points away from the supplier's usual account. In international B2B operations, the volume of legitimate requests across multiple suppliers and currencies makes anomalous ones harder to flag.

Duplicate invoices take a different approach — the same invoice is submitted multiple times, with slightly altered bank account details, across different cross-border payment corridors. Both succeed because the fraudulent activity mimics routine international payment operations.

Successful diversion attempts often look indistinguishable from a regular supplier payment. That's precisely why they work. 

What diversion signals should finance teams watch for?

For finance teams processing international business payments, these signals point to possible manipulation before a supplier payment is approved:

• Supplier identity signals, such as a lookalike domain, unfamiliar contact, changed reply-to address, or supplier entity name that does not match prior records
• Payment instruction signals, including new bank account details, a different beneficiary name, or a destination country that does not match the supplier's usual setup
• Invoice signals, such as formatting, language, line items, or currencies that differ from the supplier's established pattern
• Timing signals, including changes that arrive close to a payment deadline or after internal approval has already started
• Pressure signals, such as "payment must be processed today" or "confidential, do not discuss with other contacts"
• Channel signals, where the request arrives by email only, with no confirmation through a known contact path

In international supplier relationships, some signals are harder to evaluate. A supplier changing banking jurisdictions may be legitimate for a multinational vendor.

Payment diversion usually exposes a control gap, not a lack of individual judgment. The controls below protect the full payment workflow, so one missed signal doesn't decide the outcome. 

How can you prevent invoice fraud and payment diversion?

Prevention works in layers. People, process and platform controls each cover a different part of the payment workflow.

People controls: Staff awareness and senior management oversight

Staff members who process or authorise payments need to know what payment diversion fraud looks like and how it targets their workflows.

For international payment teams, this means training on cross-border attack vectors, from email spoofing across time zones to manipulated supplier identities, invoice details, and jurisdictional bank changes.

Senior management must make clear that verification delays are acceptable. The cost of a 24-hour payment hold is trivial compared to the financial losses from a successful diversion.

Training can't be annual and forgotten the moment it finishes. Fraud tactics evolve, staff rotate, and anyone new to the AP function needs awareness before they process their first payment.

Awareness alone won't catch everything, though. People controls handle the obvious cases, and the approval routing and screening layers below are designed to catch the rest.

Process controls: Build fraud checks into the payment workflow

Process controls make diversion harder before a payment reaches approval. The goal is to check supplier identity, beneficiary details, and approval rights at the points where a bad instruction could enter the workflow.

Callbacks still matter. For supplier changes, call a known number from your records rather than using the contact details in the request itself. For international suppliers, maintain a verified contact directory with direct numbers for known contacts at each supplier through secure communication channels, rather than relying on email alone.

Dual approval applies the four-eyes principle to higher-risk payment moments, including new beneficiaries, changed account details, high-value transfers, and payments that do not match the supplier's usual pattern.

Manual callbacks are critical, but they don't scale when your team processes dozens of international supplier payments weekly. This is where platform-side verification supplements manual controls.

Confirmation of Payee (CoP) in the UK and Verification of Payee (VoP) for qualifying Eurozone and euro payments check whether the account name matches the intended recipient before payment execution, catching mismatches that a manual callback might miss or that time pressure might cause a team to skip.

This process layer works because it creates structural friction before execution. Manual callbacks for higher-risk changes, dual approval for release authority, and platform-side CoP/VoP for eligible payments cover different parts of the same prevention posture.

Technology controls: How payment platforms detect fraudulent activity

Technology is the more scalable enforcement layer — the controls that run across routine payment workflows without a human bottleneck. Platform-level payment fraud prevention addresses the scale problem that people and processes alone can't solve.

Modern payment platform security infrastructure provides:

• Beneficiary verification (CoP/VoP) — automated name-matching before payment execution on eligible UK and qualifying Eurozone payments, catching account detail mismatches that indicate potential diversion
• Beneficiary-change alerts and validation rules — flagging payments routed to unfamiliar accounts or where beneficiary details have changed against historical patterns
• Dual-signature and multi-approval workflows — requiring multiple authorised users to approve payments above defined thresholds
• Real-time payment tracking — live visibility from initiation through settlement with timestamped updates at every step, giving the finance team a clear payment status trail after approval

These capabilities turn manual vigilance into systematic controls that protect your payment accounts and data against fraud at scale.

For finance teams managing high-volume international supplier payments, platform-enforced controls are the difference between hoping every team member follows the process and having platform controls reinforce it across routine workflows. 

What to do if you suspect payment diversion fraud

Speed determines recovery. In cross-border payments, the window can be tighter because funds may move across regions, providers, and banking systems before anyone spots it.

Investigate immediately and initiate a payment recall

The moment you suspect fraud, contact your payment provider. What's possible depends on where the payment sits.

If the payment hasn't left the provider, they may be able to cancel it directly. If it has already left the provider but not yet settled, they may still be able to attempt a recall. Once the funds have reached the beneficiary, recovery typically requires a return-of-funds request — and that's where outcomes get less predictable.

International payment tracking changes the response window. If the platform provides live status visibility, the finance team can check whether the payment has settled or is still in transit before deciding on the next step.

Run the internal investigation in parallel. Document the fraudulent communication, the original supplier details, and which controls failed.

That documentation feeds the external report and the post-incident control review. Financial losses that existing controls could have prevented make the strongest case for strengthening them.

Report fraud to your payment provider and the relevant authorities

Report fraud to your payment provider and to the relevant authorities in your region (for example, the European Anti-Fraud Office in the EU).

Your payment provider has fraud teams that can assist with recall attempts. When you choose an EU-regulated payment institution, your funds are segregated under PSD2 safeguarding obligations — a meaningful consideration when deciding where your international supplier payments are managed.

The report also creates an official record that may support a law enforcement investigation.

Reporting is an operational step, not an admission of failure. Those reports help payment providers and law enforcement prevent future incidents.

Protect international supplier payments with the right platform

Protecting international supplier payments means reducing the chance that a false instruction reaches release in the first place.

iBanFirst is a cross-border payment provider built for finance teams managing international supplier payments, where transaction values are high and a single diverted payment can be significant.

With iBanFirst, you can enforce fraud-prevention controls across the payment workflow:

• Run beneficiary name-checks on eligible UK and Eurozone payments before execution via Confirmation of Payee and Verification of Payee, built into the payment workflow
• Configure dual-signature approval and threshold-based validation rules before you release supplier payments
• Track international payments live from initiation through settlement with timestamped updates and shareable links your beneficiaries can use to check payment status
• Pay suppliers in their local currency across 135+ currencies and 180+ countries with clear FX spreads visible before execution
• Get a dedicated account manager and access to FX specialists from day one — people who know your payment routes and can act quickly when something looks off

Request an account to see how iBanFirst helps protect supplier payments before release.