Small and mid-sized businesses (SMBs), the backbone of the U.S. economy, are increasingly susceptible to fraud. As this issue gains more national attention, owed in part to legislative and regulatory attention on scams, loan-abuse vulnerability, and other issues, banks have a renewed opportunity and responsibility to strengthen their defenses and better protect these vital enterprises.
Too many banks continue to prioritize consumer and large commercial fraud defenses, leaving SMBs exposed to escalating threats. These enterprises issue and receive a high volume of checks and ACH payments with minimal internal control. And these gaps create reputational and financial risk for their business and for the banks that serve them.
To protect SMBs, banks should rethink their approach to fraud risk: from segmentation to education. That means revisiting old assumptions about vulnerabilities across their customer base and putting more focus on SMBs.
A surging threat hiding in plain sight
In a recent survey by AFP, 79% of all organizations surveyed said they had experienced attempted or actual payment fraud in 2024. Check fraud continues to lead the pack. It was cited by 63% of organizations, far more than any digital payment method.
Check washing and forgery has seen a resurgence, with criminal organizations intercepting business checks from mail streams, chemically altering payee information and amounts, and cashing them at multiple banks.
Old-school paper fraud is now paired with rapid money movement, making recovery almost impossible. ACH debit fraud was also reported by 33% of respondents, highlighting the dual threat SMBs face from both legacy and electronic rails.
These risks are amplified for SMBs, with 80% still issuing paper checks, and 60% planning to increase ACH usage, according to a 2024 Datos report. Over 40% send more than 50 ACH payments per month, a significant volume for companies with limited fraud defenses.
Despite this exposure, many SMBs are not fully aware of the danger they face. The same research found that only 34% consider themselves “very concerned” about payment fraud, and 62% say they’re confident they’re catching most or all fraud attempts. That confidence doesn’t align with the data, and it’s costing SMBs and the banks that serve them.
4 ways to turn the tide against SMB fraud threats
Banks need a proactive and digitally enabled approach to SMB fraud prevention. Here are four steps they should take:
Start by segmenting risk more intelligently. SMBs aren’t “lite” consumers. They’re high-risk entities processing frequent payments with small teams and minimal internal oversight. Banks should evaluate fraud risk based on transaction type and volume, not just business size.
Make education the frontline defense. Banks should integrate fraud education into onboarding, use contextual nudges in digital banking, host training sessions, and make the business case clear with real-world examples. This ongoing education should be tailored to the evolving threat landscape, ensuring SMBs are equipped to recognize and respond to the latest fraud tactics with confidence.
Reduce friction. More than half of business customers that use fraud prevention tools say the setup process is difficult. Banks should prioritize making these services more accessible and easier to adopt, especially for smaller businesses with limited technical resources.
Modernize monitoring. Some institutions are now evaluating behavioral and digital session data as part of their broader fraud risk strategy. Earlier detection and response can benefit SMBs, particularly if it allows banks to intervene without slowing down legitimate activity.
This is a clear opportunity. But the onus is on banks to act.
Banks must stop waiting for a crisis before offering solutions. Small businesses need fraud prevention to be a standard, non-negotiable part of their banking relationship.
Jeff Scott is Vice President of Fraudtech at Q2.
