How Fraudsters Blend Into Everyday Retail Operations

Retail’s biggest fraud problem today isn’t the activity that looks suspicious. It’s the activity organizations think they can trust. Retailers are operating with constant disruption while autonomous environments power faster transactions. Furthermore, retailers are operating with less humans to verify. What happens then? Fraudsters step in. The result is a collapse of digital trust inside everyday business workflows.

A few years ago, fraud was easier to spot. Today, not so much. Fraudsters compromise trusted vendors and use legitimate credentials to move undetected through workflows. Let’s say a retailer has worked with the same supplier for five years. A fraudster may sit inside that workflow for weeks, learning how the vendor communicates before ever requesting a banking change.

Operations, fulfillment, and finance teams are under pressure to move quickly. Most organizations have security controls in place, but those controls were built for a different generation of fraud. Artificial intelligence has industrialized impersonation. Fraudsters can now generate trusted communications, mimic business context, and execute human-layer attacks at machine speed. In 90 percent of cases, the fraudulent accounts themselves appear legitimate because attackers now use real banking infrastructure and locally aligned entities.

For organizations using ACH payments, these attacks are especially common. The updated Nacha rules now require organizations to implement stronger, risk-based monitoring for deceptive ACH activity before payments are submitted. And by the way, this is much bigger than compliance. Nacha’s rule changes reflect a larger reality. Payment fraud has become harder to detect, easier to scale, and more costly than many organizations realize.

Traditional controls like email security, callbacks, ERP approvals, bank account validation, and static rules weren't designed for trusted identity attacks. Email security misses many business email compromise (BEC) attacks because the communications themselves appear legitimate. Callbacks and ERP approvals fail when attackers compromise trusted workflows and vendor relationships. Bank account validation only confirms the account exists, not that the person requesting the payment is legitimate. And static rules struggle because modern fraud is behavioral, contextual, and constantly changing.

The goal of the updated requirements is to help organizations understand normal behavior across vendors, payments, and invoices so they can spot anomalies before money moves. This requires more than static validation. Organizations need behavioral baselines, contextual analysis, anomaly detection, and intent verification capable of identifying when trusted activity stops behaving normally.

Organizations need a structured way to implement these changes. Retailers should:

1. Confirm all ACH uses cases and systems in scope.
2. Assign clear owners across compliance, treasury, finance, and security teams.
3. Document current fraud-monitoring processes.
4. Build behavioral baselines for vendors, users, and payments.
5. Define anomaly rules tied to “False Pretenses” scenarios.
6. Implement pre-submission screening for all outbound ACH payments.
7. Enable risk scoring or tiered review for high-risk transactions.
8. Continuously monitor the payment lifecycle, from vendor onboarding to payment execution.
9. Maintain audit trails for payment decisions.
10. Conduct annual fraud-monitoring reviews.

The goal isn't to add friction for teams. The goal is to add context. Organizations need to understand what normal behavior looks like so they can recognize even the smallest change.

Payment security is becoming an identity and behavioral intelligence problem, not a compliance exercise. Fraud is moving between systems, slipping through gaps in ownership, workflows and controls. Retailers that recognize this shift early will be better positioned to defend against the next generation of AI-powered fraud.

Shai Gabay is the CEO and co-founder of Trustmi, a leader in behavioral AI payment security.