This article is written by Trustpair
Executed in 10 seconds, instant payments remove the possibility of after-the-fact controls. More than ever, companies need to strengthen their payment process, thanks to robust internal control measures and improved collaboration. Giovanna Guidolin, head of Anti-Fraud at UniCredit, shares her insights and best practices to stop instant payment fraud.
For more insights and best practices, download Trustpair and UniCredit’s latest white paper about Instant Payments.
I’m Giovanna Guidolin. I’ve been working for Unicredit for 25 years. Before taking responsibility for the Antifraud department, I built up a solid experience of more than 12 years in Internal Controls and Investigations. I have a strong interest in understanding criminal behaviors and new Fraud scenarios.
Yes, the shift toward digital payments has indeed increased fraud risks. As more transactions move online and rely on digital platforms, cybercriminals have adapted their tactics to exploit vulnerabilities in these systems. Some of the main trends observed in payment fraud are driven by techniques known as Social Engineering.
Cybercriminals use several methods, including phishing, credential stuffing, spoofing, or artificial intelligence to gain unauthorized access to individuals’ or businesses’ accounts. The exponential increase in the use of social networks, as well as the pandemic period, have also contributed to the change and increase in the target audience of possible victims.
Business Email Compromise (BEC) scams target businesses, often using social engineering tactics to trick employees into transferring funds or providing sensitive information. These scams can result in significant financial losses for organizations.
These trends highlight the evolving nature of payment fraud and the importance of implementing robust security measures, such as multi-factor authentication, encryption, fraud detection alerts, and user education, to mitigate risks and protect consumers and businesses from financial losses.
Certainly, instant payments present both benefits and risks. While they offer convenience, speed, and efficiency in transferring funds, they also introduce several risks that need to be carefully managed.
For example:
Fraudulent Transactions
The speed of instant payments means that there is less time for financial institutions to detect and prevent fraudulent transactions. Fraudsters can take advantage of this window of opportunity to conduct unauthorized transactions before they are identified and stopped.
Account Takeover
Instant payments can be used to facilitate account takeover fraud, where cybercriminals gain unauthorized access to individuals’ or businesses’ accounts and initiate fraudulent transactions in real time.
Transaction Reversals
Unlike traditional payment methods where transactions can be reversed or disputed, instant payments are typically irrevocable once initiated. This means that if a payment is made in error or as part of a scam, it may be challenging to recover the funds.
To mitigate these risks, financial institutions and payment service providers must implement robust security measures, such as transaction monitoring, authentication controls, encryption, and fraud detection alerts. Additionally, customer education and awareness programs can help individuals and businesses understand the risks associated with instant payments and take appropriate precautions to protect themselves against fraud and financial loss.
Businesses can take several strategic measures, for example:
Implement Robust Fraud Detection and Prevention Measures
Businesses should deploy advanced fraud detection software that can monitor transactions in real time, detect suspicious patterns or anomalies, and flag potentially fraudulent activities. This may include machine learning algorithms, anomaly detection techniques, and behavior analysis to identify and prevent fraudulent transactions.
Enhance Authentication and Authorization Controls
Businesses should implement strong authentication measures, such as multi-factor authentication (MFA) and biometric authentication, to verify the identity of users and prevent unauthorized access to accounts or payment systems. Additionally, they should enforce strict authorization controls to limit access to sensitive systems and data only to authorized personnel.
Invest in Secure Payment Infrastructure
Businesses should invest in secure payment infrastructure and technology to ensure the reliability, availability, and security of instant payment systems. This may involve adopting encryption protocols, tokenization techniques, and secure communication channels to protect sensitive data transmitted during payment transactions.
Educate Employees and Customers
Businesses should provide comprehensive training and awareness programs for employees and customers to educate them about the risks associated with instant payments and how to identify and respond to potential threats. This may include raising awareness about common scams, phishing attacks, and social engineering tactics used by fraudsters.
Establish Clear Policies and Procedures
Businesses should establish clear policies and procedures for conducting instant payment transactions, including guidelines for verifying the authenticity of transactions, reporting suspicious activities, and resolving disputes or errors. These policies should be regularly reviewed and updated to address emerging threats and regulatory requirements.
Monitor and Analyze Transaction Data
Businesses should continuously monitor and analyze transaction data to identify emerging trends, patterns, and anomalies that may indicate fraudulent activities. This may involve leveraging data analytics tools and techniques to gain insights into customer behavior, transaction patterns, and potential fraud indicators.
Collaborate with Industry Partners and Regulatory Authorities
Businesses should collaborate with industry partners, financial institutions, and regulatory authorities to share information, best practices, and threat intelligence related to instant payment risks. This collaboration can help businesses stay informed about emerging threats and regulatory developments and enhance their overall security posture.
By implementing these strategic measures, businesses can better prepare for instant payment risks and leverage this payment method to improve the customer experience, increase operational efficiency, and drive business growth while safeguarding against fraud and financial losses.
Treasury Masterminds is a community of professionals working in treasury management or those interested in learning more about various topics related to treasury management, including cash management, foreign exchange management, and payments. To register and connect with Treasury professionals, click [HERE] or fill out the form below to get more information.
This article is a contribution from our partner, Embat
As finance temas evolve from manual, file-based operations to real-time data-driven environments, one technology is quietly reshaping the backbone of financial connectivity: APIs (Application Programming Interfaces). For years, finance teams have been forced to rely on SWIFT files, SFTP servers, and nightly batch updates. Today, APIs are enabling instant access to cash positions, real-time payment execution, and seamless data flows between systems. The result? Faster decision-making, better control, and radically improved operational efficiency.
But what does it actually mean to “connect your TMS to your ERP and your banks via API”? In this article, we’ll break down the API building blocks of a modern treasury stack, explain how to integrate them, and share a real-world example of what this looks like in action.
APIs are software interfaces that allow different systems to “talk” to each other in real time. Think of them as the pipes that connect your treasury plumbing: your ERP (where transactions originate), your TMS (where liquidity and risk are managed), and your banks (where cash is held and moved). Instead of uploading files or sending emails, APIs enable direct, instant communication between these systems.
In treasury, this means:
APIs reduce manual errors, enhance visibility, and provide agility in responding to market changes — all of which are critical in today’s volatile financial environment.
To understand API integration, let’s break the treasury tech stack into three parts:
This is your accounting system — SAP, Oracle, Microsoft Dynamics, Netsuite , etc. — where invoices, payroll, and vendor payments originate.
This is the control tower for treasury. It manages cash flow forecasting, FX risk, intercompany loans, and bank account visibility.
These are your cash custodians. Banks offer APIs for balance reporting, payment execution, transaction notifications, and FX services.
APIs connect these three layers, enabling a seamless data exchange between operational finance (ERP), strategic decision-making (TMS), and execution (banks).
A typical API integration follows this flow:
Your ERP sends payment proposals, forecasted cash flows, and invoice data to your TMS via API. This helps the TMS consolidate positions and project liquidity across time horizons.
The TMS sends validated and approved payments, FX deals, or sweeping instructions to your bank via its corporate API. Banks respond instantly with confirmations, reference numbers, or error messages.
Your TMS receives real-time balance and transaction data from each bank account via API. This data can also be passed to the ERP for reconciliation and reporting purposes.
Together, this closed loop allows treasurers to manage cash, risk, and payments from a single interface — without ever exporting a file.
When integrating APIs in treasury, data protection and access control are essential. Key areas to focus on:
In short, treat APIs like opening a digital vault: only the right people and systems should ever get the key.
Implementing API integrations doesn’t have to be a chaotic and complex project. Follow these principles for a smooth rollout:
A European technology company using Embat’s TMS integrated its ERP (Netsuite) and two main banking partners via API. The project enabled the following:
The result: 90% fewer reconciliation errors, cash visibility by 9:00am every day, and real-time FX rate validation before settlement. What used to take hours and emails now happens automatically, every day.
APIs are no longer a buzzword — they are the foundation of a modern treasury infrastructure. By connecting your TMS, ERP, and banks through APIs, you enable faster, smarter, and more secure treasury operations. Whether you’re a multinational or a fast-scaling startup, building an API-first treasury stack is the next logical step toward efficiency, agility, and control.
Now is the time to assess your systems, talk to your banks, and start building the infrastructure of tomorrow — today.
Treasury Masterminds is a community of professionals working in treasury management or those interested in learning more about various topics related to treasury management, including cash management, foreign exchange management, and payments. To register and connect with Treasury professionals, click the button below.
This article is written by Nomentia
Your cash flow forecast is lying to you. Not on purpose, but it’s wrong—probably by a lot. Spreadsheets lull you into a false sense of control, but the numbers lie. They miss shifts in spending, overlook delayed payments, and crumble the moment reality deviates from last month’s assumptions. By the time the cracks show, you’re already scrambling—plugging holes, chasing down cash, and making desperate decisions.
Hubert Rappold works as a Senior Treasury Expert at Nomentia, bringing his over 20 years of expertise to serving Nomentia’s customers’ treasury needs and challenges in payments, cash visibility, and forecasting.
Johannes Pöschl is a Senior Data Scientist at Nomentia, specializing in predictive analytics and AI-driven cash flow forecasting solutions.
A cash flow forecast that’s even slightly off can send your business into a tailspin. As Hubert Rappold puts it: “Small deviations in cash flow forecasts can lead to big financial risks.” Underestimate expenses, and you’re suddenly short on cash when payroll hits. Overestimate revenue, and you’re making spending decisions based on money that isn’t actually there. “Basing your decision on a forecast that is substantially off; you might end up making decisions based on inaccurate data—like borrowing unnecessarily or mismanaging liquidity.” The further your forecast drifts from reality, the riskier every financial move becomes. And in a world where margins are tight, customers pay late and surprises lurk around every corner; imprecise forecasting isn’t just an inconvenience but a liability.
At its core, cash flow forecasting is just this: predicting how much money will move in and out of your business over a given period. It’s not about spreadsheets or fancy formulas but knowing, with as much certainty as possible, whether you’ll have enough cash to cover what’s coming.
Most businesses, big and small, still rely on outdated tools and methods that weren’t built for today’s financial landscape. Here’s why they fail:
Let’s be clear—treasurers and finance managers are some of the most skilled problem-solvers in any business. They know how to fine-tune their forecasts, clean up messy data, and make Excel do what they need. But time is limited, and expectations keep rising. The demand for instant, up-to-date cash visibility means they can only do so much, no matter how skilled they are.
“Excel-based forecasting worked perfectly fine when business environments were more predictable,” explains Johannes Pöschl. “But today, cash flows are influenced by a web of factors—seasonality, economic shifts, even supplier behavior. Static spreadsheets just can’t keep up with that complexity.”
And here’s the real danger: many forecasts depend entirely on the person who built them. If that expert is unavailable—whether they leave, take a vacation, or simply get swamped—no one else knows exactly how their formulas and models work. That’s a terrifying prospect for any company relying on accurate cash flow predictions.
This is where AI-driven automation changes the game. Instead of a fragile, human-dependent system, businesses get a dynamic, always-updating forecast that adjusts in real time. It doesn’t replace the finance team—it gives them superpowers. Let’s take a look at:
For many, forecasting cash flow, is a reactive scramble. No wonder, when traditional forecasting relies on static models and best guesses. Implementing AI into your forecasting you can go beyond static formulas and outdated assumptions. Not just automate your forecasting, but make it smarter, spot hidden patterns and continuously refines projections.
“AI forecasting can lead to more objective forecasts, leaving behind the impact of regional optimism biases in forecasting,” says Johannes. “They can also incorporate resource prices and estimate their effects on supplier prices that traditional models or treasurers might miss.”
As Hubert adds: “AI can automatically classify transactions from bank statements, showing finance teams exactly where cash flow discrepancies are coming from—late customer payments, unexpected supplier costs, or seasonal trends. That kind of insight is invaluable.”
Here’s how it stacks up against traditional methods:
| Traditional forecasting methods | Challenges for forecast accuracy | AI in forecasting: Key techniques for accuracy improvement |
| Manual data entry & spreadsheets | Prone to human error, delays, and data inconsistencies | Automated connectivity & forecast reconciliation: integrating real-time bank & ERP data to eliminate errors and update forecasts dynamically. |
| Rule-based forecasting (fixed models) | Rigid assumptions fail to capture real-world volatility | Machine learning & pattern recognition: AI-powered forecasting learns from past errors and adapts dynamically to new trends. |
| Historical trend extrapolation | Fails to account for sudden economic shifts, external shocks | Multi-variable analysis: AI-driven forecasting incorporates economic indicators, market trends, and business-specific variables. |
| Limited scenario planning | Forecasts become unreliable in times of uncertainty | Risk simulations & stress tests: AI forecasting can run multiple scenarios to assess financial resilience under various conditions. |
| Static payment terms-based Cash flow predictions | Overlooks customer-specific behavior, which leads to inaccurate receivables forecasts | Dynamic payment behavior predictions: AI forecasts can analyze past payment trends to predict late payments with higher accuracy. |
| Isolated departmental forecasting | Fragmented cash flow data across finance, treasury, and operations | Automated connectivity: Forecasts integrate multiple data sources for a holistic, real-time view of liquidity. |
| Lack of external market consideration | Ignores macroeconomic trends, FX rates, inflation, and geopolitical risks | Sentiment & market trend analysis: AI-supported forecasts process can incorporate market sentiment indices, GDP forecasts, interest rates and other data affecting the business environment to refine forecasts. |
| Reactive forecast adjustments | Adjustments are made after discrepancies occur, not proactively | Self-learning algorithms: continuous refinement of forecasts based on real-time variance analysis. |
| Delayed cash flow reconciliation | Forecasts deviate from reality due to mismatches in receivables/payables data. | Automated invoice matching & forecast reconciliation: reconciling forecasts against actual bank transactions in real-time. |
“Take something as simple as public holidays,” says Johannes. “They affect cash flows differently depending on the industry and country, and AI can model these effects automatically. Over time, the system refines itself, making forecasts even more accurate.”
Hubert gives another example: “AI can analyze past customer payment behaviors to refine expected due dates. But even simple logic—like applying Days Sales Outstanding (DSO) metrics—can significantly improve accuracy, especially for short-term forecasts.”
Let’s consider:
Every morning, the Treasurer of a globally operating business opened the same monster Excel file—a tangled web of formulas, manual inputs, and linked sheets that somehow held the key to the company’s cash flow. Keeping it updated was a full-time job. Data trickled in from subsidiaries across time zones, bank accounts were scattered across multiple institutions, and assumptions had to be constantly tweaked. Forecasting was supposed to provide clarity, but instead, it felt like a high-stakes guessing game.
The demands from leadership kept growing: More accuracy. More real-time visibility. More risk mitigation. But with what? The Treasurer had already pushed Excel to its limits, building an intricate system that only they truly understood. When the CFO needed answers, they delivered—but not without late nights, countless emails chasing missing numbers, and a nagging fear that one small mistake could throw everything off.
Then came the talk about AI-powered forecasting.
It sounded promising—automation, real-time data analysis, better predictions. But there was also an unspoken worry: What if this replaces me? What if all my expertise, my hard-earned knowledge, gets sidelined by software?
And yet, the bigger fear wasn’t AI. It was this. This endless cycle of manual work, desperate fixes, and hoping that when leadership asked for insights, the numbers weren’t off—because if they were, it would be their name on the line. Worse still, if they ever stepped away, who else would even know how to keep this monster running?
That’s when the real question hit: What’s the bigger risk—adopting AI or continuing like this? Spending hours babysitting spreadsheets?
The reality hit. So they ran the numbers. Even a small boost in forecast accuracy would cut emergency borrowing and save more than enough to justify the investment. The business case was clear. It was time to kill the spreadsheet before the spreadsheet killed them.
“A lot of treasurers worry that AI will replace them,” Johannes notes. “But in reality, AI is just a tool—it provides forecasts, but treasurers still bring the expertise to validate and interpret them. The most successful teams use AI to eliminate tedious manual work, freeing themselves to focus on strategy.”
Hubert agrees: “If you set up AI-driven forecasting right, you don’t just improve accuracy—you make life easier. Treasurers get instant feedback, can compare past forecasts to actuals, and refine their approach over time. The goal isn’t to replace them; it’s to give them better tools.”
You wouldn’t steer a company based on gut feelings alone—so why accept guesswork in cash flow forecasting? AI isn’t a magic fix, but it’s the difference between informed decisions and financial blind spots. The real risk isn’t AI—it’s sticking to spreadsheets while the world moves forward.
Treasury Mastermind is a community of professionals working in treasury management or those interested in learning more about various topics related to treasury management, including cash management, foreign exchange management, and payments. To register and connect with Treasury professionals, click [HERE] or fill out the form below to get more information.
From Treasury Masterminds
Verification of Payee (VoP) was designed to address a specific problem: money being sent to the wrong account. Whether through fraud, human error, or manipulated vendor data, misdirected payments cost businesses—and banks—billions every year. VoP was meant to close that gap by checking the payee name against the account details before any funds move.
In theory, it’s a straightforward control. In practice, the picture is considerably more complicated. After years of rollout, adoption remains patchy. Corporates are applying VoP at different stages of the payment lifecycle — and some have skipped it altogether. The question is no longer whether VoP is a good idea. The more useful question is: where does it actually add value, and where does it fall short?
The most underappreciated dimension of VoP is not whether you do it, but when. Most organisations that have implemented it apply the check at the point of payment — the moment before a transaction is submitted. That feels logical. It’s the last gate before money leaves.
The problem is that by that point, a significant amount of work has already been done. The vendor has been onboarded. A purchase order has been raised. An invoice has been approved. The payment has been queued. If a VoP check at the payment stage returns a mismatch, the team isn’t just looking at a flagged transaction — they’re looking at a compromised process that may need to be unpicked entirely.
This creates a dilemma that treasury and finance operations teams know well: hold the payment and absorb the internal friction, or release it and accept the risk. Neither option is satisfactory. And yet it is the predictable consequence of applying a verification control too late in the process.
The alternative — verifying at onboarding, before a vendor is activated in the system — addresses this at the root. Mismatches surface before any transactional relationship is established. The organisation has time and leverage to investigate without payment deadlines creating pressure to override controls.
Even organisations that have implemented VoP at onboarding are often exposed by a different vulnerability: changes to existing vendor records. Business email compromise (BEC) fraud, one of the most financially damaging forms of corporate fraud, frequently works not by creating fake vendors but by hijacking real ones.
The attack is straightforward. A fraudster impersonates a known supplier, contacts accounts payable, and requests a bank account update. The vendor exists in the system. They have a payment history. The change request looks plausible. If the organisation’s process involves verifying account changes against the VoP database at the time of the request — and acting on the result — the fraud can be caught. If that step is absent or bypassed, the next payment to that supplier goes to a fraudulent account.
This is an area where many VoP implementations have a genuine gap. The check was set up for new payees. The assumption was that existing, validated vendors are safe. That assumption does not hold when vendor master data can be changed, and changes are not automatically re-verified.
The opt-out rate for VoP among corporates is higher than most public commentary acknowledges. The reason is rarely ignorance of the risk. It is usually a calculation of operational cost.
False positives are the central issue. VoP matching is imperfect. Name variations, trading names that differ from legal names, and data quality gaps in bank records all generate mismatches on legitimate payments. Each false positive requires investigation. In a high-volume payment environment, the cumulative cost of those investigations — in time, in staff, in delayed payments — can quickly outweigh the perceived fraud prevention benefit.
The integration burden compounds this. For organisations running payments across multiple banks, ERPs, and jurisdictions, building a VoP check into every relevant workflow is a non-trivial technical project. When the business case is unclear and the operational disruption is tangible, deferral becomes the rational short-term choice.
This is not an argument against VoP. It is an argument for implementing it in a way that reduces operational friction — which means earlier in the process, with better data quality, and with clear protocols for handling exceptions.
VoP is a useful control. It is not a complete fraud prevention framework. Organisations that treat it as the latter will have gaps.
A VoP check confirms that a name and account number are linked in the bank’s records at that moment in time. It does not confirm that the person requesting the payment is authorised to do so. It does not confirm that the invoice is legitimate. It does not confirm that the account has not been compromised since the last payment. It does not replace the controls around who can modify vendor master data, or who can approve payments above certain thresholds.
The organisations seeing the best results from VoP are those that have positioned it as one layer in a broader control stack: onboarding validation, change management protocols, payment approval workflows, and ongoing monitoring working together rather than treating a single check as sufficient.
From a banking perspective, VoP sits at the intersection of compliance, fraud prevention, and customer service — not always a comfortable place. Banks are required to provide the infrastructure for VoP checks and respond to queries accurately. But the quality of the data underpinning those responses varies, and banks are not always in a position to explain why a mismatch has occurred or help a corporate resolve it quickly.
There is also a regulatory dimension that is still evolving. The rules around what banks must check, what liability they carry when a VoP check passes a fraudulent payment, and how cross-border transactions are handled are not yet fully settled. This creates uncertainty for corporates trying to build policy around VoP outcomes — particularly around what a ‘match’ actually means in terms of assurance.
VoP is not going away. Regulatory pressure in Europe and beyond is pushing towards broader mandatory adoption, and the underlying logic — verify before you pay — is sound. But the current gap between policy intent and operational reality is significant enough that many organisations are either not using it, using it poorly, or using it at the wrong point in their processes.
Closing that gap requires a clearer-eyed view of where VoP actually adds value (upstream, at onboarding and on changes), where its limitations lie (anything downstream of a compromised data change, or outside its matching logic), and what needs to sit alongside it to build a genuinely robust payee verification process.
A 45-minute panel session hosted by Treasury Masterminds in partnership with SisID. Three practitioners — from banking, corporate treasury, and fintech — take a practical look at how VoP is being used today, where it falls down, and what needs to complement it.
Speakers:
Moderated by Patrick Kunz, Founder of Treasury Masterminds.
Free to attend. Click below to register and submit questions ahead of time
