When AWS went down earlier this year, it exposed more than just technical vulnerabilities. According to Trustpair CEO and Co-Founder Baptiste Collot, major disruptions like outages, sanctions, and rapid supplier changes create perfect conditions for fraud. In this Q&A, he breaks down how the “disruption-distraction” cycle works and how automation can help close the gaps.

What’s Related

Supply Chain 24/7: You’ve said disruption and distraction often go hand in hand with fraud. Can you explain that further?

Baptiste Collot: The tariff disruptions this year, 145% on Chinese imports, 25% on automotive parts from Mexico and Canada, created massive disruptions. When companies like Stellantis shut down factories, procurement teams scramble to find new suppliers, and the pressure to move quickly opens up vulnerabilities.

That’s exactly when fraud happens. The process you normally follow to onboard a vendor — including verification steps, bank account validation, and approval layers — is often compressed or bypassed under intense pressure. And fraudsters know this. They watch for companies announcing supply chain shifts or dealing with these public disruptions, then they impersonate legitimate suppliers in the regions you’re moving to. You’re so focused on keeping operations running that you miss what you might have caught under normal circumstances.

SC247: When supply chains are forced to pivot quickly, like during sanctions, outages, or sudden trade shifts, what makes companies especially vulnerable to fraud?

BC: There are three things that create the perfect conditions for fraud during these pivots.

You’re dealing with suppliers in geographies you’re unfamiliar with. When you’re suddenly nearshoring to Mexico or sourcing from Southeast Asia, you’re working with vendors you have no history with, in banking systems you’re completely unfamiliar with. You don’t speak the same language, and you don’t know the people. Without automated validation, manual processes can’t scale to unfamiliar banking systems, where fraud risk is highest. And, of course, fraudsters are aware of the specific gaps that exist in each market. They know which countries have lax validation and which banking systems are vulnerable to impersonation.

You’re no longer able to guarantee the reliability of vendor data. The vendor information you’re receiving — bank details, company registrations, ownership structures — needs careful verification, but under pressure, your teams are stretched thin. Layoffs from cost-cutting measures mean you’ve lost experienced staff who understood the nuances of vendor validation. New team members often lack the institutional knowledge needed to recognize red flags or understand how validation processes vary across jurisdictions. Fraudsters are adept at exploiting exactly these kinds of gaps.

The silos get worse under pressure. In normal times, procurement talks to AP, AP talks to treasury, treasury talks to risk. During a crisis, everyone is in their own corner trying to solve immediate problems. Nobody has the big picture of what’s being onboarded or paid. And this is where educating the market is extremely important, because each time a new team or system is involved, there’s a potential breach. Employees believe that because they are not in charge of this part, it’s not their concern. But from a risk perspective, the data flows through multiple teams, and any handoff can be exploited.

SC247: What does an event like the AWS outage reveal about how dependent companies are on digital systems for vendor verification?

BC: The AWS outage highlighted an important consideration for operational resilience: maintaining verification capabilities even during disruptions. When any critical system experiences downtime — whether it’s a verification platform, cloud infrastructure, or payment network — organizations need alternative ways to validate information.

During unplanned outages, business doesn’t stop. Vendors still need to update their banking details, payments still need to be processed, and decisions still need to be made. Without backup verification methods, companies may default to manual processes, such as phone calls and emails, which can create potential exposure.

This is where layered verification infrastructure becomes valuable. By building verification capabilities that leverage multiple independent data sources and systems, organizations can maintain robust validation processes even when individual components experience issues. This helps create the kind of redundancy that keeps fraud prevention strong under all conditions, expected and unexpected. The key is ensuring your fraud prevention capabilities are as resilient as the infrastructure they protect.

SC247: How are fraudsters using AI to exploit companies, and how can automation be used to fight back?

“Last year, companies experienced a 118% increase in the use of gen-AI-powered methods for fraud attempts. The main problem is the volume of the attacks. What used to be one incident per company per quarter is now hundreds of attempts per month.”

BC: Fraudsters are utilizing AI to operate at scale, generating thousands of personalized phishing emails, creating deepfake voices for CEO fraud, and scraping sufficient public data to make fake vendor profiles appear completely legitimate. Last year, companies experienced a 118% increase in the use of gen-AI-powered methods for fraud attempts. The main problem is the volume of the attacks. What used to be one incident per company per quarter is now hundreds of attempts per month.

Manual verification can’t compete. When nearly 70% of companies still rely on phone calls and emails to validate vendor banking changes, you’re asking AP teams to catch fraud attempts that are specifically designed to pass those exact checks. A fraudster impersonating a vendor will answer the phone. They control the email. Those manual controls provide zero protection at the scale AI operates.

The defense is automated account validation at every point where vendor data enters or changes in your procure-to-pay system. Real-time verification of bank account ownership against actual banking databases — not just routing number checks, but confirming the account belongs to who they claim to be. Continuous monitoring of your entire vendor database ensures you’re alerted the moment banking details change, preventing any payment from being sent out. This needs to happen instantly, across hundreds or thousands of vendors, in multiple countries simultaneously. For cases where verification isn’t clear-cut, you need case management workflows that route flagged transactions through additional review before approval.

You can’t manually verify at the speed AI-enabled fraud moves. Automated validation is the only way to match that pace and actually confirm legitimacy before money leaves your account.

SC247: What’s holding companies back from automating fraud prevention?

BC: It’s not a technology problem. It’s a prioritization problem. Most CFOs I talk to believe they already have strong controls in place. They see multiple approval layers and multiple people involved in the payment process, and think, “We’re covered.” That’s a dangerous assumption.

The reality is that those manual controls create a false sense of security. You have so many people touching the data that no one person sees the full picture. When a fraudster compromises just one point in that chain – maybe through an email attack or by targeting a specific employee – the whole system breaks down.

“It’s not a technology problem. It’s a prioritization problem. Most CFOs I talk to believe they already have strong controls in place. They see multiple approval layers and multiple people involved in the payment process, and think, “We’re covered.” That’s a dangerous assumption.”

The other issue is that fraud prevention often gets deprioritized until after a major fraud event. That’s when everyone pays attention. But before that moment, it’s easy for fraud prevention to fall behind other initiatives, especially when finance teams are already stretched thin. Companies need to understand that automation isn’t replacing people, it’s letting people focus on what actually matters. Let technology handle the repetitive data validation, and free your team to investigate the truly suspicious cases.

SC247: From your perspective, which industries are most exposed right now? Are specific sectors like manufacturing, retail, or logistics facing more fraud pressure than others?

BC: Any industry dealing with rapid supplier turnover is vulnerable, and this issue cuts across various sectors. However, if I had to identify the highest-risk areas right now, it’s companies with complex global supply chains that are being forced to pivot quickly.

When you need to suddenly shift from a Chinese supplier to one in Vietnam or Mexico, that onboarding process becomes a target. Fraudsters know you’re under pressure to move fast, and they exploit that urgency.

The same applies to companies dealing with sanctions or trade restrictions. When you can’t work with your established vendors and need to source alternatives quickly, you create gaps. More supplier changes mean more onboarding activity, and that’s exactly where fraud attempts spike.

Like you said earlier, many of these companies are still using manual processes to validate new vendors. They’re running the same checks they did a decade ago, but the threat landscape has completely changed. Fraudsters are using AI to create convincing fake documentation at scale, including false invoices, spoofed bank accounts and even fabricated company websites. Manual spot-checks can’t keep up with that level of sophistication.

SC247: You spend your days helping companies stop fraud. What’s the most creative scam or “almost” fraud attempt you’ve seen in your own life?

BC: The fraud attempts that keep me up at night aren’t necessarily the most creative. They’re the ones that exploit speed and human limitations.

What has changed dramatically is that AI now allows fraudsters to personalize attacks across thousands of targets simultaneously. They can write convincing emails in hundreds of different languages, all tailored to specific companies and timing.

Recently, we received a call from an education-based organization on a Friday at 5 pm — they’d lost millions in a single fraudulent payment. This wasn’t an isolated case. When companies get hit, they’re not losing $10,000. We’re seeing losses of $5 million, $20 million, and even $25 million in single incidents. These are public cases.

What makes these attacks so effective is that they exploit the exact moment when companies are most vulnerable — when they’re rushing to close a quarter, onboarding vendors quickly due to supply chain shifts, or under pressure to move payments fast.  Last year, 50% of companies reported an increase in fraud attempts during holiday periods, such as summer and Christmas, when people are out of the office and the remaining staff are stretched thin. The fraudsters don’t need to be particularly creative; they just need to catch you at the wrong time with too many manual controls and not enough automated validation.

Fraud prevention can’t rely on adding more human checkpoints to an already strained process. When you’re asking people to do more controls in less time, something will slip through. That’s why systematic, automated bank account validation is critical. It’s the only way to match the speed and scale of modern fraud attempts.