Why Payment Fraud Is Every Business’s Problem
Imagine your accounts payable team receives an email. It looks exactly like a message from a long-standing supplier, the same logo, the same sign-off, the same familiar tone. The message states that the supplier’s bank details have changed and asks you to direct the next payment to a new account. The payment is made. A week later, the real supplier calls asking why the invoice is overdue. By then, the money is gone.
This is not a hypothetical scenario. It happens to businesses around the world every day.
Payment fraud does not only affect banks or investment firms. It affects every company that pays suppliers, settles invoices, or receives payments from clients. And one of the most practical tools available to counter it is the LEI code, something most ordinary businesses have never heard of.
The Scale of Payment Fraud Is Striking
Payment fraud is not a marginal problem. According to the Association for Financial Professionals, 76% of organisations experienced attempted or actual payments fraud in 2025. That means two out of every three businesses encounter fraud attempts in any given year.
The attacks are aimed precisely at the people who handle everyday invoices and payments: accountants, finance managers, and procurement staff. According to the FBI’s 2024 Internet Crime Report, business email compromise caused losses of 2.77 billion dollars in the United States alone in 2024, across 21,442 reported incidents. And those are only the cases that were reported.
How Payment Fraud Works: Three Common Schemes
All forms of payment fraud share one underlying condition: the fraudster succeeds because the victim cannot quickly verify the counterparty’s identity.
Invoice Fraud and Supplier Impersonation
The fraudster identifies a regular supplier in your network and sends an invoice that looks identical to a genuine one. Only the bank details are different. In many cases, no system access is needed. Publicly available information, a similar email address, and some patience are enough. Smaller businesses are particularly exposed because they tend to have fewer formal verification steps in place.
Business Email Compromise
Business email compromise, or BEC, is more sophisticated and more damaging. The fraudster gains access to your supplier’s email account, monitors the correspondence for weeks, and steps in at precisely the right moment, just before a large invoice is due. Only the payment details are changed, and the money goes to the wrong account.
What makes this difficult to catch is that the message comes from a genuine email address, follows a real conversation thread, and contains no technical signs of fraud. Standard email security filters do not stop it.
Fake Supplier Creation
The fraudster creates a fictitious company, registers it, builds a website, and submits a proposal. The business signs a contract, pays an advance, and the supplier disappears. This scheme tends to target larger organisations with more complex procurement processes.
In all three cases, the victim was unable to reliably verify who they were actually dealing with. A company name is not a unique identifier, and fraudsters exploit that gap deliberately.
Why Identity Verification Is So Difficult
Registration numbers are jurisdiction-specific. An Estonian business registration number means nothing to a German bank or a partner in Singapore. Each country uses its own format, its own registry, and its own language. In cross-border business, this means verifying a counterparty’s identity requires slow, manual work.
Company names are not unique. Many jurisdictions permit similar or even identical names across different countries. Fraudsters register companies whose names closely resemble well-known organisations and rely on the fact that busy finance teams may not notice the difference.
What the LEI Code Actually Shows
The LEI code, or Legal Entity Identifier, is a 20-character unique identifier that any legal entity in the world can obtain. GLEIF, the Global Legal Entity Identifier Foundation, maintains a public database containing verified and up-to-date information for every registered entity.
An LEI lookup returns the following:
Level 1 data (“who is who”): legal name, registered address, country and jurisdiction, business registration number and registry, entity type, LEI status (Active or Lapsed), and a history of changes to the record.
Level 2 data (“who owns whom”): direct parent entity and ultimate parent entity within a corporate structure.
What an LEI lookup does not show: bank account details, contact numbers, or natural persons. Understanding this is important for using the tool correctly.
The LEI database is free, open, and requires no registration. It is available at GLEIF LEI Search.
How the LEI Works Against Fraud in Practice
Manual Verification in Three Steps
Step 1 — Request the LEI code from any new supplier. Add a single field to your supplier onboarding process: LEI code. This is a standard part of counterparty due diligence that an increasing number of businesses are now applying as a matter of course.
Step 2 — Verify the code in the GLEIF database. Enter the LEI code at GLEIF LEI Search or use the LEI search tool on our website. You will immediately see the legal name, registered address, and business registration number. Compare these against what appears on the invoice or contract. If everything matches, the identity is confirmed. If it does not, that is a clear warning sign.
Pay attention to the LEI status as well. Active means the data is current and verified. Lapsed means the entity has not renewed its LEI and the accuracy of the data is uncertain. A lapsed LEI is itself a risk signal that should not be overlooked.
Step 3 — Treat any change to bank details as a two-step process. The LEI does not show bank account information, so it cannot fully replace a manual check in this situation. But it still helps. If you receive a request to change payment details, first verify through the LEI that the sender is who they claim to be. Then call the supplier directly using a contact number already in your records, not one provided in the new message. These two steps together cover the most common invoice fraud scenarios.
Automated Verification for Larger Organisations
For larger organisations managing hundreds of suppliers and processing high volumes of payments, manual checks are too slow. This is where the LEI becomes particularly valuable, because it is a structured, machine-readable data format.
GLEIF provides a public API that allows LEI data to be integrated directly into enterprise software. An accounts payable platform or supplier management system can automatically query the GLEIF database for each new counterparty, compare the results against existing records, and flag any discrepancies for human review. Identity verification happens in the background, without anyone needing to search manually.
The LEI in the Regulatory Framework
The LEI code is not only a voluntary tool. Regulators around the world have begun linking it directly to payment security and fraud prevention.
The EU Instant Payments Regulation has required all eurozone payment service providers to verify the payee’s name before processing instant transfers since October 2025. The regulation recognises the LEI as a tool for automating the matching of an IBAN against the account holder’s name. This directly reduces the risk of authorised push payment fraud, where funds are sent to an account controlled by a fraudster. For more detail on this, see our article on LEI and Verification of Payee.
The Financial Action Task Force (FATF) updated its international payment transparency standard, Recommendation 16, in June 2025. Under the revised standard, cross-border payments above 1,000 euros or dollars must include verified information about both the originator and the beneficiary. Where the party is a legal entity, the LEI is one of the accepted identifiers. The standard takes full effect in 2030.
What Your Business Can Do Today
Obtain an LEI code for your company. With an LEI, you can share a verified identifier with partners, include it on invoices and contracts, and use it as proof that your business is who it claims to be. This matters most in cross-border transactions, where your counterparty may have no familiarity with your local business registry. Registration takes a few minutes and the LEI is issued almost immediately: register your LEI code.
Require an LEI from your suppliers. Add one field to your supplier onboarding process. Verification is free and takes seconds. If the data matches, you have confirmation. If it does not, you have grounds to ask questions before making a payment.
Apply a bank detail change rule. Any request to change payment details should require two confirmations: an LEI check and a phone call to a contact number already held in your records. This single rule would have prevented the majority of classic invoice fraud cases.
Include your LEI on your invoices. This helps your partners verify your identity and signals that your business takes transparency seriously.
Summary
Most payment fraud succeeds because counterparty identity is difficult to verify quickly and reliably. The LEI code addresses one specific and very common weak point: a single globally unique, publicly verifiable identifier makes fraud significantly harder to carry out. Smaller businesses can run the check manually in seconds. Larger organisations can automate the process entirely.
If your business does not yet have an LEI code, obtaining one is the simplest step you can take today to improve the security of your payments: register your LEI code.
If your LEI code needs renewing, you can do that here: renew your LEI code.