By Shai Gabay, co-founder and CEO, Trustmi
Enterprise Resource Planning (ERP) systems are the bedrock for a business’s operations. They oversee finance, procurement, supply chains, and customer relationships, making them the hub of both sensitive data and payments.
With all this power concentrated in one place, it’s no surprise cybercriminals are setting their sights on ERPs. And now, with sophisticated GenAI-powered tactics providing attackers new avenues of entry, ERP breaches have become one of the most strategic —and dangerously overlooked —fraud gaps in B2B finance.
The numbers back it up. According to the Association of Financial Professionals’ 2025 Payments Fraud and Control Survey, 79% of organizations were targeted by payments fraud attacks in 2024. As payment fraud continues to rise globally, understanding how attackers gain access to ERP systems to manipulate or reroute payments is vital for security, finance, and IT teams.
People, Processes & Technology: Prime Targets for ERP-Focused Payment Fraud
People and processes play a critical role in the evolution of ERP attacks. Because the system is closely integrated across departments, a single breach in one area can quickly cascade into major financial loss. Once inside, attackers can easily modify payment instructions to reroute funds to their own benefit. These transactions often appear legitimate, making the impact difficult to detect until it is too late.
A common tactic involves exploiting vulnerabilities or misconfigurations in ERP platforms. These can include outdated software with missing critical security patches, weak password access controls, poorly managed user permissions, or unsecured third-party APIs. Attackers also target master data records. By silently changing a vendor’s stored bank account details, they can reroute legitimate payments without raising suspicion. Because these changes happen inside the ERP, everyday approval workflows are still followed, but the funds end up in fraudulent accounts.
Insider threats are just as dangerous. Employees or contractors with elevated ERP access can change a vendor’s banking information, submit fake invoices from nonexistent companies, and even override payment system controls. For example, a finance team member with elevated ERP permissions might reroute a payment by editing a vendor’s account information. They can then switch the data back immediately after funds are transferred. This is why these attacks require significant due diligence and monitoring to identify and stop them.
A Closer Look at Real-World ERP Fraud Attempts
In 2019, researchers uncovered the 10KBLAZE campaign, a set of exploits targeting unsecured SAP configurations. The flaws allowed attackers to gain unauthenticated access to SAP NetWeaver systems, escalate privileges, and take full control of ERP environments. With this level of access, adversaries could alter financial data, change vendor master records, or reroute payments. This was an early example of how system vulnerabilities can drive ERP fraud.
Fast forward to 2025, when multiple new attacks showed just how serious the risk has become. One zero-day vulnerability in SAP NetWeaver’s Visual Composer exposed more than 400 systems. By bypassing key checks, attackers gained access to platforms holding financial, procurement, and supply chain data. The flaw was later patched, but the incident showed how ERP weaknesses can create systemic fraud risk across industries.
In another case that same year, attackers exploited a critical command-injection flaw (CVE-2025-42957) in SAP S/4HANA ERP platforms. According to NIST, the flaw allowed low-level users access to inject arbitrary ABAP code via an RFC endpoint, effectively granting full ERP system control. Attackers could manipulate databases, create admin accounts, and exfiltrate data. Although SAP released a patch in August 2025, security researchers at SecurityBridge confirmed active exploitation in the wild.
Protecting the ERP Holistically: Bridging the Fraud Gap with People, Process and Technology
The recent wave of ERP-targeted attacks shows just how exposed these systems are when gaps go unchecked. Addressing the risk means looking beyond technical patches and approaching ERP protection as a balance of people, processes, and technology.
People
ERP security depends heavily on employee awareness. Yet many finance teams don’t realize that attackers can take over ERP systems to reroute payments or manipulate records. Without that knowledge, they’re unprepared for how sophisticated these schemes can look. Targeted training on ERP-specific fraud scenarios is critical. When staff know how to recognize fake emails, invoice scams, or unusual payment requests, they’re far more likely to stop fraud before it reaches the system.
Process
An ERP security strategy must also focus on processes that govern payment access and approvals. Restricted permissions limit employees to only the workflows or vendor records relevant to their role. Separating duties such as invoice entry, approvals, and payment processing further reduces the risk of insider threats. But this division of labor also creates a greater need for technology that can provide holistic oversight.
Technology
We know that traditional firewalls and email filters do not provide enough security in today’s intense data and payment fraud environment. There is a significant need for quick detection to prevent costly outcomes. In the age of AI, this includes leveraging the speed and sophistication of the technology to analyze, monitor, and track behaviors, alerting businesses to anomalies.
AI can be integrated across ERP, email, and procurement systems to detect and prevent fraud attempts. It can advance monitoring in many ways, including detecting suspicious changes to vendor bank accounts, establishing a baseline for vendor payment behavior, and determining what constitutes ‘normal’. AI can also alert finance and IT teams to variations in the usual process, such as early payment requests or invoices asking for unusually large payments.
The Bottom Line
Businesses count on ERP systems as operational tools, but must not forget how deeply tied they are to the movement of money. That makes them one of the most strategic control points in the fight against B2B payment fraud. By understanding the risks, investing in security education, enforcing best practices, and leveraging intelligent detection technologies, organizations can not only safeguard their data but also their bottom line.
About the Author
Shai Gabay is a co-founder and the CEO of Trustmi, a leading end-to-end payment security platform founded in Israel in 2021. Prior to Trustmi, he served as General Manager at Opera, VP of Product and Services at Cynet, CIO at Cyberbit, and CISO at Discount Bank. Shai holds a Bachelor’s Degree from Shenkar College in software engineering, and also a Master’s degree in Business Administration and Management from Tel Aviv University.
Recent PaymentsNEXT posts: