Embedded payments are altering how money moves through digital commerce, but the same design that removes friction for users also opens new entry points for fraud. As transactions become faster and more deeply integrated into platforms, the perimeter that once defined payment security has become ever-more vulnerable.
That shift, according to Eric Frankovic, president of corporate payments at WEX, has forced a reconsideration of where risk begins and how it is managed. Fraud is no longer confined to the moment of payment. It has migrated earlier in the process.
As embedded payments compress the time between intent and settlement, fraudsters have adjusted their tactics accordingly. Frankovic noted: “As payments get easier and faster, fraud gets smarter and moves upstream.”
That upstream shift places pressure on areas that were once considered peripheral, including onboarding flows, application programming interface (API) integrations and partner ecosystems.
The implication is that defending a single transaction is no longer sufficient. Attackers are now probing for weaknesses in identity verification, data exchange points and third-party connections, where controls may be less mature or inconsistently applied, Frankovic said.
Advertisement: Scroll to Continue
Fraud risk is now distributed across the full life cycle of a payment, from account creation through execution and settlement. Institutions that focus only on transaction-level defenses risk reacting too late.
Accountability Becomes a Structural Issue
As fraud migrates across interconnected systems, questions of accountability have become more complex. Multiple stakeholders, including banks, FinTechs and platforms, participate in embedded payment flows. Yet when something goes wrong, responsibility cannot remain ambiguous.
Frankovic stressed that while collaboration is necessary, liability must be clearly assigned. “If ownership isn’t clear, fraud will find the gaps,” he said.
In practice, this often places the burden on the platform orchestrating the transaction, where user behavior, transaction data and decisioning converge.
The lack of clarity creates operational risk. Fragmented ecosystems, particularly those built on multiple third-party providers, can obscure where controls reside and who bears the cost of failure. Establishing accountability up front is not simply a contractual matter. It shapes how controls are implemented and enforced across the system.
Prevention Replaces Detection
The compression of payment timelines has also narrowed the window for intervention. Manual review, once a fallback for suspicious activity, is becoming impractical. “There’s no time for the manual review. Everything shifts to real-time scoring automation controls and the ability for us to act immediately,” Frankovic told PYMNTS.
Frankovic framed the objective in simple terms: “The best fraud strategy remains simple. It’s don’t let the bad transaction happen.”
Achieving that goal, however, requires rethinking system design so that risk signals are evaluated continuously, not only at the point of payment, and a successful defense requires embedding controls directly into the transaction flow and making decisions at machine speed.
Balancing Friction and Experience
The move toward prevention introduces a tension between security and user experience. Embedded payments have been built on the promise of seamless interactions. Introducing controls risks undermining that value proposition.
Frankovic argued that the solution lies in precision rather than blanket restrictions. Controls should be applied selectively, based on signals that indicate abnormal behavior. “Adding friction only when something looks off” allows organizations to preserve usability while still intervening when necessary, he said.
This approach depends heavily on data and pattern recognition. Transactions that deviate from established norms can trigger additional verification or temporary holds. The challenge is to calibrate these interventions so that legitimate activity is not disrupted.
Building Defenses Into the Flow
WEX’s approach reflects this emphasis on upstream control. Virtual cards, which can be restricted by merchant, time and amount, are central to that strategy. “You can lock them down to a specific merchant, to a specific date, and really to a specific dollar amount down to the penny,” Frankovic said.
By limiting how funds can be used, virtual cards reduce the scope for misuse. They effectively eliminate categories of fraud by constraining the parameters of each transaction. This contrasts with traditional cards, which often allow broader usage and rely more heavily on detection after the fact.
Artificial intelligence plays a complementary role. By analyzing transaction patterns and identifying anomalies, AI systems can flag activity that deviates from historical behavior.
Together, these tools shift the focus from monitoring to control. They enable organizations to intervene earlier in the process, when the cost of stopping fraud is lower and the likelihood of success is higher.
Designing for a Moving Target
The broader lesson is that fraud prevention is no longer a discrete function. It is embedded in product design and operational workflows. “Fraud’s not a payments problem anymore. It’s a product design and a flow issue,” Frankovic said.
Organizations will need to treat fraud prevention as an ongoing design challenge, integrating controls into every layer of the payment experience. The objective is not to eliminate risk entirely, but to reduce its impact by acting earlier and more decisively.
Embedded payments will continue to expand, and so will the complexity of managing fraud. The institutions that succeed will be those that align speed with control, and convenience with accountability. As Frankovic put it, “Identifying what your flow will be … and then building that into the product design is … the new age of fraud prevention.”
