Payment fraud is always evolving. What is considered a fraudulent attack today might not have even been possible 5 or 10 years ago.
Headed into a new year, Versapay Chief Risk Officer Chris Wassenaar told PYMNTS that with payments becoming increasingly digital, new fraud challenges will arise, especially for B2B small to midsized businesses with 200 or more employees and up to $2 billion in income.
One of the most notable aspects of the rise in digital commerce is that it has expanded the total addressable market for everyone, whether a company is a mom-and-pop shop on the corner or a small enterprise. Now everyone can sell globally, but that world stage opens the door for new avenues of fraudulent activity.
Though B2B suppliers and merchants may have so far been hesitant to introduce additional security measures for fear of negatively impacting the buyer’s experience, Wassenaar said that there is a positive correlation between improved customer experience and heightened payment security. He said that it’s key for B2B sellers to recognize that buyers expect the businesses they work with to protect them in the same way that B2C-focused businesses already operate.
When creating an online presence or accepting payments digitally for the first time, he recommended any business critically examines its vulnerability to payments fraud:
“They have to look at their entire digital ecosystem.” Specifically, he said, enterprises must examine the fragmentation that exists within that ecosystem, which by extension includes a range of third-party service providers. Each company encountered within a given ecosystem, whether with a B2B or B2C focus, may have its own internal information technology infrastructure.
“You may use someone for internet activity and another for your shopping cart, and then even a third party to provide the delivery capabilities or the fulfillment for your orders,” said Wassenaar, “and understanding the full landscape of that ecosystem is important.”
The continued embrace of the remote/hybrid work environment will boost that fragmentation, in turn creating a wealth of security vulnerabilities. Remote employees, he said by way of example, are doing work-related activities on their home internet, while still connecting to larger corporate environments. And they’re continuing to interact with multiple third-parties.
“So, what’s being provided is all these different avenues for fraudsters to get into an ecosystem,” he told PYMNTS. “It only takes one organization within that supply chain, to perhaps not update their security patches for their devices or maybe for their network. And that allows folks an avenue into those businesses.”
Any firm can take a simple test in examining vulnerabilities. All it takes is a whiteboard and a marker to draw a simple diagram of a supply chain and all the different parties within that chain. Seeing the links to third-party providers in that visual representation can pinpoint vulnerabilities in where, when, and how all the stakeholders communicate with one another.
“All of a sudden one might have an ‘aha moment’,” he said, citing as an example the realization that card data can be transferred to other parties, and that a third-party vendor’s employees would have access to personally identifiable information for another firm’s customers.
Connect the dots, and it’s clear how a business’ reputation is dependent on people that are far-flung throughout the digital ecosystem.
Drill down a bit into B2B interactions, and the touch points and vulnerabilities proliferate, all the way across payment gateways and payment processors — both local and foreign, if a supply chain stretches across borders.
In constructing lines of defense, he said, B2B technology is taking a cue from B2C interactions that are part of executives’ personal lives. Two-factor authentication and CAPTCHAs are effective tools to fight fraudsters, he said, particularly against card testing.
“A little bit of friction that tells you, ‘This person on the other end of this transaction actually cares about the security of your credit card data’ can be good” he said. And if biometrics can be introduced to streamline those verification processes, all the better. Adding CAPTCHAs can help defend against card testing fraud, too. Firms like Versapay, he said, with unified payment offerings, are deeply embedded within a client’s ERP solutions. The software can extract and feed the data that exists within those ERPs into Versapay’s cloud-based payment portal, where sellers can manage their accounts receivable and accept digital payments, decreasing the handoffs of data and fragmentation in the supply chain.
No matter the technology deployed, it’s not possible to be perfect in the battle against fraudsters. He did add, however, that, “there are some incredible technologies now, and … things that you can do and be aware of that will minimize your exposure — not eliminate it, but minimize it.”