How To Prevent B2B Payment Fraud: Advice From a Chief Risk Officer

In an interview with Matt Nesto, Editor-in-Chief of PYMNTS.com, Wassenaar offered some valuable insights on how businesses of all shapes and sizes can help prevent risking their customers’ data – and causing irrevocable brand damage in the process.

We’ve distilled Wassenaar’s insights into five actionable steps your organization can take to identify and prevent digital breaches. Here are his top tips.

Step 1: Understand the fragmentation within your digital ecosystem

Unless they have a robust information technology (IT) organization in-house that can build software for all the transactions involved in digital commerce, most B2C and B2B businesses engage multiple third-party service providers.

There’s one for managing IT infrastructure. There’s one for every aspect of an ecommerce purchase–from shopping cart functionality, to order fulfillment, to shipping and tracking. There can even be one for each step of the payment process.

And let’s not forget the third parties that underpin everything online: internet service providers. As many employees continue to work remotely, that creates a lot of potential holes in a business’ digital armor.

“It only takes one organization within that supply chain–perhaps not to update their security patches for their devices or their network–and that allows fraudsters an avenue into these businesses,” said Wassenaar.

Step 2: Take a good look at your supply chain

To help a business protect themselves from the risk of fraud, Wassenaar takes them through a simple exercise: identifying all partners within their supply chains on a white board.

“It’s about seeing all the interactions between your customers, your suppliers, and your third-party providers and understanding how you communicate between all those different organizations. And then you ask yourself whether you need to share as much information as you naturally do with each one to provide your services. Are there opportunities to wall off some of that access to protect your customers?”

Wassenaar said he’s witnessed a lot of ‘aha’ moments through this exercise. “We’ll hear things like, ‘Wow, I didn’t realize the card data that I’ve received in my shopping cart is now transferred to three other parties in this process.’ Or, ‘I didn’t know that when I outsource my customer service duties to this third-party business that all of these other employees would have access to personally identifiable information of all of my customers.’ These are real light bulb moments.”

It’s at that point that many leaders recognize that their business’ reputation is dependent on people they’ve never met. Wassenaar advises them to remember that, in the same way digital commerce is about anonymous relationships with customers, it also involves anonymous relationships with multiple third-party service providers–and their employees who may be working remotely and relying on any number of internet service providers.

Within the actual processing of a payment, there are aspects that may make businesses most vulnerable to fraud, particularly if it’s happening out of the country.

“You’ve got a gateway scenario, then it’s a payment processor, then it’s handed off to a foreign payment processor… it’s extraordinary the number of hoops there are for just one transaction,” said Wassenaar.

Step 3: Build security measures into online transactions

Ecommerce businesses are often advised to make it as easy as possible for their customers to initiate and complete a purchase online. If one thing doesn’t work precisely the way they expect it to or causes them to pause long enough to reconsider, a sale may be lost.

But Wassenaar says security features like two-factor authentication and CAPTCHA (Completely Automated Public Turing test to tell Humans and Computers Apart), is critical to preventing digital payment fraud. And while it might slow customers down a little, they’ve come to expect and appreciate it.

“We need to recognize that, even in the B2B realm, there are actual humans who have B2C interactions in their personal lives that are going to color their perspective on friction. Two-factor authentication or CAPTCHA are two of the most simple and effective brute force solutions to deal with credit card testing schemes that a lot of fraudsters do,” he said.

“If you bought tickets to a baseball game or concert, you’re accustomed to going through that process already and, if anything, you expect to have the kind of friction that tells you that this business on the other end of the transaction actually cares about the security of your credit card data.”

He points to advances in this area, such as Apple payments which require a fingerprint to complete a transaction or voice print technologies that many financial institutions and credit card companies are using to verify their customers. “These are important evolutions in fraud prevention.”

Step 4: Beware the “silent” metric of fraud

It’s easy to measure some of the financial losses of payment fraud, but there’s one metric that is impossible to measure but could be huge in scope: a business’ reputation.

“We can quantify the damage of a typical card testing attack that can hit a legitimate business overnight in some cases. But the biggest risk is your reputation. We’ve seen multiple businesses that have been involved in well-publicized fraud attacks and their business actually drops off,” said Wassenaar.

“More concerning than the known customers who stop doing business with you are the unknown number of prospects that went somewhere else because of what they found on Google about your business and the way it protects their data. There are many of us who don’t go on Yelp and scream about a restaurant; we just quietly never return.”

He cautions B2B businesses who may feel less vulnerable in this way than B2C businesses to remember that the people who are making the buying decisions are the same folks who are consumers in the marketplace.

“You have to think, ‘What would I, as a consumer, expect a business to do to protect my data, my credit card number, and my financial information?’ The person who’s interacting with you in a B2B scenario is someone who has those same fears in their personal life and brings them to the office.”

Step 5: Invest in integrated payment solutions

When it comes to payment fraud risk, one giant step toward prevention is to partner with a secure payments provider like Versapay.

“We take the information from your ERP, whether it’s Oracle NetSuite, Microsoft Dynamics, or Sage Intacct, and we feed that into our accounts receivable software and then onto our embedded payment solutions,” said Wassenaar.

“There we can minimize some of the risk of payment fraud because we have that unified ecosystem that we control. As a result, we reduce some of those natural handoffs, the fragmentation in the supply chain.”

It’s important to integrate your business with a payments solution that has a strong risk management engine and a track record of preventing fraud. This can provide peace of mind and assurance to your customers as you handle their valuable data.

While Wassenaar cautioned that it’s impossible to eliminate the risk of digital payment fraud entirely, this awareness of a business’ vulnerabilities and simple prevention steps can go a long way to reducing it.

“I think the reality is that with the fragmentation in the digital ecosystem there will always be avenues for fraudsters. The sad reality is that fraud comes from all directions and in all forms, from your own employees to other areas in that supply chain.

“But if you can sit down with that white board exercise and try to use some common sense tools that are widely available you can absolutely minimize your exposures.”

For more information on Versapay’s AR integrated payment solution and how it can protect your company from payment fraud, read Payment Fraud Explained: How B2B Merchants Can Fight Fraud and Maximize Customer Experience.