B2B payments risk is no longer a back-office headache; it’s a C-level priority.
As real-time rails proliferate, suppliers expect cash in seconds, and fraudsters know they have the same window to strike. One errant click on a spoofed email or unvetted vendor record can drain an account before a chief financial officer even sees the alert.
That speed-and-security paradox framed a PYMNTS roundtable with Bill Wardwell, senior vice president of payments, treasury and supplier services at spend management platform Coupa, and Katie Elliott, senior risk and fraud officer at B2B payments network Bottomline. Both said the only way to keep risk from overtaking efficiency is to rebuild processes from the ground up, and then let technology do the running.
“Organizations don’t want to compromise,” Wardwell said. “…They want certainty and speed in their payments and to make sure they’re protected.”
That desire is forcing CFOs to fuse requisition, invoicing and disbursement on a single platform so every data point that feeds a payment can be audited in real time, he said. Coupa’s ecosystem links 10 million buyers and suppliers. By insisting that those parties transact inside a common architecture, the firm can surround each step with multifactor approvals, real-time fraud screening and artificial intelligence-based pattern recognition before money leaves the account.
Elliott agreed that the architecture matters, but she warned that velocity must be choreographed before the transaction hits the rail.
Slow Down to Speed Up
“I know it seems counterintuitive, but I’m going to say it: Slowing down is the best practice for faster payments,” Elliott said.
She said her prescription is to pour friction into high-risk moments such as vendor onboarding or a change to routing instructions, while letting an already vetted payment fly across real-time payment or same-day ACH rails. When urgency is removed, business email compromise schemes that rely on fear and deadlines lose their punch.
The hidden enemy is fragmentation, Wardwell said. Citing a soon-to-be-published Coupa survey, he said that 79% of the companies that experienced payment fraud were using two or more payment workflow systems. In that scenario, every interface gap becomes a place to hide a fake invoice or hijacked bank field. Manual keystrokes magnify the damage. An accounts payable colleague who rekeys amounts or account numbers is not just slow. He or she is re-engineering the audit trail that investigators rely on when something goes wrong.
Compliance headaches compound that operational risk. Data privacy statutes, beneficial ownership rules and tightening know your customer (KYC) expectations are moving targets, and the penalties for missing one are stiff.
“Data security is probably one of the more challenging compliance requirements out there for many businesses,” Elliott said, adding that every extra human “touch point” is a new attack surface.
She said her advice is to offload sensitive information like tax IDs, bank credentials and sanctions data to networks that encrypt at rest and in transit. They then surface only the fields a user needs to authorize a payment.
The AI Angle
AI is becoming the connective tissue that lets treasurers move quickly without blinking. Wardwell said he sees two breakthroughs. First, machine learning models built on network-wide data “provide great capabilities around authentication and validation of that entity,” slicing onboarding time from days to minutes. Second, once a supplier is live, an AI model can compare each new invoice to millions of historical patterns and flag an out-of-band request before cash leaves the account.
“As payments move faster, they become harder to pull back,” he said, so anomaly detection must work at machine speed, too.
Elliott said she welcomes the automation but offered a cold-water test for any finance team tempted to set the controls on autopilot.
“Don’t make it the only thing that you use,” she said.
Fraudsters probe every model the moment it goes live. If the algorithm watches only IP addresses, for example, a spoofed location will slide through. Bottomline’s rule of thumb is redundancy — multiple data points, multiple defenses, reviewed by humans who have been taught to distrust urgency, she said.
Education is the last mile, she said. Suppliers often believe a payment network is just another routing preference; few realize it is also insurance against account takeover. Bottomline runs continuous campaigns to explain that membership means someone is watching logins, device fingerprints and bank edits that even the vendor may not notice.
“They don’t understand the fraud risks that are facing them, and we can see when a login to our system is not normal behavior for them,” Elliott said.
Once merchants grasp that the network can flag a compromise they have yet to detect, onboarding ceases to be a chore and becomes a safeguard.
No Roadblocks
Regulation need not be a roadblock, Wardwell said, urging CFOs to engage early “to understand what these compliance regulations actually mean for their business,” and then lean on providers that can “embed compliance around data protection” so a new rule triggers a software update, not a rewrite of the corporate policy binder.
Some mandates, such as proposals to accelerate small business payments, can even be catalysts for modernization if companies act before the deadlines loom, he said.
The work is less about chasing the newest rail than about eliminating the seams where risk festers, Wardwell and Elliot said. Consolidate platforms. Insist on end-to-end visibility. Inject friction where credentials change, not where cash needs to move. Augment every human approval with machine intelligence but test that intelligence as ruthlessly as the crooks will.
“Risk and inefficiency live in the seams of all these processes and systems,” Wardwell said. “Work with partners who can help … future-proof your business, reduce your risk, and really help you be at the forefront of innovation and efficiency.”
Elliott echoed the call for vigilance.
“I think that culture of compliance and fraud awareness is really important — and building that resilience,” she said.
For all PYMNTS B2B coverage, subscribe to the daily B2B Newsletter.
