When Faster B2B Payments Mean Faster Cybercrime


As a B2B eInvoicing and payments firm, Viewpost is front-and-center to enterprise transactions. That means the company is also tasked with keeping the B2B payments process safe for its corporate clients.

Earlier this month, the company announced plans to beef up its security measures by working with BrandProtect, a security service provider, in a move to combat cybercriminals from targeting the sensitive financial information handled on the Viewpost platform.

PYMNTS asked EVP, General Counsel and Chief Security Officer Christopher Pierson to elaborate on how Viewpost has its finger on the pulse of cybersecurity in the world of B2B payments.

It’s a topic that, in part, has gained attraction thanks to the Federal Bureau of Investigation. The bureau has released multiple warnings this year regarding the business email scam, a cybercrime in which a scammer will submit a fake invoice to a company urging them to pay an unknowingly fraudulent account.

It may be getting more attention, but Pierson told PYMNTS that this type of crime has been around for a while. “None of these are new,” he said regarding the notices the FBI and other authorities have posted.

But perhaps the reason they’re causing chatter is because of the increasing digitization of corporate payments. “The biggest types of scams we’re seeing are those that involve electronic communication,” Pierson added. “These are scams we’ve seen in the physical, paper world; you’re just able to achieve more mass and scale in the electronic world.”

[bctt tweet=”‘The biggest types of scams we’re seeing are those that involve electronic communication.'”]

There is an array of tactics these criminals will engage to take advantage of corporate security gaps. The invoice scam is popular, and often fraudsters will place false rush dates to put pressure on a corporate money controller to pay a fake bill.

And while it’s been a common tactic since the dawn of the paper invoice, digital payments and portals lead to what Pierson calls “shotgunning” — the ability of a cybercriminal to send out a high volume of fake invoices, almost certainly leading to at least one payout.

The digital world has created some other pathways for thieves to target corporate payments, too. Websites and online databases make it easier for a criminal to identify the correct access point and the right employees to target when initiating a scam.

LinkedIn, Pierson added, is a prime source of company information. “Websites like LinkedIn are serving as fertile grounds for understanding and mapping the insides of a company,” he explained. “Within the business world, we see some of theses threats in a unique light of how forthcoming the information is and how open and available companies are in this space. The same risk that exists in the physical world is a bit magnified and faster in the electronic world.”

When a company is hit by one of these scams, it rarely makes headlines. But that doesn’t mean corporate payment cybercrimes aren’t as prevalent and worrisome as those that hit the consumer payments world, Pierson said.

[bctt tweet=”‘Cybercrime is a threat to any payment method and any payment technology.'”]

“Cybercrime is a threat to any payment method and any payment technology,” he explained. “It is rather agnostic in regards to consumer payments or business payments.”

In fact, in some cases, corporate payments can be hit even harder by cybercrime.

Pierson highlighted his experience at the Royal Bank of Scotland, where he served as chief privacy officer and SVP for its U.S. banking operations. “We’ve seen, in the banking world, these threats affecting businesses since probably about 2008,” he said, adding that when the FFIEC Internet banking security rules emerged in 2011, B2B transactions were labeled as high risk due to the value of money in enterprise bank accounts.

Plus, when a business is hit with a cyberscam, it can be more difficult for the business payments industry to quickly recover.

“In a lot of cases, the business payments systems are not in the best position to communicate [the issues] to their end customers; rather, the banks that sit in the middle of these transactions are,” Pierson explained.

That gives the corporate payments industry a chance to embrace collaboration, he added. “In terms of this industry as a whole, it very much is a collaborative approach — of the business and of the customers.”

There are a flurry of ways businesses and corporate customers of payment firms can help safeguard their data and the data of their own customers, he said, from multifactor authentication to tokenization to choosing a third-party security service. But without the communication of all parties involved and the education of these players, cybercrime can go unchecked.

“These risks are coming to every single company,” Pierson warned. “Making sure you get a little bit of a heads up on this and partner with those that can provide security support is instrumental to the cybersecurity challenge today.”