Vendor Concentration Risks Draw Greater Scrutiny Post SVB

Living in the past holds organizations back.

But as the B2B payments landscape continues to be transformed by ongoing digitization, some enterprises are themselves holding back from fully embracing modern tools out of a fear that going digital could mean opening the floodgates to fraud.

Those fears are misplaced and could hamstring firms in the long run, Elly Aiala, chief compliance officer (CCO) at  Boost Payment Solutions, told PYMNTS. “Technological advances are often slow and complex, but the new types of fraud that come with those technological advances can be the opposite of that — fast and simple.” That being in terms of initial reach to potential victims.

With criminals constantly probing for vulnerabilities and looking to exploit any weaknesses, Aiala emphasized that it’s critical for businesses to consider all possible attack vectors — internal and external — and adequately equip their defenses accordingly.

See also: Boost CEO Says Standardization Key to Digital B2B Payments Growth

PYMNTS’ own research in “The Modernization Mandate: An Enterprise Guide” reveals that taking steps to modernize operational infrastructure and fraud defenses now can save pain and headaches in the long run.

That’s because by failing to take the necessary steps, organizations put themselves at risk of noncompliance and leave themselves increasingly vulnerable to an ever-growing bevy of next generation cyberattacks.

“Potential bad actors in today’s day and age of greater digitization thrive with more data,” Aiala said. “Your employees are your first line of defense, your risk management and compliance are your second. … Leaders of companies must continue to champion security awareness and diligence of their employees, as well as walk the walk from the top.”

With great data comes great responsibility, she noted, and data breaches in the B2B payments space are particularly challenging given the growing prevalence of open banking.

As payments experience greater digitization, this creates an environment where sharing data globally is easier and faster. This is a double-edged sword, Aiala said, because while it’s a win for the industry in terms of scaling and evolving to be able to easily transmit data globally, it also creates data privacy and confidentiality challenges.

Taking a Second Should Be First Step

Today’s quick-moving, instant-everything modern world offers more hyperconnected vulnerabilities for bad actors to exploit. As a result, it’s often not the public-facing company that experiences a breach but often a third-party vendor or business partner integrated with the public-facing company.

That’s why Aiala said it has never been more important for organizations and employees to be sure that they “take a breath” with their interactions. “Everything happens so quickly,” she added, “and it’s important to be able to receive information instead of immediately reacting to it and potentially putting yourself and your company in a bad situation because a request wasn’t fully validated, or the original sender wasn’t verified.”

Just taking that extra second to verify the context and source of a request is critical, she emphasized — and startlingly effective at helping reduce enterprise vulnerability to some of the most common, behaviorally driven fraud tactics.

It Takes a Village to Defend a Village

Given recent events stemming from the Silicon Valley Bank crisis, Aiala said it’s an unfortunate — but opportune — time for enterprises to take stock of their potential concentration risks as it relates to business services and clientele, fraud controls and more comprehensively, organizational security.

For example, if an organization’s processing volume exists primarily with one partner, there’s a real risk to the business if that partner was to cut ties or go out of business themselves, she noted.

“Not only is important to look individually at your merchants, vendors and partners but it is also equally as important to review your external relationships on a more holistic level,” Aiala said, adding that Boost’s own controls for addressing risk, via ongoing due diligence of external business relationships as well as internal enterprise risk assessments, are one reason, among many others, why Boost is the chosen B2B straight-through processing payments provider for over half of the Fortune 100 companies.

The B2B landscape is in the midst of a pivotal migration away from legacy systems, and by asking the right questions, enterprise operations can establish winning relationships that are both scalable and secure.

But in order to succeed in amid this transformation, Aiala stressed again the importance of “taking a beat” to beat the future-fit fraud attacks that are hiding in the shadows. Digitization continues to remove many human elements of payment processing, but using technology to embrace automation whilst employing a workforce that is trained, aware and empowered to use their human skills will remain the recipe for success as we scale into the future.