The author’s main purpose for this piece, which appears in PC Magazine’s Business IT Watch section, is to point out some of the benefits to using virtual credit cards, with special consideration for the security features of this payment tool. We at Mercator certainly agree that there are some inherent payments fraud benefits to using virtual cards. In a recent report that we released titled Fighting Payments Fraud: No Rest For the Weary, we point out that in the most recent AFP Payments Fraud and Control Survey there was a significant decline in fraud activity associated to commercial credit cards. We believe this is in part due to the increased use of virtual cards as a B2B payment tool, because these payments can be configured as ‘single-use’ with specific vendor, value and expiration date parameters, rendering them useless of not utilized according to the control settings.
‘For most businesses, virtual card payments are used for procurement and other types of transactions where they’re presented with an invoice on deliveries against purchase orders (POs). They are also frequently used for travel expense payments where the in-house travel office uses a virtual credit card.’
The article goes on to point out some systems configurations and vendor collaboration is necessary in order to ensure the most secure processes are optimized. There are some other general benefits also mentioned, including working capital flexibility and reduced processing costs (versus checks for sure), but only at a high level. It is an ongoing challenge for the card industry to convince suppliers (and sometimes buyers) of these advantages. The author does make one statement that probably requires some clarification….
‘Currently, most banks are offering this virtual payment service for free as a service for their customers, but this can vary by bank, so you should check before you commit. Your vendors will get paid just as they would for any other credit transaction so no special enrollment is necessary.’
We should point out that the ‘no special enrollment is necessary’ point is not entirely correct. In the case of vendors that already accept credit cards for payment, the ‘pull’ virtual card (supplier-initiated), still involves special vendor process handling, while the ‘push’ virtual card (buyer-initiated) does also require some systems work to enable the full program straight-through payment benefits. Another point we should clarify is as follows:
‘However, the bottom line consideration for using virtual credit card numbers is security. The hackers who breach one of your vendors won’t have credit card numbers they can use, no matter how hard they try and no matter how weak the security at the vendor might be. And that’s worth a lot.’
While there can be an end-to-end tokenized process established, that is not how most virtual card programs now operate. This is particularly true for the supplier-initiated virtual card payments, where vendor processing of CNP transactions may of course involve account numbers being transmitted and stored locally for input and follow up. There are a number of solutions available and being implemented to mitigate this risk.
Overview by Steve Murphy, Director, Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group