Why commercial payments need tokenization

Tokenization may make money-counting machines obsolete.

On the leaderboard of payment types, commercial payments are the heavyweight champion, consistently outranking consumer payments by trillions of dollars. According to the Global Payments Report 2019 from McKinsey & Company, the volume of business-to-business (B2B) cross-border flows is $133 trillion — more than 40 times greater than the volume of all consumer flows, including consumer-to-business (C2B) and business-to-consumer (B2C).

For participants in commercial payment flows, security is paramount. Companies say they make less than 10% of B2B payments via payment cards due in part to concerns about fraud and data security. But this may be about to change.

Tokenization can vastly improve the security of commercial card payments. With tokenization, sensitive card data is replaced with a string of characters known as a token. Tokens are then verified at the time of payment by the network and issuer processor.

A major advantage of tokens is that they reduce the amount of personal or business information stored in third-party databases. This can simultaneously minimize the risk of fraud and boost the viability of using card networks for B2B payments.

The extent of B2B payment fraud

Recent data published by the Association for Financial Professionals (AFP) reveals the extent of payment fraud faced by businesses. The AFP’s 2020 Payments Fraud and Controls Report shows 81% of businesses in 2019 reported that they were either targeted by or victims of payment fraud. The report also indicates that bad actors mostly utilized business email compromise (BEC) tactics, such as phishing attempts, to gain access to secure business payment information.

Legacy infrastructure maintains security protocols but can offer minimal protection if account data is stolen. With ACH transfers, fraudsters need just two pieces of information: a checking account and routing number. Once obtained, payments can be directed to accounts under their control.

Corporate or business credit cards can be prone to compromise without additional measures to protect the data. Storing credit card data in a database increases the risk that sensitive PAN numbers and other account details can be stolen through internal or external database breaches.

But with a modern card payment solution backed by tokenization, businesses don’t store data that can be used for fraudulent payment requests. Fraudsters who are seeking to intercept payments or who manage to hack into databases where tokens are stored will find only surrogate data that cannot be easily misused.

Tokenization delivers flexible experiences

An added benefit of tokenization is that any business that issues cards to workers can quickly establish card programs and rapidly onboard new cardholders as needed. DoorDash was one of the first adopters of this business model when it partnered with Marqeta to help offer tokenized virtual and physical cards for drivers to use at restaurants.

This digital-first experience opens the door to a myriad of new use cases, particularly when combined with other features of a modern card issuing platform. For example, when tokenized cards are used together with Marqeta’s Just-in-Time (JIT) Funding technology and dynamic spend controls, businesses can establish dynamic expense management controls to ensure only the exact amount requested is authorized at the point of sale, and only to approved business partners.

Businesses can also use Marqeta’s tokenization service to quickly provision a card into a cardholder’s digital wallet, eliminating the lag time necessary for sending a physical card. Each cardholder can have multiple tokenized cards in a single digital wallet, or store tokens for the same underlying card across numerous devices. Businesses can automatically update tokens when the underlying card expires or if it is lost or stolen. All of this can take place without manual input from the cardholder once the initial token has been provisioned.

Commercial payments far outweigh consumer payments. Legacy platforms can be secure, but are often slow and can be vulnerable to fraud. Digital-first solutions can provide security with speed and control. With a modern card payment solution that includes tokenization and just-in-time funding, companies can optimize payment processes and beef up their security.