Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here
What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
AP Automation AP Automation For Real Estate Payments Hub
Payouts Automation Payments Processing Receivables Automation Payments Hub
Paymode Pay Vendors Receive Payments Partner With Us
Connectivity Services Message Transformation & Enrichment Message Vault
Global Cash Management Hub Digital Banking
Global Cash Management Hub
Make your payments secure with Bottomline's fraud solutions, designed to protect you from security threats with multi-layered security, machine learning, and AI.
Payments Fraud Defense Internal Threat Management Partners
Payments Fraud Defense Internal Threat Management Payments Verification Payments Verification for Businesses Sanctions Screening Partners
Who We Serve
Empower your bank with Bottomline's digital banking, B2B payments, and cash management solutions and own the primary customer relationship.
Our Company
All Resources
Expand your knowledge and stay up-to-date on the latest industry news with helpful white papers, datasheets, industry reports, learning articles, and more.
Episode Transcript
Owen McDonald (Host): Welcome to The Payments Podcast. I'm your host, Bottomline Managing Editor, Owen McDonald. In this episode, we're serving a gourmet feast of subject matter expertise at a drive through pace. We've got payer verification, A2A payments, ISO 20022 for corporates, emerging B2B payment paradigms, and more. To cover this much ground at speed, I am joined by two of our best and brightest. With the North American perspective, I am most pleased to have on the show Jamie DelMedico, Vice President of Product Management at Bottomline. And from the UK, we're delighted to have Richard Ransom, Head of Corporate Solution consulting for the UK, the EU, APAC, and rest of world.
Richard Ransom, Jamie DelMedico: Welcome to The Payments Podcast.
Richard Ransom: Thanks, Owen.
Jamie DelMedico: Thanks for having us.
Owen McDonald: So glad you could be here. I apologize in advance, many of my questions are actually two questions in one. I know we have the brainpower here to handle it!
Starting with you, Richard. We're seeing the UK and the EU crackdown on fraud using Confirmation of Payee (CoP) and Verification of Payee (VOP) respectively. COP is live in the UK now, VOP comes to the EU next year. Is payer verification a kind of silver bullet business payment security or more like another highly effective layer, Richard?
Richard Ransom: So, payer verification isn't a silver bullet but is a major step forward in it's potential to significantly reduce payment-related fraud. The ability to confirm account ownership and whether the account is a business or personal [one] will really help fight against bad external and internal actors and, also, against costly reputational mistakes.
Owen McDonald: What do you say, Jamie? Payer verification? Last word in cybersecurity next year?
Jamie DelMedico: No, I think Richard nailed it. I think payer and vendor verification is really, really important in stopping fraud. I think everyone's under extreme pressure from a reputational and regulatory perspective around AM, KYC. But I fully agree with Richard in that these tools are one piece in a layered approach to reducing fraud and improving verifications. You can't just rely on a single source for KYC, AML, OFAC checks. You've got to layer it together with a lot of other capabilities in order for it to be effective.
Owen McDonald: And Jamie, while I've got you, I want to ask about your broader outlook on fraud trends next year, and I'd like you to start with AI if that's okay. In your view, does generative AI help or hurt with lowering fraud in the near term?
Jamie DelMedico: Well, I think generative AI is key to conducting fraud. We've seen that across the industry. So that is for sure. However, generative AI is also really, really, really important for preventing fraud.
And again, it's not a single solution. It does require layering with many other services to be effective. So, for example, there are tons of capabilities out there for analyzing large datasets with a single API call to detect fraud in real time. For detecting bot activity on a digital platform, and then requiring, again, incremental layers of security above and beyond that bot activity prevention. Things like MFA and other tools that layer on top of AI to prevent that fraud.
So, I do think that all of these things need to be layered together. It's not a single source of the truth.
Owen McDonald: Richard, you recently told me that account-to-account, or A2A, payments are one method about to undergo a big B2B growth boom. Why are you such an account-to-account enthusiast?
Richard Ransom: So, account-to-account payments across both established and newly minted national and regional payment infrastructures offer a regulator-friendly way to disintermediate the traditional card networks and their unpopular costs from the B2B payment process. So, this should mean immediate settlement and lower fees for payments, with less mouths to feed in the process. So they don't include the card process of the network, they just include a fee from one bank account to another. But, for account-to-account to really compete with cards, the real-time rails and banks need to support accept and reject times, which are equivalent to card.
So today, in the UK, we now have up to two hours for an acceptance - and that doesn't work in a retail environment, neither e-commerce nor actually in a shop, in front of a customer. So those things need to be fixed because that sort of finality of payment is the thing that makes account-to-account really interesting for merchants. But the merchants have got to want to offer it. There has to be business case versus accepted payment methods, and the payers have to accept that's a way to pay.
Owen McDonald: Well, sort of similarly along those lines, new digital payment forms, even workhorse solutions like virtual card. How do you see these reshaping next year?
Richard Ransom: Card is an interesting one in the UK, potentially due to our migration to ACH away from B2B check payments over the last ten years. In fact, only 1% of business payments were made by check in 2023 in the UK. The space for card may have been missed because card use has been declining in B2B in UK since its peak in 2016. So cards are 13% of the volume of payments in the UK for businesses, only 1% of the value. North America's a very different market with high growth in virtual cards predicted over the next five or so years.
So I wonder if we'll start to see a pickup again, as virtual cards with their links to API, become more common. It's a much more technology-friendly way of serving an account - a one-off card account - to a customer. So that's my interest. I wonder if the UK will actually start to pick up use once virtual cards become more widespread.
Owen McDonald: Jamie, I wouldn't be surprised if you agree to some extent. Do you? And what would you add to what Richard just said? What payment trends are you prioritizing?
Jamie DelMedico: I do agree with what Richard said. I will say the US is pretty far behind the UK and Europe as it relates to digital payments. We still see a lot of B2B payments going via check today. However, we've certainly seen ACH and virtual card have started to take that share away from checks. So, with virtual card, there's a huge benefit to merchants and vendors, accepting virtual card in the form of faster payment, and clearing a rebate back to the issuer and payer, which obviously the payment networks love and the payer loves. And then, certainly, remittance information that rides along with those payments. So that has a major benefit to both payers and vendors.
In terms of ACH, we have seen ACH actually taking some share away from virtual card. So we're seeing ACH become a more favorable route to go, just given the lower cost. Similar to virtual card, we do have the ability to clear ACH payments quickly. And with, as an example, our Bottomline, Paymode premium ACH offering, a lot of rich remittance detail also rides along with those payments to the tune of invoice information, store numbers, SKU-level detail. And, similar to the card offering, many payers and vendors have appreciated not only the features that come along with premium ACH but also the fact that premium ACH is eligible for a rebate similar to virtual card.
So, we've seen fairly substantial growth on our premium ACH offering over the years. And again, both virtual card and premium ACH are taking substantial share in the US away from checks, which is what we all want to see. We all want to see more payments going digitally to reduce fraud, increase speed, and ultimately provide all the remittance information that's necessary to reconcile a transaction.
Owen McDonald: Right you are. I'm going to stick with you for a second, Jamie. As an industry, we are nothing if we don't have unbreakable data security. That has not necessarily been the case.
How is 2025 shaping up vis-a-vis protecting corporate banking data as more APIs are added to corporate payment systems and ERPs every day? For example, how can onboarding into new systems help mitigate data fraud downstream? These types of considerations, data considerations.
Jamie DelMedico: Well, certainly data protection is always top of mind when we're running a business payments network like we run here at Bottomline. We have seen increases in all types of fraud across the across the industry - social engineering, email spoofing, and really, (it goes back to the conversation we started on, which is) a layered approach to preventing fraud is required in order to protect against these types of fraud. And that means not only having KYC and AML capabilities in place, but then layering on things like two-factor authentication at the time of changing account information, for example, or tokenization of account information that sits within our systems to mask that account and routing information for both a payer and a vendor in that scenario. And importantly, as you're onboarding customers, again whether they're on the payer side of accounts payable or on the vendor side of accounts receivable, going through pretty rigorous onboarding activities that include the right level of control around setting up the right permissions for each individual user at that payer or that vendor.
Adding in all the account verification components required to make sure we're not going to see account takeover (ATO) type activity. And then again, as permissioned users are making changes to an account, ensuring that you have layers of security on top of that change to ensure that you're not going to be subject to one of those social engineering or email spoofing activities that we are seeing prevalent around the industry and that has become easier with the emergence of generative AI on the fraudster's end.
Owen McDonald: Richard, let me flip that a different way for you. Take the data security question and apply it to the UK, the EU, and rest of world businesses. That's not a big ask, is it? Corporates are wrangling countless APIs, cross-border payments, instant payments. But that expansion is happening in the midst of a global fraud crime wave, right? So how can we expand B2B payments more securely next year?
Richard Ransom: So, Jamie hit the nail on the head with lots of his points there. But to answer your question, we're seeing a few trends here. A move away from fragmented technology, concentrating on integration, fewer platforms using payment or cash management hubs is how we reduce risk and increase security control. So, moving from having connections to three of your banks over API, SFTP, and host-to-host, and trying to concentrate that down to one connection, one hub, one area of control.
And I think another area, and Jamie talked about this, is around that vendor data. So payer verification, if added at point of input of bank account data into an ERP or payment screen, becomes a very visible deterrent to fraudulent activity. So an insider is less likely to commit a fraud if they know there are checks in place to stop them doing it. So a very visible deterrent just having that payer verification in a couple of fields. And, to echo something that Jamie said, a new trend we're seeing in our mature ACH B2B world where, over the past ten to fifteen years, supplier and employee bank account data was held in ERPs, payroll systems, and biller systems. We're starting to see organizations looking at how they can tokenize that data and keep it out of those systems and into appropriate secure environments.
This is going to remove a lot the risk and regulatory burdens of handling sensitive data away from the enterprise. And if you look at things like GDPR across Europe and the UK and other data protection rules globally, these become very tricky areas for people to manage inside an enterprise. It's not their level of area of expertise, but you know, just having the risk of someone finding out some personally identifiable data from ERP data, because typically expenses are paid via an ERP, that's going to be a really big change.
Now this is something that's kind of happened in the US already. And in that world, the moving later away from checks has helped that. So I think we're going to see a shift of that account data out of ERP and payroll systems and billing systems into some more secure places.
Owen McDonald: Jamie, back to you. Instant, irrevocable, real-time payments are great. We can all agree with that, but they are no threat to the volume of ACH as you were mentioning a moment ago. FedNow, it's been live since summer of '23. RTP from the Clearinghouse live since 2017. No threat to ACH in either case or combined, frankly.
The big push there, with instant, seems to be in B2C. I don't get the same sense of urgency in B2B. Why is B2B apparently going slower with instant adoption, Jamie?
Jamie DelMedico: Yeah. If you just look at the use case for real-time payments, the C2B use case for 'I need to pay my telephone bill, and I need to pay it on time to avoid a $30 late fee'. That's a really great use case for real-time payments. Similarly, P2P payments - I want to get money to my family or I want to get money to my friends quickly, and I want it to show up in their account instantaneously to pay for the dinner that we just had together. That's a great use case for real-time payments.
And Owen, to your point, FedNow is ramping. We saw a slower adoption of TCH, but we're going to see FedNow permeate the long tail of financial institutions in the US. Again, more from a consumer use case perspective.
In the B2B world, to your point, real-time payments haven't quite taken off. If you think about B2B payments and requirements for B2B payments, oftentimes those payments come with a 30, 60, 90-day term where organizations are planning far ahead for those payments. And the real-time nature of those payments isn't necessarily required to facilitate a B2B payment. So, we are keeping a very close eye on both FedNow and TCH as an option for faster payments in the B2B world. I don't expect 2025 to be hyper growth in the real-time payment space in the B2B world.
Owen McDonald: Richard, what's your take on this? And how long until real-time scales as a global business payment solution? What challenges will that present for AP processes especially?
Richard Ransom: Yeah, these are really good questions, and there's always been an assumption that immediacy of payment will be the key ask in B2B. So, just echo Jamie's responses again, there are definite use cases where an immediate payment wins over traditionally slower ACH payment or check. And in the business world, that might be urgent supply payments, welfare payments to employees, expenses, and we've seen a trend towards paying temporary workers.
So people who work for a week, you pay them on the last day of their work - you know, they have to turn up to get paid. And in the UK, we've had a near real-time payment service, accessible to corporates for nearly 16 years. But in that time, B2B payments, especially for mid-tier and larger corporates, have not migrated en masse. So even when the price point starts to converge in multi-day ACH, people weren't moving. So we know from our corporate customers that significant number of payments are sent in bulk and are agreed in advance, as Jamie alluded to, typically to align with payment terms or salary dates.
And interestingly, I spoke to an AP manager recently who said that if they had to make an urgent payment, then something has gone wrong in their process. And in extreme circumstances, potentially, it's an indicator of a fraud. So, that's a really interesting point as well. So if someone asks for something to be done immediately, they think something's gone wrong. So all planned, all scheduled, carefully managed - working capital doesn't suit an immediate payment. And the three day or two-day process is absolutely fine. It's low cost but very high care and reliable.
Owen McDonald: Will it at some point, or is that unknowable? I'm just curious.
Richard Ransom: Yeah. So what looks like will happen - and certainly we're seeing when new payment systems are built, globally - is that they leave out the slower rail, so everything gets built on a real-time rail. And talking to customers and looking in my crystal ball, we're seeing that the common payment rails will come adapted with the next-day or a same-day or a two-day option to help those sorts of businesses who like bulk payments to continue to do that at cost that suits them.
Owen McDonald: I'm going to stay with you for a minute, Richard, and kick off this one. We're facing major technical deadlines for payments in the US and rest of world, in '25. The whale is ISO 20022. What are some implementation challenges for corporates, particularly, and also their commercial banking partners? This, we know, is an urgent issue unlike instant payments.
So, what do you think about that?
Richard Ransom: ISO 20022 is the major implementation challenge for banks and FIs at the moment with Swift, Fed, UK RTGS (real-time gross settlement) among the payment systems moving to this [messaging] standard across the world. And for corporates, the situation is more complicated. For Swift, for example, there's no requirement for corporates to adopt the standard from their point of view. So Swift aren't saying you must move by November 2025 or whatever the date ends up being as we get closer to that. But there can be a downstream impact on the corporate depending on bank requirements.
So, looking at the banks that serve corporates, we're seeing a number of different approaches, mostly to handle the requirements for more structured information like address, legal entity identifier, or purpose code in the data. So what we're seeing is some banks are moving the corporate-to-bank message format to ISO. So they're saying to their corporates, Swift aren't saying you've got to move, your central payment system isn't saying you've got to move, but we're saying you've got to move to ISO. And that might be the PAIN format, which is the typical corporate-to-bank format, but also, we've seen banks saying, can you put your data in PACS format for us? So then, using PAIN or PACS, they get to create an ISO 20022 native payment journey all the way through the bank. So, if you've invested heavily in ISO as a bank, your architecture will be built around that format, and the fact that the XML makes it easier to store and use data.
But what we're also seeing is that banks are just saying, right, we're still going to keep our proprietary host-to-host format, but we're just going to add loads more fields to it to match the requirements. And in either case, we're seeing enterprises looking to insulate themselves from the changes today with transformation services sitting in solutions between the ERP and the bank. So a lot of our customers ask us about ISO, and they're not looking necessarily to embrace it. They're just looking at the risk and the project and when they've got to start spending money on it.
Over time, more will see the benefit. We'll see more of that enhanced data and more remittance data passing between organizations when they're doing trade. But at the moment, what we are feeling from the corporates is we don't quite know what we're doing - we don't think we need to do it yet. We're not going to be able to take advantage of any of the new stuff that's in there. How do we insulate ourselves from this? How do we continue to churn out the same old file format that our twenty-year-old ERP has been churning out and also meet the requirements of the banks, and then the banks meet the requirements of the regulators.
Owen McDonald: That's an interesting point. I hadn't thought of that. Jamie, what are your thoughts on that?
Jamie DelMedico: Yeah. I would say the US is preparing for ISO 20022. Most US financial institutions want to be able to send cross-border payments leveraging the Swift network, and so they're preparing for that with adoption of ISO 20022. So it is imminent in the USA.
I should also mention that the real-time networks, both TCH and FedNow, are leveraging the ISO 20022 framework. So, again, these payment rails aren't yet ubiquitous for B2B payments, but I do expect ISO to gain traction in the US. And then maybe last but not least, blockchains are increasingly leveraging the ISO 20022 framework to facilitate cross-border payments, either be it with cryptocurrency or CBDCs, to streamline those cross-border transactions. So as that begins to take off, I do see many, many use cases for ISO here in the US. It's just a matter of speed really for me.
Owen McDonald: Okay. Fair enough. Last question. Let's get a quick closing prognostication about 2025 from each of our guests. You just get one.
Jamie, what's going to be the big headline in payments next year?
Jamie DelMedico: So, I think in the US, the big headline is going to be, again, the continued migration away from check and more towards things like virtual card and/or premium ACH as a payment offering. Just given the value of those services, the reduction in fraud, the speed of those transactions, I think that we're going to see a major shift in 2025, in reducing our current volume of checks.
Owen McDonald: Richard, now to you. Would you kindly predict the number one payments trend of 2025?
Richard Ransom: So I think account-to-account is going to be grabbing the headlines. It's going to be really interesting to see how the card world reacts because this is disintermediation. This is taking them out of that four-corner model. So, expect the large processors and networks to have an answer next year for it. And whether they invest heavily in the space or not is a really interesting thing for me.
Owen McDonald: There you have it. Summing up an excellent episode, I'm reminded of something Warren Buffett said: Rule number one is never lose money. Rule number two is never forget rule number one. Immense thanks to Bottomline's Richard Ransom and Jamie DelMedico for their wonderful insights. To the best audience in B2B payments, thanks for listening.
Hit subscribe. Catch us again on your favorite podcast platforms, including Apple and Spotify. Bye for now.
The Payments Podcast, from Bottomline.
Make and receive secure digital payments conveniently through Paymode, the market leading B2B payments network trusted by over 600,000 verified businesses.
Enhance your AP team's future with faster ACH and virtual card payments, paired with effortless invoice management to make your business better.
Automate accounts payable while simplifying and securing end-to-end AP processes by eliminating manual steps and insecure paper methods.
