Request for Payment and the Need to Balance Speed & Security: NACHA and Bottomline Technologies Sound Off
Corporate Payments And Payables
As you consider the proliferation of new payment options flooding the industry, such as request for payment, it’s easy to be overwhelmed by the choices and confused by what it all means to you and your organization. To bring a little clarity to the situation, we sat down with George Throckmorton, Managing Director at NACHA-The Electronic Payments Association, and Bill Wardwell, VP of Strategy and Business Development from Bottomline Technologies. Here’s what they had to say about speed versus security in business payments.
SP: George, tell us about the recent launch of NACHA’s Request for Payment (RfP) initiative.
GEORGE: At a very basic level, NACHA’s new Request for Payment initiative is a standardized e-invoicing system for the ACH Network that makes use of the ISO20022 messaging standard. Now in and of itself, e-invoicing through the ACH Network is not new to NACHA. The functionality has existed on the ACH Network for five or six years. The difference now is that RfP leverages the global ISO standard. As a global standard, ISO2022 can provide for harmonization among businesses transactions, creating consistent and efficient processes for all businesses. By using ISO20022, specifically the pain.013 and pain.014 message structure, a sender can transmit a pain.013 message, which is a zero-dollar business transaction, through the ACH Network. The receiver then gets this transaction message that has all the payment invoice information: why they’re being asked to pay, the invoice number, the payment terms that were agreed to, details on how to pay, etc. – everything they could want or need to put into their AP solution. The act of sending these messages doesn’t put anyone on the hook to actually take any action. It’s just an e-invoice like you’d send via email as a PDF or however else you might do that.
The receiver can even send back a message to dispute the invoice or update the sender on when payment can be expected. They can also just pay it with a credit ACH. Some of the emerging B2B faster payment networks, such as The Clearing House’s RTP®, are actually using RfP transactions as a way address the absence of authorized debits (RTP is a credit push system only) and allow businesses to send invoices for real-time payments to another business. RfP is an opt-in program -- no one is required to use it. This is not about putting a burden on businesses. Participating organizations would have to agree to use the service in order to engage with one another – it’s essentially a mutual contract that says both parties agree to use RfP as a method of sharing payment data. In terms of the benefits of RfP, there are a number of ways this method of e-invoicing will be beneficial for the industry. For one thing, it provides connectivity between all businesses, a critical point given the fact that we always talk about the ubiquity of the ACH Network and enabling any business to connect to any other business through the Network. It will also help standardize e-invoices for businesses, something that organizations have been telling us that they really need. Businesses struggle with lack of information. Not knowing where to post a payment or being able to post it in a timely manner is a huge hurdle.
SP: So what are the security ramifications of the RfP initiative? With The global cost of handling cyber attacks expected to rise from $400 billion in 2015 to $2.1 trillion by 2019, security is an issue that all organizations are watching very closely.
GEORGE: There’s no doubt that security is a huge issue for every business. In terms of the security of RfP messages, since they’re happening on the ACH Network there’s a very high level of inherent security, making them far more fraud proof than an invoice you’d send via email. You also can’t send an e-invoice unless the ERP platform and the financial institution give permission to do so. There are controls in place with both Treasury and ERP software to prevent an unauthorized person from sending an e-invoice and routing payments to themselves. The reality, though, is that businesses should always take the necessary precautions to prevent fraud no matter the payment type.
SP: So what about speed then? There’s a lot of concern over the fact that as payments move faster there’s more opportunity for fraud and even simple errors in payments to occur. Is that a concern as it relates to RfP?
GEORGE: My thoughts regarding speed and payments are this: we certainly talk to organizations that have use cases for faster payments and have the occasional need to move money faster. Payroll and disbursements are a good example. However, for typical B2B transactions, businesses have been slower to adopt and update their systems to process faster transactions as many of the traditional payments options work well for their payments needs. So while speed is indeed a concern as it relates to security, and organizations need to take steps to protect their payments, I don’t think the speed of payments is causing a pervasive security issue as of now. But again, businesses should take the necessary precautions and have the proper measures in place to ensure the security of all their transactions.
BILL: As we look at capabilities like RfP and the new options for e-invoicing, organizations need to find partners that can help them deal with the security concerns that these new options present. There are a number of companies that can help organizations connect with trusted trading partners, receive invoices and offer security solutions that will provide a level of risk and fraud mitigation. For example, while requests for payment aren’t actually payments, those messages can contain the information of the bank that’s due to receive that payment. That has the potential for risk, so organizations should make sure that they have the support they need to validate that information before payments are made and securely manage storage of that information.
SP:What are key considerations for organizations looking to take advantage of RfP?
GEORGE: If you’re a corporate and you find some use cases where RfP would be useful, you need to make sure you contact your bank to let them know that they’ll be receiving pain.013 messages and give them instructions on what to do with them. You can’t just put a pain.013-formatted message in the addenda record of a B2B payment. The bank could potentially reject the payment instruction because they would be looking for an EDI- formatted message and not XML, which is what the ISO20022 standard is built on. On the receiver side, organizations also need to communicate with the bank. For one thing, they have to be clear that they want the invoice details in the RfP sent to them. If they don’t, the bank isn’t required to pass it along. They also need to be clear about how they want to receive that information. Based on the ERP, organizations may require some translation or conversion, or may want to receive the messages just as they are. The bank can handle it any way an organization wants, but they do have to be given instructions in advance.
SP:So is RfP different from other options out there and how can banks help their customers navigate all the different options?
GEORGE: Banks need to help demystify all of these changes for corporates. They have a lot coming at them and they’re trying to understand what it all means, why they should choose one payment type over another, etc. I can’t imagine being a Treasurer nowadays and having to deal with all of these choices that all feel very similar in what they do. It would be very difficult to make a decision under those circumstances.
BILL: That’s where we have the opportunity to provide some guidance. Between the banks and technology partners and organizations like NACHA, we all need to pull together to create the right access and experience for corporates to help them make educated decisions that will support their business objectives, to make payments that are efficient, cost effective and seamless. They just want to focus on the core function in their business. It’s our job to help with the rest – making payments secure, providing access and integration, etc.
GEORGE: That’s exactly right. There’s a huge opportunity to help organizations solve the challenges they face. They’re being buried in tons of remittance information in all sorts of formats in all sorts of delivery methods. Even just by standardizing that we can help them make huge strides. Most businesses aren’t in the business of making payments, so the more we can simplify that process for them so they can focus on their core operations, the better.