Strengthening B2B payment authentication against advanced fraud

Passwords to remember. Checks to put in the mail. Hard copies of invoices to store.

Commercial banking systems that were built long ago rely on traditional forms of authentication for their platforms, often using enterprise resource planning (ERP) software and internal portals to manage their business needs.

While slow processing and manual efforts are concerns, security has become the primary focus.

Business-to-business (B2B) payment issuers using legacy and manual processes are particularly vulnerable to sophisticated attacks because transactions often involve large financial transfers and complex approval processes that provide numerous entry points for fraudsters. With AI at their disposal, fraudsters can do everything from creating deepfake voice calls for infiltrating call centers to scam emails for gaining access to business accounts.

In fact, the biggest authentication threat for B2B invoice fraud is business email compromise, which saw $6.7 billion in global losses in 2024.

This form of social engineering involves attackers manipulating employees into making unauthorized payments, which has prompted businesses to reconsider their payment methods. B2B check use continues to drop year over year. Manual processing and vulnerability to fraud are the top reasons to consider eliminating checks, according to organizations that plan to stop using them.

Driven by rising fraud, compliance and regulations, financial institutions (FIs) are turning to advanced authentication solutions.

“Everyone is on a journey to introduce new innovative authentication solutions to eliminate passwords and make commercial payment systems more secure and reliable,” said Todd King, VP of B2B Solutions, FIS® Total Issuing™ Solutions. “The technology helps protect every step of the commercial transactional process, from settlements to invoices.”

How do AI and behavioral biometrics strengthen B2B payment security?

Less than 100 milliseconds: That’s the response time it can take for a fintech’s APIs to authenticate a transaction and be considered seamless by users. To achieve such a result, a more layered authentication approach using AI and behavioral biometrics is advised.

AI-powered authentication relies on machine learning biometric user data to combat fraud, focusing on each point of contact between the institution and the end user. It uses recognition methods such as a fingerprint to confirm identities of employees, suppliers and vendors. The system can become tailored to a user’s habits over time, making the process more efficient and less intrusive.

Integrating biometric solutions with ERP software and treasury management systems can also expedite the approval process without repeated multifactor authentication (MFA) prompts, helping improve productivity.

“Operational efficiencies will be a key benefit for adopting authentication solutions – businesses doing things faster,” Todd said.

How can risk-based authentication reduce friction in commercial payments?

Long-term benefits of advanced authentication tools are often understood – fraud protection, cost savings and efficiency – but short-term disruption and upfront costs may create a barrier to adoption. This is where a deeper dive into authentication can help.

Issuers can adapt requirements to the specific content of each user interaction. FIs can step up authentication for high-risk situations and require less authentication for lower risk transactions or interactions. That means less friction for cardholders.

Some other key technological aspects of advanced authentication in the commercial space include:

• Behavioral biometrics: AI analyzes unique behavioral patterns such as keystrokes, mouse and swipe movement, device handling, and navigation patterns. This provides a continuous layer of authentication running in the background that is hard for fraudsters to mimic.
• Machine learning: Models analyze user information with biometric data and fraud patterns that traditional rules-based systems may miss. From anomaly detection of a user’s normal behavior to examining historical data and emerging trends, AI-powered systems can instantly assess risk and respond to potential threats.
• Spoof detection: AI and machine learning technology help protect against sophisticated attacks such as impersonation. Instead of relying on static checks, modern systems analyze complex behavioral and contextual data to differentiate between a real user and a fraudulent one. For example, it protects against deepfake audio attacks that try to gain access to accounts.

What are the key B2B authentication use cases for commercial payments?

From virtual cards to recurring billing, embedding authentication across payment operations gives businesses stronger security and tighter control.

• Virtual cards: A business issues a virtual card with a spending limit to a salesperson for a client dinner. By having preset spending and monitoring controls, transactions can be set to a single merchant, spending threshold, time period and expiration date. A request to use a virtual card for an out-of-policy purchase would require a supervisor’s authentication, and AI could flag the attempt for review.
• Automated accounts payable and B2B transactions: A company’s accounts payable department receives a vendor invoice. The system performs identity verification, checking the vendor’s bank account details against an authenticated database. For high-value payments, the system requires MFA from multiple employees before the payment is released. Having authentication built into the workflow of an automated payment process helps ensure transactions are legitimate.
• Automated subscription and recurring billing: An IT bank manager makes a recurring monthly charge to their company card for a software subscription. The initial setup requires authentication to verify the customer’s payment details, using 3D Secure for that card. Authentication protects the stored payment details. Changes to the plan or billing cycle require the user to reauthenticate their identity.
• Point-of-sale and in-person payments: An employee at a business conference uses their mobile wallet to pay for a snack at a store. The transaction is authenticated with the employee’s face scan. Authentication methods ensure the legitimacy of the cardholder, reducing the risk of lost or stolen card fraud.

How can issuers integrate advanced authentication into commercial payment systems?

Having the right issuer processor can be key in providing and integrating authentication tools for a payment system. That’s because they may already have AI-driven methods to determine the authenticity of someone at the point of contact.

Additionally, issuers can utilize biometrics and AI to create transparent, adaptive and customer-centric strategies. One result is that issuers can more clearly understand the customer journey, optimize performance and anticipate new threats.

One example is FIS® Total Issuing™ Advanced Authentication, a machine learning and AI-driven solution that supports FIs in implementing a risk-based approach that integrates seamlessly with channel interfaces, automating processes that otherwise would create friction with manual intervention. The solution processes approximately 60 million B2B transactions annually.

Issuers can use phone, device, biometrics and behavioral analytics to help confirm and protect genuine account holders while having a 360-degree view of the cardholder.

The solution can also be integrated into Total Issuing™ CentreSuite, a commercial card management platform that allows corporate cardholders and program administrators to manage expenses, track purchases and control card usage. Account holders can authenticate ecommerce transactions using their phone.

“CentreSuite uses the solution’s framework that allows FIs to set rules on authentication for users on the platform,” Todd said. “Additionally, it allows FIs to utilize other tools like SIM cards on mobile devices. We can then check SIM data to see if it matches the user or has been recently changed.”