Virtual cards, also known as Single-Use Accounts (SUA), are among the latest in payments technologies. They are auto-generated credit card numbers that A/P departments can send to suppliers as a link contained in an email, for a one-time-use payment. Their growing popularity with customers is due to a variety of factors.
One reason is that virtual cards provide A/P departments visibility and control over the buyer’s payments. Another reason is that they automate the account reconciliation process – the more automated the process, the less chance for human error. Additionally, there is an increased level of security on the payments side. We’ve already discussed that virtual cards have a one-time use, randomly generated number. But they can also be set to the exact cost of the bill and can be set to expire after a specific amount of time, reducing the chance of theft or fraud.
On the flip side, this emerging payment process introduces new challenges for the suppliers and the A/R side of the invoice-to-cash process:
One challenge is that the infrastructure that supports virtual card payments does not currently integrate neatly with ERP systems to enable straight-through processing. In addition, while the issuing of a single-use number is automated, the supplier processing side of it is not. Consequently, A/R departments receiving virtual card payments often have to manually retrieve the card number and remittance information, process the payment and then manually apply the cash into their ERP system.
If a supplier is given a virtual card number for payment, this will often require them to pay an interchange fee on each transaction that is completed. While these interchange fees can differ based on the type of card used, fees can get expensive, costing suppliers an average of 2.5% of the payment per transaction.
While the A/P department may start using virtual cards due to its improved security, on the A/R side, there can actually be some increased security risks. A company receiving credit card payments, for example, needs to be PCI-compliant, which means they need to comply with Payment Card Industry (PCI) Data Security Standard (DSS) in order to host credit card data securely with a hosting provider.
Additionally, while buyers may have a secure system to send the virtual card payment email, the supplier’s email may not be as secure. Ensuring appropriate security protocols can be costly for many...