Skip over navigation

Contact us to learn more about OroCommerce's capabilities

Contact us

B2B eCommerce

How to Maintain Online Payment Security in B2B eCommerce

July 12, 2017 | Oro Team

This post has been contributed by a guest author – Beth Koth,

In a business landscape that’s completely dependent on technology and virtual payment transactions, running a business-to-business operation demands meticulous attention to detail and constant vigilance – especially when it comes to taking payments. The benefits and risks are higher with B2B transactions because the stakes are higher. Not only are you responsible for the data of your clients but in some cases, you may be responsible for their customers’ data as well.

Business-to-business eCommerce is expected to hit over $1 trillion by 2020. Because today’s businesses are shifting their purchasing online, B2B operations need to accommodate them by offering a variety of payment options that extend beyond the standard credit card. Online check payments, ACH transfers, wire transfers, virtual or purchasing cards, and extended credit are all viable and necessary options in a flexible market. First, ensure your site meets regulatory requirements such as eCommerce PCI compliance. And, check out these tips on how to make your gateway payment systems smarter, safer, and less open to fraud and abuse.

Accounts with Multiple User Roles

The nature of B2B purchasing is much different than the one of B2C; your security solutions must be flexible enough to account for different levels of privilege, supporting multiple user roles and customizable permissions that enable multiple levels of access to the payment method.

Implementing “access control” – which is centered on the security principle of Separation of Duties (SoD) – helps more clearly define who can engage with each step of the payment process. Each user role has access to different capabilities, maintaining a sort of checks and balances to ensure that all payments are being processed correctly. Permissions allow individuals and organizations to implement stronger access controls, guarding against unauthorized transactions or erroneous or fraudulent invoices being approved for payment.

Buy Legitimate Products

As a business catering to other businesses, you need to make sure that the software and hardware that you’re using is legitimate and highly rated. Buying legitimate copies of security software, including antivirus programs and malware filters, reduces your risk of letting valuable data slip through your fingers. Plus, legitimate copies get continually updated to improve performance and enhance security. Buy good products and keep them up to date.


Anyone coming to buy or sell on a digital platform should expect to provide some form of verification. As the B2B sector has expanded into eCommerce, verifying an individual’s identity before agreeing to a sale has become a more common issue. With B2B transactions, verification is of special importance, considering how many large transactions are conducted between entities across international borders.

B2B businesses can verify their B2B buyers via Tax identification number (TIN) for the US or VAT IDs for EU countries (the feature is going to be soon released in OroCommerce). Such identity verification can help ensure the validity of B2B payment transactions.

Store Less – Encrypt More

Avoid storing tracking data in your system, and encrypt everything that you do store. Invest in a high-quality encryption program, and consider working with an IT company that specializes in internet security to make sure that everything runs smoothly. If you’re accepting credit card payments, require clients to enter the CCV code, which stands for credit card verification. This is the 3- or 4-digit code on the back of your credit card. This CCV code prevents identity thieves from using the credit cards fraudulently online and consequently lowering the credit scores of card holders.

Avoid Paper-Based Checks

Antiquated as they are, paper checks remain the one of the leading sources of B2B payment fraud. The ultimate goal of eCommerce is to make sales transactions simpler – by using an online payment gateway, all sales transactions can be entirely electronic and mobile, too. Going paperless is more convenient and more secure as well. All major credit cards companies must adhere to PCI compliance standards, and depending on the online payment provider, additional layers of fraud protection may also be available.

Make Criminals Work Harder

Simple passwords have never been enough to deter criminals, and they’re even less effective today. Create additional layers of security by requiring complex passwords and using two-factor authentication when your clients make financial transactions. Complex passwords might be irritating to keep up with, but they work! Try storing all your passwords in a secure vault to eliminate the risk of prying eyes.

Multiple Payment Options

For B2B, credit card transactions can be inconvenient because of the transaction fees for both buyer and seller and chargeback problems for sellers. That said, buyers must be sensitive to the payment needs and preferences of their vendors. By incorporating different payment options – credit card, e-payment, electronic invoicing and so on – it’s possible to streamline any possible points of friction at which point someone may choose to click away and abandon their cart.

For B2B businesses eager to gain a stronger global foothold, security across multiple payment systems should absolutely be a top priority. In order to offer personalized service across international markets, it’s crucial to recognize that providing multiple types of payment options is as important as recognizing other equally significant cultural differences. Considering the growing risk of cybercrime it’s a boon to payees if they can skip the potentially dangerous hassle of obtaining customer credit card or bank account information.

Comply with PCI

PCI stands for Payment Card Industry. The PCI Security Standards Council or PCI SSC was formed in 2006 by several major credit card issuers. Today, it actively monitors and certifies merchants that accept online payment, including B2B eCommerce sites. In order to accept online forms of payment, you must comply with PCI standards, which are robust, complex, and rigorously enforced. While the PCI does offer self-assessment tools for verifying data security, you should know that you don’t have to handle certification on your own. Your payment processor can take care of PCI compliance, allowing you to conduct business without worrying over complex data security measures. One popular PCI service is Promisec.

Ensuring B2B eCommerce security means going beyond basic encryption and regular antivirus scans. Today, you need to meet PCI compliance and employ comprehensive, up-to-date software in your fight against internet fraud and abuse. These and other security measures ensure that you can offer a bevy of online payment options without inadvertently selling your clients’ data to criminals.

About the Author: Beth Kotz is a contributing writer to She specializes in covering financial advice for female entrepreneurs, college students and recent graduates. 

Back to top