Fresh Thinking: Insights + Resources

Information Created to Address Your Business’s Top Challenges and Concerns. To Spark Transformative Thinking and Problem Solving.
March272014

Payment Exceptions: How to Limit Them

payment exceptions

Practically any business that receives payments electronically has had to deal with payment exceptions. Exceptions are payments that, for one reason or another, cannot be posted accurately upon receipt by billers.

While the exception rate for all bill payments (including both paper and electronic) is only about one-half of one percent, according to the 2012 Exceptions Benchmarking Study, this adds up to an estimated 130 million payments each year that require exception handling. The total annual cost of handling these exceptions is an estimated $720 million.

"Payment exceptions have a significant impact up and down the payment processing chain, but especially on billers," says Katrina King, Treasury Management Sales Executive for Cadence Bank. "An employee has to manually resolve exception issues, which results in additional expenses for companies and also impacts their cash flow."

Causes of Payment Exceptions

One of the most common causes of payment exceptions is inaccurate and/or missing customer account numbers, the study found. While customers are often blamed for these errors, companies should still do everything in their power to help prevent these errors.

This includes providing detailed instructions to help customers enter all necessary account information accurately, notes King. "You really can't provide too much detail when it comes to these instructions. People are busy, and they often rush through the process of electronic bill paying, especially when entering account numbers. Automate as much of this as you can for your customers to help eliminate errors."

In addition, the study found that when payment processors notify customers that they have entered incorrect account numbers, the exception rate drops drastically — from 0.56 percent to just 0.04 percent. Sixty percent of processors provide such notification, according to the study, while 40 percent don't. "Ask your credit card processor if they provide notice to customers of incorrect information," King suggests. "And if they don't, encourage them to do so."

The Importance of PCI Compliance

Another common cause of payment exceptions is the failure of businesses to comply with PCI Data Security Standards (PCI DSS). These standards establish basic payment information security procedures and offer best practices for credit and debit card processing. When followed, they can help prevent fraud and the payment exceptions that usually result.

All businesses that process, store, or transmit credit and debit card information must demonstrate they do so within a secure environment that meets PCI DSS security requirements. PCI DSS includes 12 requirements that specify the framework for a secure payment environment. The requirements are comprised of three essential steps:

1. Assessment — The primary goal here is to identify technology and process vulnerabilities that pose risks to the security of any cardholder data transmitted, processed or stored by your business. Analyze your business processes and IT assets to look for any security gaps that could leave cardholder data vulnerable to identity thieves.

2. Remediation — This is the process of repairing any vulnerabilities that are uncovered during your assessment. These include technical flaws in software code, as well as unsafe practices in how you are processing or storing cardholder data. The remediation process should include:

  • Network scanning with software designed to analyze your infrastructure and spot known vulnerabilities.
  • Classifying and ranking vulnerabilities in order to prioritize the order of remediation.
  • Applying patches, fixes, workarounds, and changes to unsafe processes and workflow.
  • Re-scanning to verify remediation.

3. Reporting — To be considered in PCI compliance, businesses must submit regular reports to their acquiring bank. These include a quarterly scan report completed by an Approved Scanning Vendor. Large businesses must have an annual on-site assessment performed by an approved Qualified Security Assessor, while smaller businesses must submit an annual Attestation within the Self-Assessment Questionnaire validation tool.

"It's important to note that complying with PCI Data Security Standards is not optional if your business accepts credit or debit cards — it's required," says King. "If your customers' credit and debit card information is compromised, this could lead not only to fraud and payment exceptions, but to lawsuits, insurance claims, fines and lost sales due to damage to your company's reputation."

 

Please contact your Cadence Bank Treasury Management representative if you would like more information about reducing payment exceptions.