As payment volumes increase and fraud risks become more complex, payments teams are being asked to do more than process transactions: They’re being asked to manage risk, protect data and support the business at scale. From unclaimed property and PCI compliance to vendor oversight and automation, payments now sit at the intersection of operations, compliance and strategy.

The AFP Enterprise Payments Virtual Series: Your Annual Payments Checkup, sponsored by Boost Payment Solutions, explored how leading organizations are strengthening controls, clarifying ownership and modernizing processes to reduce risk while keeping payments moving efficiently.

The following are key takeaways from the four sessions.

Insight #1: Strong payment policies are a frontline risk-control tool

As payment volumes grow and states become more aggressive about enforcement, outdated or incomplete payment policies are exposing organizations to real financial, audit and reputational risk. Payments leaders can no longer treat unclaimed property and escheatment as a back-office clean-up exercise; they must be embedded into a modern, end-to-end payments strategy.

In the session “Payments Policies and Escheatment: Making Critical Updates,” Barbara Carpenter, A/R Consultant for Motion & Control Enterprises, made clear that the risk isn’t just uncashed checks — it’s fragmented ownership, inconsistent processes and policies that haven’t kept pace with operational complexity, acquisitions, remote work and state-level scrutiny. When policies don’t document the full lifecycle of a payment, gaps emerge that auditors will find.

“Organizations with outdated policies face real financial exposure, audit findings and even negative customer experiences,” said Carpenter.

Carpenter explained that strong payment policies meet four criteria:

• Document the entire payment lifecycle, including issuance, monitoring, resolution, due diligence and reporting.
• Assign clear ownership with defined escalation paths, as opposed to shared responsibility without accountability.
• Include structured, repeatable workflows for uncashed checks, supported by audit-ready documentation.
• Are reviewed on a formal annual compliance calendar, not “when something goes wrong.”

“If you only remember one thing from today’s session, remember that strong policies and consistent processes are your best defense,” said Carpenter.

Insight #2: PCI compliance is an enterprise-wide risk decision

PCI compliance is often treated as an IT responsibility, but in the session, “The Importance of PCI Compliance for Your Organization,” George Uko, Senior Credit Manager for Kubota, stated that it is ultimately a business risk and trust issue. Any organization that accepts card payments is accountable for protecting cardholder data end to end.

“PCI is the global security standard for any type of organization that stores, processes or transmits payment card data,” said Uko. In other words, if you take card payments, compliance is not optional.

With fraud increasing and payment channels expanding, PCI lapses carry consequences that go well beyond technology teams. “The goal is to reduce payment card fraud and protect cardholder data end to end — from the minute the card gets swiped to the minute the merchant gets paid,” he said.

When that protection breaks down, organizations can face monthly fines, higher processing fees, operational disruption and reputational damage. “The last thing you want is someone afraid to use their credit card at your establishment,” said Uko.

While IT and security teams play a critical role, responsibility starts with the business. “If I’m the business taking the payment, I’m responsible for PCI compliance,” he said. That accountability also extends to third parties — even when vendors handle transactions. “In the end, it’s still going to be you that takes the hit.”

Insight #3: Vendor risk is an enterprise risk

Vendor-related issues are no longer contained within procurement, finance or operations. Because third parties support core business functions, failures can cascade across compliance, security, operational continuity and reputation — making vendor risk an enterprise-wide concern.

“They [vendors] are an extension of your organization and need to be managed as an integral part of your operations,” said Rich Shively of Williams Distributing in the session, “Know Your Vendors.” In other words, their failures ultimately become your failures.

When a vendor experiences financial distress, regulatory violations or operational disruption, the impact rarely stops at the contract level. “Vendor and third-party failure can directly impact compliance, and the security and reputation of any company,” said Shively.

This exposure is magnified when vendors support critical operations. Interruptions can halt production, delay payments or trigger regulatory scrutiny — all risks the enterprise has to absorb regardless of where the vendor sits in the org chart.

The ripple effect it creates calls for vendor risk to be addressed throughout the enterprise. “It should be part of a larger enterprise risk assessment,” said Shively. One that involves finance, procurement, legal, IT and risk — with clear escalation paths to leadership.

Insight #4: Automation enables organizations to scale with growth

As transaction volumes grow and payment methods diversify, manual processes create unnecessary delays, errors and security exposure organizations simply cannot scale around. This was the case at RingCentral. “We’ve come from a very manual standpoint of trying to do everything humanly that we can, but with the increase in volume, we absolutely needed automation to be able to scale with the growth,” said Gina Quinonez, Financial Operations Director for RingCentral, in the session, “The Automation Advantage: Eliminating Friction in B2B Card Acceptance at RingCentral.”

Despite broad agreement that streamlined, secure payments support growth, many organizations remain heavily manual. In fact, 91% of decision-makers believe easy, secure payments drive business growth, yet only 17% have fully automated their payments processes. Cost concerns, unclear ownership, and uncertainty around where to start continue to slow progress. “It’s not an easy, straight line to automation,” said Rebecca Schultz, Chief Marketing Officer, Boost Payment Solutions.

For organizations that have moved to straight-through processing, the impact is measurable. By removing human touches from the payment flow, teams reduce error rates, eliminate PCI data from internal environments and free staff to focus on higher-value work. “We don’t even have to touch it anymore,” said Quinonez. “It’s not even coming across our desks now.”

And it goes beyond efficiency. Automation supports faster cash application, more reliable remittance data and stronger audit readiness — all while enabling teams to absorb growth without adding to their headcount. “We’re not afraid of the volume increasing anymore,” said Quinonez.

Interested in learning more? The recordings are now available for the Enterprise Payments Virtual Series: Your Annual Payments Checkup, sponsored by Boost Payment Solutions.