In the new update of AMC Banking Business for Business Central we have added the possibility to set up a “direct communication” between your Business Central and certain banks from AMC’s shared services. This means that with some connection types it is no longer necessary to get an AMC Banking Enterprise to set up a direct communication. Apart from that we have made the setup easy, so you can establish this connection with just a few easy steps.
Why a direct connection is right for you
Although a file-based solution (read: download of payment files uploaded to the bank portal) is a way of efficiently paying all your vendors it does come with a risk of fraud. Once the payment file is downloaded the data in the file can be manipulated, vendor bank accounts can be changed to a mischievous employee’s bank account instead – and unless the approval process in the bank is extremely thorough this will not be noticed until it’s too late.
A direct connection counter this by eliminating payment files on your local drives, and instead sending the data through secure data streams all the way to banks where the payments will be executed, without any possibility of manipulating the data on its way there.
Activating a connection like this is a huge step towards countering fraudulent behavior in the workplace and adds a nice automated workflow as well for both exporting of payment data and importing bank statements.
What type of connections is supported on the shared services (AMC Banking Plus)
To be supported on AMC’s shared services it requires that the connection type is a Webservice Connection as we find this to be the most secure and efficient form of connection.
For other connection types such as SFTP, you will still need a dedicated XTendLink service, either because of the bank’s requirements to the connection server or because of the architecture of the XTendLink service.
For now (March 2021) supported banks is as follows:
- Bank Connect group (includes 70 banks in Scandinavia)
- Danske EDI Webservice (DK, SE, NO, FI, BE, DE, GB, PL, IE, NL)
- Nordea CA (DK, NO, SE, FI)
- EBICS Connection (Deutche Bank DE)
Many more banks will be added to this Shared Services within 2021 due to our new PSD2 Certification, the progress can be followed on https://www.amcbanking.com/host-to-host/
How to handle approvals with a direct communication
Since data can not be manipulated through a Direct Communication it is possible to pull the approval process out of the bank portal and into XTendLink. This means that when XTendLink receives a file that is set up with a direct communication, it will ask for approval before sending the payments “pre-approved” to the bank. The approval process is easy to setup and use, yet live up to the same standards of security as that of traditional banks. Once approvers are connected to the Key, they will have the right to approve payments using the 4-eye principle and also approve new approvers using the 4-eye principle leaving no one with the possibility of approving payments single handedly.
On the roadmap of AMC is a mobile-app (expected Q3 2021) that will mirror the data in XTendLink and assign the approvals to through the app.
We also expect to mirror the approval process inside Business Central Payment Journal in future versions.
How is this all possible
Direct communications have existed for quite some time, though it’s become more popular recently due to the PSD2 Directive from EU as well as technology advancement in connection types and encryption keys.
When you establish the connection from XTendLink to the Bank, XTendLink will automatically exchange encryption keys with the bank which will be assigned to a specific user. Using a Shared Secret encryption logic, approvers are added to a “sub-key” of the bank key, enabling them to make changes (read: approve and add new users) in unison.