Security

Steps to strengthen your security and prevent fraud (AX2012 and D365FO)

Blog by Frederik Ahring Larsen

AMC Banking deals with cash management, a central and important task of any organization yet also one that is susceptible to fraud. Built into AMC Banking there are multiple fraud prevention measures that you can utilize to mitigate the risks.

I will take you through the three most important measures you should be aware of.

Security measure 1: Role separation

Segregation of duties is the corner stone of your effort to mitigate the risk of fraud. It makes sure the correct people have the necessary accessibility. Should any user be allowed to both create payments and maintain vendor master data? Probably not! A strict and well-thought-out security role plan is the way to get here.

Out-of-the-box AMC Banking supports the following security roles:

  • AMC Banking Payment Clerk: Has access and rights in the payment journal.
  • AMC Banking Posting Clerk: Has access and rights in the posting journal.
  • AMC Banking Reconciliation Clerk: Has access and rights in the reconciliation journal.
  • AMC Banking Manager: Has access to maintain customer and vendor master data and give view-only access to all the Clerks.
  • AMC Banking Setup Manager: Has access to maintain and change the core setup in the banking module.
  • AMC Banking Workflow Approver: Can approve changes to vendor/customer bank accounts (see security measure 2).

Remember that all user roles can be changed using the AX/D365FO security role editor. For example, you can easily remove the option to make manual payments from the AMC Banking Payment Clerk Role.

AMC recommends having clear segregation of duties for different daily tasks and limiting all users to the tasks they are responsible for.

If you wish to read more about AMC user roles, please see document here: Set Security Roles

Security measure 2: Activating the bank account approval workflow

If a single person with the wrong intentions can change both vendor and customer bank accounts by himself, it is plausible that this person is able to do tremendous financial damage before being caught. Adding a second pair of eyes to any bank account changes is an incredibly important step in countering fraud.

This is possible by adding the AMC bank account approval workflow, included in the AMC Package (AX2012) or through LCS (D365FO).

The normal way of using the workflow is having a “Submitter” and an “Approver” for every change of a vendor- or customer bank account, obviously with the two roles not being the same person.

The bank account approval workflow adds a “changes history” to all bank accounts, to easily identify who have approved any changes.

Security measure 3: Setting up a direct communication

Transferring a payment file (pain.001 file) from AX/D365FO to your bank needs to be a secure process – downloading the file and uploading it in the bank is not.

All other measures you have taken to mitigate risks are basically useless if a single user can simply open a payment file in, say notepad, and change the content before uploading it to the bank.

Instead, AMC highly recommends starting a project of setting up a direct communication between AMC and your Bank. Doing so will instead of giving you a file send an encrypted payment file straight to the bank where it will be processed.

This means that a payment file cannot be changed once it has been sent, and it also integrates with AMC’s payment approval functions; you can approve payments straight in your payment journal before they are transferred securely to the bank to be executed.

Implementing these steps, will integrate user segregation and 4-eye principles to the crucial processes of your cash management solution in AMC Banking for AX2012 or Dynamics Finance and Operations.