Organizations and auditors have an ever-increased focus on preventing fraud. One of the most common ways of committing fraud, is trying to change the intended target bank account when transferring money from one bank account to another. Unfortunately, in many organizations, this is also one of the most vulnerable areas, and if proper measures are not taken, there is a significant risk of fraud.
To avoid fraud, the Banking module has multiple fraud prevention measures, which are easy to enable, and which fit easily into the daily work.
SEGREGATION OF DUTIES
One of the easiest ways of preventing fraud, is by ensuring that users with payment execution privileges, do not also have bank account maintenance privileges. The Banking module has sensitively tailored security roles, that encourage segregation of duties, increases internal protections and reduces mismanagement.
For more info on setting up security roles, see separate Set up security roles document
BANK ACCOUNT APPROVAL WORKFLOW
Another way to avoid fraud, is by preventing users from singlehandedly changing bank account numbers, thereby preventing users from changing payments’ intended target accounts. For that purpose, the Banking module includes the so-called “Bank account approval workflow”. Activating this workflow, changes the Banking module’s behavior, so bank account changes are subject to additional approval from users, which have been granted the necessary security rights for approving bank account numbers.
Please note, that to maintain the integrity of the bank account approval solution, it is highly recommended that users are granted security rights with segregation of duties in mind. Users should only be given either bank account maintenance or bank account approval rights, not both.
For more info on setting up and activating the bank account approval workflow, see separate Bank account approval workflow document
Once payments leave the Banking module and the ERP system, the payments are no longer subject to the internal security measures, which prevents manipulation of payment data. Especially physical payment files constitute a security breach, as they potentially allow users to tamper with payment data prior to further processing in the bank system.
If the bank, responsible for the execution of payment, offers a host-to-host solution, it is highly recommended to utilize such a solution. A host-to-host solution has the security-wise advantage, that the solution does not include physical files, hence does not allow data manipulation.
SECURITY PROTOCOLS AND MEASURES
Even though a host-to-host solution does not include physical files, payment data will at some point have to leave the comfort of the Banking module and ERP system. Without the correct security measures, the payment data leaving the system is at risk of being eavesdropped and potentially being manipulated by so-called man-in-the-middle attacks.
To prevent this, the Banking module enforces the use of secure communication via HTTPS/SSL protocols. In addition, security algorithms and calculations go even further in preventing the payment data from being manipulated, even if a person has the possibility and technical skillset to bypass previously mentioned security measures.