Keeping Your Payments Safe

Keeping Your Payments Safe

Bob Stark

VP Strategy at Kyriba

Views 603

Keeping Your Payments Safe

29.12.2016 09:30 am

Fraud and cybercrime have been a concern for corporate treasurers for several years, and this past year showed us that there is a new risk to consider: connectivity. The stories of banks being hacked and losing millions through unauthorized payments shook the industry, since protecting payment connectivity workflows was low on the priorities list for treasury.

While unfortunate for those involved, there are valuable lessons to be learned for the rest of us in treasury:

1. Protect payment systems from unauthorized access. Corporates have many options – bank portals, treasury management systems, ERPs – that offer the ability to initiate and approve payments. Each and every one of these systems should be protected by more than a UserID and password. The CIO in every organization has likely set a standard for user authentication protocols; treasury needs to align with that to ensure that financial systems are secure from unauthorized entry. Sometimes that minimum standard is multi-factor authentication, but oftentimes it is a combination of safeguards. The CIO will have already set a policy that treasury should follow.

Additional reading: The Business Case for a Payment Hub

2. Standardize payment processes. Too many times I see examples of inconsistent payment policies when there are different payment types, or systems used to initiate/approve payments, within various geographies, or across different banks. There must be one payment policy that is then applied to each of these scenarios. Inconsistency in payment controls creates exposures that can be exploited. While every treasurer employs separation of duties and likely assigns limits to those duties, it is important to ensure that the payment policies are global – across the entire organization, covering every payment scenario. Integration and/or consolidation of payment systems can help that, of course. The key is to ensure that you do not have a “weakest link” that is beyond the visibility of treasury.

3. Secure payment files in transit between systems. Whether payment information within files are sent directly to the bank or exchanged between internal systems first, it is always important to keep this information secure and away from internal or external threats. The more systems involved, the more risk: for example, ERP + TMS + Service Bureau. Reducing the number of systems used to approve and release payments is one solution; applying digital signatures to authenticate payment files is another. The important point is to ensure that what the bank receives was securely transmitted from initiation all the way through the entire payment workflow.

Additional reading: Centralizing corporate Payments to Improve Efficiency and Reduce Fraud

4. Review acknowledgements and reconcile outgoing payments. Every bank provides confirmation that payments have been received. Some payment channels (e.g. SWIFT) offer more acknowledgements than others, but whatever level of confirmation is received it is critical to review and confirm that what was received and processed by the bank matched what your systems sent to the bank. Running intra-day and prior-day bank statement reconciliation reports are also recommended to offer an additional checkpoint so that treasury can confirm what was sent matches what was processed.

5. Implement an internal control center. While difficult to implement in a spreadsheet environment, most treasury and payment systems will have some sort of control center that monitors outgoing payment files as well as any system workflow changes – such as modifications to approvers, changes to limits, or updates to payment instructions. Active monitoring of transactions is important, but just as critical is your visibility into the workflow changes. Ideally this would be presented in a dashboard as well as an email friendly format to more easily identify exceptions.

While 2016 introduced us to risks in payment connectivity that we may not have previously thought about, there are best practices to keep your payments safe. For more information, please feel free to review our webinar with the AFP as well as the AFP’s Treasury in Practice guide on Securing your bank connectivity.

Latest blogs

Nish Kotecha Finboot and Bryan Foss, NED, Visiting Professor at Bristol Business School and member of the FRC Audit & Assurance Council

How Listed Companies Can Use Blockchain to Prevent Auditing and Reporting Malpractice and Avoid Scandal

Not too long ago, there was very little to link Wirecard, the disgraced payments platform in Aschheim, Germany, with Boohoo, the fast-fashion online retailer in Leicester, England, but both have recently been embroiled in high-profile scandals. Read more »

Leon Muis Yolt Technology Services

The Time for Financial Services to Become Truly Digital is Now

The financial services industry looks set to change dramatically over the next couple of years in response to COVID-19. The pandemic has certainly highlighted some inefficiencies and weak spots in current processes for many businesses, such as those Read more »

Granville Turner Turner Little

The Lockdown Money Revolution

Many Brits have found that lockdown has been beneficial for their money, having cut back on personal spending and managing to put away some extra cash. According to eToro, Brits with unspent discretionary income are set to accumulate £75.5bn in Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Robert Flowers DivideBuy

It Doesn’t Have to Be the End – How Retailers Can Grow in Light of COVID-19

It’s no news that the retail industry has been flipped on its head by the COVID-19 pandemic. Due to the lockdown, most in-store operations have been shut down, and nationwide furloughs, reduced pay and steady streams of income at risk have fuelled a Read more »

Related Blogs

Brad Hyett phos

Apple Acquires Mobeewave - phos comments

The pandemic has resulted in a huge increase in demand for contactless payments and frictionless, simple ways of paying. Software-based Point of Sale (SoftPOS) technology is perfectly suited to meet new customer demands, and frankly, is the future Read more »

Ian Johnson Marqeta

Why Fraud Doesn’t Have to Be a Fact of Online Life

We are going through very unusual times, with most of the country having lived under state-imposed lockdown in the last few months. Against this backdrop, fraudsters are unfortunately thriving, and we have seen numerous warnings and scams being Read more »

Vince Graziani IDEX Biometrics ASA

Could digital exclusion in payments be a barrier to a COVID-free society?

Cash is in decline in every country around the world. That has only intensified since the emergence of the COVID-19 pandemic, swiftly leading us towards a cashless society. Many retailers have stopped accepting cash altogether, instead encouraging Read more »

Andrew Stevens Quadient

Monzo Outage Impacts Payments, Bank Transfers and Chat Services - Expert Comment from Quadient

At a time when consumers are already faced with such uncertainty, being unable to pay bills, access their wages or even view their balance can be stressful, especially if they are not adequately informed of the severity and likely duration of the Read more »

Daniel Bardini Bottomline Technologies
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel