All the news, tactics and scams for finance leaders to know about in November 2023.
Payment Security 101
Learn about payment fraud and how to prevent it
The banking verification gap seems like such a simple problem to solve.
When all is said and done, all we are really talking about is the ability to match a supplier’s Bank Account Name to the correct BSB and Bank Account Number, so that when you process an invoice, you know you’re sending the funds to the right beneficiary.
Yet, the solution for such a seemingly simple challenge ends up being far more complex than many initially realise.
Failed attempts to use new and untested approaches, such as Open Banking, to solve this old problem prove there are no shortcuts when it comes to addressing the banking verification gap.
In many respects, trying to use Open Banking to address the banking verification gap was a valiant attempt.
At first glance, the idea had merit. After all, Open Banking allows a consumer’s bank data to be shared with accredited third parties. If a payer can verify a supplier’s bank account information against data obtained directly from the supplier’s bank, then with the simple click of a mouse, the entire banking verification gap problem is solved!
However, as is often the case in life, when something seems to good to be true – it usually is.
After all, Open Banking was never designed as a solution to the banking verification gap. The purpose of Open Banking is to facilitate greater competition in the banking sector, which is dominated by four big players and high levels of customer inertia.
At Open Banking’s core is the premise that the consumer, rather than a business, has ownership rights over the data that’s generated by that consumer’s behaviour. Complaining that Open Banking is ‘opt in’ fundamentally misunderstands the principle that the consumer, not their bank, owns the consumer’s banking data. Were the banks enrolling consumers into Open Banking by default, requiring them to ‘opt out’, it would be contrary to the entire consumer data rights principle.
Trying to use Open Banking for a purpose it was never designed to fulfil is a classic case of trying to fit a square peg into a round hole.
When it comes to attempts to use the Open Banking platform as a solution to the banking verification gap problem, there are five significant hurdles that must be considered.
Open Banking is a relatively new concept in Australia, and many suppliers remain unaware of its existence or how it works.
Using Open Banking to verify a supplier’s bank account information requires the supplier to instruct their bank to send their bank account data to an unknown third party. That third party will store the supplier’s bank account data so individual payers can verify that they are sending payments to the correct bank account.
This requires suppliers to have a high degree of trust in the third party that will be receiving their bank account data.
For many suppliers, who may not understand how Open Banking works, there is likely to be a great deal of reluctance to send their data to unknown third parties.
Furthermore, banks participating in Open Banking usually require their customers, in this case the supplier, to jump through multiple hoops before they will transfer the data to third parties. Commonwealth Bank, Westpac, NAB and ANZ each has safeguards in place to verify that data sharing requests are legitimate.
Typically, the hoops a supplier needs to jump through before they can share data are as follows:
With all these hoops, it’s no wonder many suppliers are reluctant to share their bank account information with third parties.
Suppliers may have security concerns around sending their sensitive banking data via APIs.
Media reports often point to hackers targeting APIs as a way to compromise valuable data. Whilst the information security standards developed around Open Banking seek to mitigate any potential risks associated with APIs, their usage may be a concern for some suppliers.
Additionally, APIs can sometimes be unreliable. Disruptions to data flows due to unreliable API calls may see Open Banking as a less-than-ideal approach to verifying bank account data.
Under Open Banking, when a third party organisation receives data from a bank, that data must be deleted within a time frame stipulated by the consumer who authorised the sending of their data. The maximum time limit before the data must be deleted is 12 months.
This is another hurdle when it comes to using Open Banking as a way to address the banking verification gap.
After all, suppliers often have multi-year relationships with their customers. If a supplier’s data needs to be deleted within 12 months, that supplier may need to periodically re-request the sending of their data to the third party verifier.
It will be hard enough convincing a supplier to send their data once. Convincing them to keep on doing it will be a major headache.
From time to time suppliers need to change their bank account information.
Whether due to a corporate restructure, or simply preferring to change banks, the supplier will need to visit their bank and make a fresh request to share their updated bank account information via Open Banking.
Many suppliers may forget to do this, resulting in invoices being verified against outdated information. This may result in payments being sent to incorrect bank accounts.
Verifying supplier bank account information is not a one-time task. The information must be continuously verified, preferably every time a payment is being sent to the supplier.
It’s all very well to verify a supplier’s bank account details when they are being added as a new supplier to an organisation’s ERP system. However, days, weeks or months may pass before a payment is sent to the supplier.
During this protracted period of time, malicious actors may manipulate the supplier banking data in ERP systems, Vendor Master Files or ABA files.
That’s why it’s critical to verify supplier’s bank account data in real-time, immediately prior to processing a payment.
Given the five hurdles associated with using Open Banking to address the banking verification gap, Eftsure’s tried and tested approach remains the gold standard.
Over many years, Eftsure has developed an approach known as Multi-Factor Verification.
Since 2016, we have been aggregating banking and corporate data into a proprietary database that comprises over 85% of active Australian corporate entities.
We don’t simply rely on one source of data. Rather, we aggregate data from multiple independent sources. These include both official sources, such as regulators, as well as from the payers and suppliers themselves.
This gives us the unique ability to cross-match data from totally separate sources.
When data from multiple sources all conform, it gives the sender a high degree of assurance that their supplier is legitimate and that they are sending funds to the intended recipient.
Eftsure currently verifies over $8.5 billion of supplier payments monthly!
Best of all, our unique approach enables us to continuously verify supplier banking data. The Eftsure platform sits on top of existing Accounts Payable processes, enabling real-time verifications, immediately prior to a payment being sent.
Organisations no longer need to worry that supplier banking data may have been manipulated between onboarding and the time when the payment is processed.
To learn more about Eftsure and how we can help your organisation stay protected despite the banking verification gap, contact us today for a free demo.
With cybercrime on the rise, it’s critical to know what finance leaders are (and aren’t) doing to protect their organisations from digital …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.