5 best internal controls over vendor master file
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
For anyone in Accounts Payable, ABA files are a simple fact of life. Little thought is given to generating, uploading or processing ABA files, and whether they represent a risk to your organisation.
Take a deep dive into ABA files, what they are, how they work and how you can ensure you’re not at risk when relying on ABA files.
An ABA file is a text based file.
The term “ABA” refers to the Australian Banking Association. It is named such because it is a standard used by most Australian banks for processing batch payments through online banking portals. Because payments are often sent between banks, the formatting of ABA files needs to align with the requirements of the Australian Payments Network (formerly the Australian Payments Clearing Association or APCA) – an association of financial institutions that facilitates inter-bank payments.
ABA files are widely used by Australian organisations whenever they need to process batch payments, whether in the form of supplier invoices or employee salaries.
ABA files are simple text files.
There is always an initial row, known as a “type 0” record that contains headers. Under this comes multiple “type 1” rows – with one row for each of the payments you will be processing. At the bottom comes a “type 7” row which contains the totals.
There are a range of formatting requirements, such as the width of columns, the number of characters that need to be used and whether the data needs to be left or right aligned. Thankfully, most ERP and payroll systems will generate ABA files meeting all the specific formatting requirements – so you don’t need to manually format the document yourself.
Here is an example of what an ABA file may look like:
Whilst it would theoretically be possible to manually create an ABA file – it would likely be a slow and painful experience.
As mentioned above, there are many specific formatting requirements.
These days, most ERP systems used by Australian organisations are able to generate ABA files easily using the information you enter into those systems. That’s why it is crucial that all information entered into your ERP, and by extension your Vendor Master File, is accurate.
Read our three part series on having a clean Vendor Master File:
If you want to process batch payments, you’ll need accounting software that can generate ABA files in the correct format, such as an ERP.
Once all the payment information is entered into your ERP, including the supplier data mentioned above, you will be able to export the ABA file from your ERP. This will be a text-based file which should then be saved in a secure, password-protected folder. It is important that access to this folder is restricted in order to limit the opportunities for malicious actors to manipulate the data in the ABA file.
Once you have generated a payment file in your ERP system, you can download the ABA file before uploading or importing it into your online banking portal.
Every bank has its own online banking portal.
Once you login, you should see an option to upload your ABA file into the portal in order to process the batch payment.
Most banks provide guidance on how to do this if you require any assistance:
There are a range of reasons why you may be getting an error when uploading your ABA file to your online banking portal.
In most circumstances, it will be due to the data in the file not being formatted correctly.
Some common errors can include:
Unfortunately there is one error that you will not see, but it would help tremendously if you did see: Cases where the Account Name does not align with the beneficiary BSB and Account Number.
When funds are transferred according to the data contained in ABA files, the banks make no effort to ensure the Account Name entered matches either the BSB or Account Number entered. In fact, the Account Name field is treated as nothing more than a comment box. It is therefore essential that you have a system in place to ensure you are in fact transferring funds to the intended recipient.
Do not rely on the information contained in the Account Name field alone!
Unfortunately, not.
Given that ABA files are simple text files, they remain particularly vulnerable to manipulation, whether by outsiders or insiders intent on defrauding your organisation.
Recent warnings by Australian banks point to malicious software, or malware, being released into the wild that specifically targets ABA files. This particular strain of malware appears to fraudulently modify the beneficiary account details that are listed within ABA files.
According to reports, this particular malware is able to identify and then alter an ABA file prior to an Accounts Payable (AP) officer importing it into their organisation’s online banking portal. Such risks are heightened in cases where an ABA file is generated quite some time prior to a batch payment being processed. Any timing delays simply provide attackers more opportunities to manipulate the data in the ABA files.
External attackers are not the only risk when it comes to ABA files. Internal threats should also be taken seriously.
If too many individuals within your organisation have access to ABA files, you run the risk of someone deliberately manipulating payment details. Due to the fact that ABA files are simple text files, editing the information contained in them is easy. It is critical that you have controls in place to restrict the number of people who have access to the folders and files in which you keep ABA files.
You should also ensure that your IT department maintains comprehensive logs over all people and devices that access those folders and files, so if any internal fraud occurs, you have the ability to fully investigate the matter.
Restricting access to folders and files according to a “Need to Know” basis is essential for safeguarding your ABA files.
Given the fact that ABA files are text-based files, they are particularly vulnerable to manipulation by malicious actors, both external and internal.
Follow these steps to protect your organisation from ABA security threats:
With Eftsure sitting on top of your accounting processes, ensuring your ABA files remain accurate and you are paying the intended recipient becomes easy.
Due to the text-based nature of ABA files, fraudsters routinely look for ways to adjust BSB and Account Number data, resulting in payments being transferred to a bank account they control. And due to the fact that banks are unable to match a beneficiary’s Account Name with either their BSB or Account Number, until now there’s been no easy way for your AP officers to ensure you’re not being defrauded.
However, with Eftsure’s real-time verifications, you’ll receive alerts of mismatched supplier banking details, helping you identify and block any potentially fraudulent activity.
Contact Eftsure today for a comprehensive demonstration of how we can help keep your organisation secure.
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
The vendor master data cleansing process is a critical activity every AP team should periodically undertake to stop payment errors and fraud.
Establishing vendor master file best practices is the first step to cleaning your how your supplier data should be handled and maintained.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.