Eftsure is a leader in fraud detection and payment protection.  

Our pioneering fraud-tech solution brings financial controls into the digital age and helps organizations of all sizes mitigate the risk of processing hard-to-recover Electronic Funds Transfer (EFT) payments (including ACH and wire transfers) to scammers.  

Our multi–layer verification platform verifies the banking data of your vendors against our aggregated banking data from a large and growing network of verified businesses in our customer community, IRS and OFAC government databases, banking consortiums, and other fraud signals and anomalies. This enables you to verify banking details in real time before processing digital payments to your suppliers and vendors, mitigating the risk of human error and preventing modern day cyber fraud attacks, including: social engineering, phishing, fake invoices, AI voice cloning, invoice manipulation, remote access trojans (RATs) and more. Our powerful verification is applied throughout the procure to pay lifecycle: cleansing your existing vendor data, allowing you to add or change vendors securely and efficiently, and verifying payments before you process them.  

In a business landscape where instances of cybercrime and digital payment fraud are rising exponentially, Eftsure enhances your payments controls and gives you peace of mind that you are paying the right people. 

Digital transformation continues to revolutionize the way we do business. However, along with its many benefits come a range of challenges, notably a worrying rise in digital fraud.  

Organizations are confronted by unprecedented threats from financially motivated criminal syndicates that are intent on defrauding them via any means possible, including hacking into computer systems and inducing human error through deception.  

The threat is most acute when processing EFT payments such as ACH and wire transfers. This is because, in the ACH Network, receiving banks are not required to perform name matching when posting entries, and ACH rules permit a bank to rely solely on account number even if the receiver's name doesn’t match the account name.  

This verification gap opens the way for criminals to defraud organizations through a range of attack vectors, including Business Email Compromise (BEC), Vendor Email Compromise (VEC), hacking into ERP systems, or manipulating data in vendor master files and text-based ACH (NACHA-format) payment files that are used to upload payment data to online banking portals.  

Typically, Accounts Payable teams neither have capacity nor training to detect this type of fraud. And ERP and accounting software can only match new data to your existing data, meaning they’re unable to verify against an independent source.

The technology underpinning the banking system was created in a pre-internet era. And while banks have made progress in certain areas, they do not have enough up-to-date data on the relationship between payee and trading names, and the match of those to routing and account numbers to validate what’s inside all the vendor master files of all businesses.  

Sharing this data across banks is extremely challenging for both privacy and technology reasons. In addition, in the ACH ecosystem, rules explicitly allow a receiving bank to post based on account number even if the receiver's name doesn’t match the account name—limiting consistent, network-wide name matching.  

As long as the system does not consistently match this data, the liability for an erroneous transaction sits with you, the authorizer.  

Several large US banks offer an “Account Validation” add-on, commonly known as Early Warning Services (EWS). This service can help confirm whether an account appears open and whether ownership details align at the moment a payment is initiated; however, fraud rarely starts at the bank screen. It enters your payment process earlier. In our multi-layered verification process, EWS is just one step. If the banks give you a questionable or not completely verified status, it is still on you to decide what to do next. Whether that is continuing with payment or starting a manual callback process. We take that process on for you.  

Modern cybercrime and fraud use identity theft and social engineering (manipulation) to impersonate trading partners and vendors. Vulnerabilities in supplier or partner organizations become your problem, too, by allowing fraudsters to get into their system and deceive you using legitimate email accounts and documentation.  

These impersonations make use of legitimate email accounts and are extremely hard to detect. To make it worse, fraudsters are constantly evolving and adapting their tactics to circumvent most payment controls and AP measures. Many of today’s cybercrime syndicates are running with the same style of organization charts that Fortune 500 companies have. That is exactly how organized their mission to defraud you is.  

A single factor of verification (be it your own records or a manual call-back control) is insufficient in such an environment. That’s why we’ve developed an approach that’s fit for a digitally connected world: multi-layered verification.  

Multi-layer verification is a methodology, enabled by network technology and the scale of the cloud, that provides multiple points of verification for a given set of vendor bank account data. (for example: routing number, account number, and account name—plus tax identifiers when appropriate).  

Based on best-practice cybersecurity methodologies, Eftsure embraces a “Safety in Numbers” approach – we verify a given set of bank account details (for example, matching the payee name to routing and account numbers, and cross-checking identifiers like a TIN/EIN where applicable) if multiple businesses verify and pay at the same set of details, then we deem them correct.  

Many US organizations collect a vendor’s name and Taxpayer Identification Number (TIN) for IRS information reporting, commonly via IRS Form W-9; for many businesses, the TIN provided is an EIN. Our portal also allows you to request all documentation required in your onboarding process, such as W-9s. 

We use our live-and-growing verified, global customer community database of verified businesses to crossmatch this data. This is powerful because, to deceive the system, a fraudster would have to deceive multiple organizations at the exact same time. Not to mention, they’d need to defeat our algorithms that look at the frequency and recency of businesses joining the network, among other fraud anomalies. This customer community not only brings you a level of automatic verification; it is also our way of alerting all customers in our network of a fraudulent vendor account. If we catch it in one of our customer organizations, we can alert all our other customers, who might also be paying that same vendor.  

Across your entire procure to payment lifecycle, Eftsure draws on its large, proprietary, and dynamic database of verified vendors to provide you with real-time alerts in the form of simple ‘red thumb’ and ‘green thumb’ symbols that indicate the validity of the vendor’s bank account information (or lack thereof).  

By “validity,” we mean that the routing number and account number matches the bank account name and TIN, protecting you from making incorrect payments whether due to fraud or error.  

This database powers Eftsure’s ability to verify your data at all key phases of your payment lifecycle: 

• We health-check, clean and verify your existing VMF/master data.  

• We give you the power to maintain the validity and accuracy of that data using our secure vendor management portal.  

• We provide real-time payment and compliance alerts BEFORE you make a payment  

The power behind Eftsure’s ability to health-check your existing vendor data, securely onboard vendors and provide real-time payment alerts? Our database. This database, or our what we like to call our Customer Community of verified businesses was built by Eftsure and is proprietary to Eftsure.  

However, it is growing and dynamic. As customers add or change vendors, the database grows and adapts. There are multiple layers of data in the database, including customer-verified data, supplier-verified data, bank-verified data and third-party data from public business records (for example, state business registries where applicable) and a series of credit bureaus. It is the cross-matching of all these data sets that underpins Eftsure’s multi-layer verification. Algorithms work across the database, monitoring recency of businesses and payment patterns to further secure the data and prevent it from being “gamed.”  

Eftsure starts by auditing your existing supplier data. This process, known as the Vendor Master File Health Check, gives us the ability to compare all of your supplier data against our database of verified businesses.  

This allows you to know which supplier data in your file is accurate and where anomalies lie, via a unique Eftsure dashboard. Typically, 25% of the records within vendor master files are anomalous.  

Eftsure then starts the verification process for any supplier data that is either incorrect or does not yet exist in our database. When necessary, our team of experts undertake independent verifications on your behalf.  

This process guarantees you start with clean vendor data, not an inherited risk full of fraud anomalies, duplicates, or incorrect banking details. 

Once your vendor master file is clean and matches the verified data in our database, we then help you integrate the Eftsure platform into your environment so that you can both manage vendors and verify payments, securely and efficiently.  

There are two main ways you do this and derive all the benefits of Eftsure: 

• Via our web portal which allows you to manage suppliers securely and review and verify payment files generated from your ERP system (including ACH and wire payment files).  

• Via your ERP system when connected to Eftsure through an API or partner integration. (speak with our technical team to determine the feasibility of this option in your specific ERP).  

Having a trusted AP team is important. We all want to believe we can trust those we work with, but a core feature of any risk management framework is:

Trust but verify!

It’s never a good idea to be overly reliant on just one person, or even a handful of people. Effective business continuity planning requires you to have resilient systems in place, rather than being fully dependent on the people in your team.

Fraudsters are actively seeking ways to circumvent your traditional security layers. If those security layers are overly dependent on manual verifications by humans, they will be susceptible to tactics aimed at deceiving them into making errors and potentially facilitating fraudulent payments.

Along with the financial cost to your organisation, this brings a variety of other costs, including heightened anxiety in staff, potential reputational damage, delays, time spent on clean-up or attempting to recoup the loss, and much more. Even hiring additional personnel will not protect you from determined fraudsters.

‘Call-backs’ are an important security measure. But many organisations struggle to implement call-backs effectively. For AP teams that are under pressure to complete other important tasks, undertaking call-backs is a highly manual and time-consuming activity. Many  teams struggle to conduct call-backs effectively, which can mean they:

• Don’t independently source supplier contact details
• Rely on return messages and incoming information that may be from
  malicious actors
• Do not ask the correct verification questions

The people conducting call-backs are not trained to detect fraud. Recent reports indicate fraudsters are manipulating telephone numbers in vendor master files, or even using “Deep Fake” technologies to impersonate other peoples’ voices. Call-backs alone are insufficient in the fight against increasingly sophisticated digital fraud.

You may have several systems in your accounting environment to manage vendors and workflow. However, Eftsure is a unique platform that both verifies your suppliers’ banking details AND protects your payments in real-time before you process an EFT payment.

By comparison:

• Accounting software matches new information to existing information, but doesn’t validate this against external information, such as Eftsure’s database comprising 7.5 million organisations.
• Supplier management systems may deliver efficiencies, but don’t contribute to security. They, too, can be infiltrated using trojans and malware. Eftsure delivers efficiencies and security, in real time.

A clean vendor master file is critical because it’s used to generate EFT payment files, not to mention a range of other business activities. Incorrect data makes errors easier and can make attempted fraud harder to detect.

The data in your vendor master file is used in many business-to-business transactions, tax and GST reporting, management reports, compliance, purchasing, sales, contracts, sourcing, performance, and risk management.

Eftsure helps you achieve and maintain high levels of data hygiene in your vendor master file.

No. Integrating Eftsure is easy.

If you wish to use eftsure seamlessly within your online banking portal, simply install a plugin in your browser (either Microsoft Internet Explorer or Google Chrome). You’ll be ready to start using Eftsure within minutes.

You can also export ABA files from your ERP system and upload them into your Eftsure portal to verify the banking information. This should not require any involvement on the part of your IT team.

If you wish to connect your ERP system to Eftsure via an API, contact our technical team for additional information and assistance.

There’s no reason why technology or systems upgrades should delay securing your organisation from the risk of digital fraud. If your organisation is in the process of upgrading ERP systems or embracing AP automation, it’s an ideal time to ensure the data being used is accurate and up to date. Irrespective of what systems you use within your AP environment, if the data is incorrect, you are much more likely to experience adverse outcomes.

Integrating Eftsure requires very little investment of time on the part of your IT team, but will deliver significant efficiency dividends, helping you automate many manual processes. In addition, it’s worth considering that fraudsters aren’t waiting. Why should you?

The security of your personal and confidential business information is critical to us.
We take appropriate industry recognised steps to prevent personal and confidential business information we hold from misuse, interference, or loss, and from unauthorised access, modification, or disclosure.

This protection includes the use of technologies and processes such as access control procedures, network firewalls, encryption, and physical security. eftsure is fully compliant with the Australian Privacy Act (APA) and handles all data as if it were Personally Identifiable Information (PII), irrespective of whether that data pertains to an individual or an organisation.

Your supplier data is not visible to any other organisation using Eftsure, nor do you have visibility over other organisations’ supplier data.

Our approach is to aggregate data from 7.5 million organisations. With this data we can determine whether a supplier is being paid using matching banking information by multiple organisations. If this is the case, then there’s a very strong likelihood that the banking information is accurate.

No additional information, including the names of payer organisations, nor the amounts of any payments, is disclosed.

When using the Eftsure portal, you can create unlimited numbers of user accounts for people within your organisation. Each user account you create can have different privileges, based upon the level of access to data you want that person to have.

All data is only ever stored in our secure hosting environment on AWS in Sydney. Nothing is stored offshore.

The Eftsure platform has been extensively vetted by Westpac, PwC, and Amazon Web Services.

To ensure we maintain the highest information security standards, our architecture, processes and systems are regularly audited by independent experts and penetration tested.

We provide comprehensive support throughout your onboarding and beyond. Our goal is to help you maximise the benefits your organisation derives from Eftsure.

Eftsure is used by hundreds of leading businesses in almost every sector of the Australian economy from education to construction and property, mining and resources, infrastructure, state government departments, local government, hospitality and tourism, financial and legal services, to name a few.

Eftsure is also endorsed by PwC, Crime Stoppers NSW, Westpac, HLB Mann Judd and PKF.

Every day, Eftsure alerts organisations to suspicious EFT payments before the funds are irretrievably released. Several hundred ‘red thumb’ alerts are issued each month.

Furthermore, our approach to data hygiene helps you maintain accurate and up-to-data supplier information. This reduces the chances of errors as a result of incorrect banking data in your systems.

Eftsure has stopped attempted frauds. Due to the confidential nature of these defrauding attempts, we are not at liberty to disclose the identities of the impacted organisations.

However, some notable recent Eftsure successes include:

• Helping a large construction and engineering firm avoid a $1 million fraud attempt resulting from a BEC attack.
• Helping a leading diversified food company avoid paying fraudsters $200,000 following a BEC attack.

Eftsure is designed to require very little investment of time from your side.

Prior to going live, we will undertake several important steps:

1. Vendor Master File Health Check: 48 hours – 1 week.
2. Verification attempts of supplier anomalies and those not in our database: 1 week – 3 weeks.
3. Staff training: 2 hours.

Once we complete these steps, you can start using Eftsure within minutes.

When joining Eftsure, you gain full access to all the features in the platform. All the features form a holistic fraud-mitigation system and cannot be separated out.