How it works
At the heart of the EFTsure™ solution is the independently verified EFTsure™ List which reports in real-time to our customers the accuracy of their payments.
EFTsure™ has a suite of solutions for customers to choose from including free preliminary reports, comprehensive audit reports and real time authentication of payments using the EFTsure™ banking extension program.
1. Free Health Check
This provides you with an opportunity to try the system obligation free and at no cost. All you need do is contact us to request this free health check report - the service checks your Vendor Master File for inconsistencies, duplicates, missing information etc as well as matching it against our EFTsure list.
2. Comprehensive Audit Report
In order to extend coverage of your suppliers beyond what is provided in the free report, we offer an enhanced service whereby we obtain independent verification from your suppliers and provide you with a Comprehensive Audit Report.
Click below to see the supplier verification process.
3. Banking Extension Program - Continuous Real Time Verification of Payments
The Comprehensive Audit Report is a report providing a health check on the Vendor Master File at the time the report was generated. For continuous up to date real-time reporting the ultimate solution is the EFTsure™ bank extension program, that enables you to validate your payments prior to release. By signing up for and installing the EFTsure™ bank program extension you will be provided with the highest level of real time continuous verification of your supplier payments.
Click below to see how the bank extension program works:
EFTsure™ suite of products and services is cost effective – call us on 1300 985 976 to find out more
EFTsure™ operates under a strict security and privacy regime. The information you provide will not be released to any other party and only used for the purpose of verification against the EFTsure™ List or contacting your suppliers on your behalf.
EFTsure™ banking extension does not access your online banking software. It works independently of it just like your accounting software or any other program you use in your business.
The majority of business payments today are made via Electronic Funds Transfer.
Prior to the release of an electronic payment Chief Financial Officers or authorising officers review payments by checking the Payee Name on the bank screen or payment report. This review is flawed because Banks don't match Payee Names with Account Numbers. Banks process payments by reference to BSB and Account Numbers only. Therefore there is no certainty that the Payee Name that you see on the screen will be the actual recipient of the payment.
The implication of this is that in spite of seeing the correct name the payment may be going to the wrong account.
Banks explicitly warn customers on their websites that they take no responsibility for any payments being directed to the wrong account.
Example Bank Disclaimer:
"Important: You must enter the correct BSB and account number of the intended payee. In processing payments, the bank does not verify that account name matches the provided account number. If you enter an incorrect BSB and/or account number, your funds may be paid to an unintended recipient and it may not be possible to recover your funds from that recipient."
The banks are therefore protected but you aren't! This exposes you, your company, your directors and shareholders to financial loss and reputational damage.
As a Finance Officer or business owner you have a responsibility to protect your company's funds by implementing systems and procedures to ensure a sound internal control environment exists. You are ultimately responsible for the flow of funds out of the company and the authenticity of payments made to suppliers, employees and other payees.
Vendor Master File management is typically an area that is susceptible to internal control weakness due to the volume of suppliers, new suppliers, inactive suppliers, continuous changes to supplier details, requirements for workflow ease, resource limitation on segregation of duties, deficiencies in password management, collusion and the fact that payment files (known as ABA files) are editable once created which means internal control processes can be bypassed exposing businesses to error and fraud through changes to ABA files prior to uploading into the bank.
This weakness is already being exploited. See our News Room for some recently publicised incidents.
EFTsure™ has developed a patent pending payment authentication solution that mitigates against this risk in the electronic payment process and operates independently of an organisation's internal risk mitigation processes.
As part of our procedures we verify the integrity of your Vendor Master File (VMF) being the source file where your banking details are recorded and consequent electronic payments derived. Thereafter EFTsure's banking software extension analyses payment details just prior to release of funds thereby continually checking the authenticity of payments and acting as gatekeeper for an organisation's electronic payments.
EFTsure™ cost effective, independent third party service is able to provide the highest level of verification and provide Finance Officers with peace of mind that the Payee Name that they see on their banking screen will be the actual recipient of the payment.
Source:KPMG Fraud Barometer 43 cases involved employees transferring some, or all,of the fraudulently obtained funds to their own bank accounts by Electronic Funds Transfer. With cheques being phased out by businesses,more Electronic Funds Transfer crime will occur in the future.
Source:Warfield & Assoc iates. (This equates to $120 million dollars of misappropriated funds).
EFTsure™ provides an innovative, cost-effective and specialised service and software solution to businesses validating the integrity of their payment data and ensuring prior to making an EFT payment that the name of the Payee matches the BSB and Account number.
Frequently Asked Questions
It is impossible to remember the BSB and Account number of all the Suppliers you authorise payments for.
If you therefor attempt to rely on only the BSB and Account number, you will need to check these against a trustworthy source of these details each and every time you authorise each and every payment.
As an authoriser of payments you rely on the PAYEE name, not the BSB and Account Number, to confirm you are satisfied with releasing funds to the named account as the Account details are impossible to remember for multiple Payees. By doing so exposes you to potential fraud and errors. EFTsure™ ensures that who you see you are paying on the screen is actually who is getting paid.
In most cases, No. In accordance with your banking software license agreement the bank is not ultimately responsible and it is not their loss. They only have a responsibility to recall the payment and request that the counter-party bank write to their customer requesting them to return the funds. The bank cannot access these funds once it's in the recipient's bank account. The recipient doesn't have an obligation to refund the money. In the case of fraud the recipient would already have withdrawn the funds from their account. The customer loses not the bank.
- Wrong BSB and Account numbers for current suppliers which would result in payments being made to the wrong account
- Obsolete BSB and Account numbers – eg where a supplier has changed banks and the Account details on record are now incorrect. In some jurisdictions eg the UK, account numbers are recycled/reused resulting in lost funds if payments are still made to obsolete accounts
- Wrong account name for given correct BSB and account numbers.
- Confirmation of Supplier Account names and numbers where they are correct giving you comfort that when you pay to that Supplier name the funds will arrive at that Supplier's account.
- Cross verification of your list of Supplier details with other EFTsure™ Customers' Supplier details to reassure you that no collusion between your employee and supplier employees are occurring
- Cross verification with other EFTsure™ customers of Supplier names that you are paying but that have different bank accounts to the same or similar supplier names that other EFTsure™ customers are making payments to.
- Reports on bounced, invalid format or missing email addresses you have on file for your suppliers.
Before the internet and electronic banking, the bank teller on receipt of the cheque at the counter would review the PAYEE name and would only deposit the cheque if the PAYEE name and bank account details matched. Electronic funds transfer has eliminated this review process.
Yes, this is a real risk and as CFO it would be irresponsible to ignore it. In all likelihood your accounts payable staff are trustworthy but people's circumstances can change overnight forcing the most honest person to succumb to desperate actions. Furthermore your staff are human and thus can make mistakes e.g. in typing in the account number they may mistype or transpose digits. You are ultimately responsible for your company's finances.
Yes, it is your responsibility to ensure the company's assets (money) is protected at the highest level. Are you sure you have never had a fraud perpetrated? Many well executed frauds utilising this vulnerability go undetected for years because it is so easy to do and to hide. Due to press publicity leading to awareness of this issue, as well as an increase in the technical ability of the attackers, the incidence of this specific fraud is now growing very fast. You now know about the problem and you have a responsibility not only to the company but also to yourself to insure the business against this risk.
No, EFTsure™ does not access your banking software. It improves your banking security by adding checks that your bank doesn't do by complementing your banking software just like your accounting software or any other program you use in your business.
EFTsure™ software has been developed using the highest security protocols. We use Secure Socket Layer (SSL) and best practices industry standard encryption to secure customer data.
Yes, because once the ABA file is uploaded into your banking software payment details can be changed. Additionally the fraudulent set up of incorrect payment details can occur at the accounting software level prior to it being uploaded into your banking software application. Furthermore, the ABA file can be edited prior to upload. Therefore all the change controls in place around Vendor Master File Management in your accounting software can be subverted due to the ABA file being editable.
Because the payment details can be manipulated at the banking software application level. Additionally bank account details can be manipulated at the accounting software level or in the generated ABA file after you have checked it.
Yes, because you are the ultimate person responsible for making the payment as CFO or FC. When you are reviewing your payments you are viewing the name of the payee not their bank account details. If it's a name you know you would authorise the payment not realising its going to be paid into a different bank account because it would be impossible for you to remember the payee's bank account numbers.
EFTsure™ is an independent patent pending third party verification service.
There is no higher level of internal control than third party review.
Being independent EFTsure™ has multiple customers and therefore able to cross check supplier bank details across customers which gives a far higher level of verification than anything an individual company can do on its own.
We provide an excellent, hassle free service at an affordable price allowing you and your IT department the time to focus on running your business.
This breach in internal controls is now in the public domain. Once you have purchased EFTsure™ it will not matter whether your staff know as you will be protected against this type of fraud or error.
The Privacy Act 1988 (Privacy Act) relates to protecting the Privacy of individuals (natural persons) not companies. The Privacy Act regulates how personal information is handled and defines personal information as "information about an identified individual, or an individual who is reasonably identifiable". Common examples are an individuals name, signature, address, telephone number, date of birth, medical records etc. Accordingly the disclosure by you of your suppliers information to the extent that they are companies (and other types of legal entities) will not be impacted by the Privacy Act. Also, suppliers bank account BSB, account numbers and names typically appear on supplier invoices, cheques and often even websites i.e. supplier information is in the public domain. All supplier information is kept strictly confidential in terms of our confidentiality agreement and only used for the specified purpose of minimising fraud and error for the benefit of both your company and your suppliers.
Our technology, search protocols and authentication procedures are patent pending in Australia and multiple other jurisdictions.
We have uncovered issues of various seriousness in the payee files of every one of our customers! Not a single customer had has a Payee Master File that needed no corrections! Types of issues we regularly find are: Incorrect account numbers, incorrect Account Names, out of date dormant accounts, missing account numbers as well as many cases of Customers paying Suppliers by making payments into accounts that are different to that which other Customers paying the same supplier pay into.
It is extremely difficult if not impossible for them to do so.
The payment system was not originally designed to be accessed by end customers directly through internet banking (as it was simply bank to bank computer processes) and therefore could safely rely only on BSB and account numbers with the account name only used as a comment field.
The issue was created when online banking interfaces allowed users to make payments directly. The problem the banks now have is that the bank making the payment does not have access to the counter-party banks customer details.
To do so would require collaboration between all the banks and sharing of their customer details which they are very guarded about due to competitive pressure.
Alternatively the underlying multibank clearing house payment system would need to be redone which would be an extremely complex and expensive multi bank exercise. Additionally a further complexity arises due to businesses using different naming configurations of their suppliers in their vendor master file. As a result no individual bank can verify the PAYEE name of any payee that is not also their customer and instead relies only on the BSB and Account number provided by you to process the transaction.
EFTsure™ resolves this breach in internal control as a completely independent entity engaging directly with the owners of the bank account and cross referencing them across customers in order to enable them to verify the details no matter who they bank with.