Everything you need to know about eftsure

eftsure is a leader in fraud detection and payment protection.

Our pioneering fraudtech solution brings financial controls into the digital age and helps organisations of all sizes mitigate the risk of processing irretrievable Electronic Funds Transfer (EFT) payments to scammers. Our multi-factor verification platform aggregates banking data from nearly 2 million Australian organisations, representing approximately 80% of actively trading Australian businesses. This enables you to verify banking details in realtime before processing EFT payments to your suppliers. This helps mitigate the risk of human error and prevents modern cyber fraud tactics such as social engineering, phishing, fake invoicing and ratting from impacting you financially. Our powerful verification is applied throughout the payment lifecycle: cleaning your existing vendor data, allowing you to add or change vendors securely and efficiently and verifying payments before you process them.

In a business landscape where instances of digital fraud are rising exponentially, eftsure will enhance your payments controls and provide you additional peace of mind.

Digital transformation continues to revolutionise the way we do business. However, along with its many benefits come a range of challenges, notably a worrying rise in digital fraud.

Organisations are confronted by unprecedented threats from financially motivated offshore criminal syndicates that are intent on defrauding them via any means possible, including hacking into computer systems and inducing human error through deception.

The threat is most acute when processing EFT payments. This is because the banking system does not verify (or match) a payee’s Account Name with either their BSB or Account Number.

This verification gap opens the way for criminals to defraud organisations through a range of attack vectors including Business Email Compromise (BEC), Vendor Email Compromise (VEC), hacking into ERP systems, or manipulating data in VendorMaster Files and the text-based Australian Banking Association (ABA) files that are used to upload payment data to online banking portals.

Accounts Payable teams neither have capacity nor are trained to detect fraud. While ERP and Accounting software can only match new data to your existing data; unable to verify against an independent source.

The technology underpinning the banking system was created in a pre-Internet era. And while the banks have made progress in certain areas, they do not have enough up-to-date data on the relationship between payee names, trading names and the match of those to BSB and Account Numbers to account for what is in all business’s vendor master data sets.

Even if they have current data on their own customers, they certainly don’t have it for other banks’ customers. Sharing this data across banks is extremely challenging for both privacy and technology reasons. In addition, as long as the banks do not match this data, the liability for an erroneous transaction sits with you, the authoriser. Should the banks take on the responsibility of matching account numbers to payee name and verify payments, the liability would shift to them.

Modern cybercrime and fraud uses identity theft and social engineering (manipulation) to impersonate trading partners and vendors. Vulnerabilities in supplier or partner organisations become your problem by allowing fraudsters to get into their system and deceive you using legitimate email accounts and documentations.

These impersonations make use of legitimate email accounts and areextremely hard to detect. Further, fraudsters constantly adapt their tactics to circumvent most payment controls and AP measures.

A single factor of verification (be it your own records or a call-back control) is insufficient in such an environment. That’s why we’ve developed a comprehensive anti-fraud solution that’s fit for a digitally connected world. We call it: Multi-Factor Verification.

Multi-Factor Verification is a methodology, enabled by network technology and the scale of the cloud, to provide multiple points of verification for a given set of vendor bank account information.

Based on best-practice cyber security methodologies, such as Multi-Factor Authentication, eftsure embraces a “Safety in Numbers” approach – we verify a given set of bank account details (matching payee name to BSB Account Number and ABN) if multiple businesses verify and pay at the same set of details, then we deem them correct.

We use our live-and growing verified database of almost 2 million organisations, to first verify and then crossmatch this data. This is powerful because to deceive the system, a fraudster would have to deceive multiple organisations at the exact same time. Not to mention defeat our algorithms that look at amongst other factors, the frequency and recency of businesses joining the network.

Across your entire payment lifecycle eftsure draws on its large, proprietary, and dynamic database of verified vendors to provide you with real-time alerts – in the form of simple traffic-light style ‘red thumb’ and ‘green thumb’ symbols that indicate the validity of the vendors bank account information (or lack thereof). By validity we mean that the BSB Account Number match the Bank Account Name and ABN; preventing you from making incorrect payments whether due to fraud or error.

This database powers eftsure’s ability to verify your data at all key phases of your payment lifecycle:

• We health-check, clean and verify your existing VMF/master data.
• We allow you to maintain the validity and accuracy of that data using our secure vendor management portal.
• We provide real-time payment and compliance alerts before you pay, across payment files and in your online banking payment screen,/li>

The power behind eftsure’s ability to health-check your existing vendor data, securely onboard vendors and provide real-time payment alerts is our database. This database or network contains nearly 2 million Australian organisations which is 80% of the current actively trading businesses (by ABN) in Australia. The database was built by eftsure and is proprietary to eftsure.

However, it is growing and dynamic: as customers add or change vendors, the database grows and adapts. There are multiple layers of data in the database including, customer verified data, supplier verified data, bank verified data and third-party data from ASIC and a series of credit bureaus. It is the crossmatching of all these data sets that underpins eftsure’s multi-factor verification. Algorithms work across the database monitoring recency of businesses and payment patters to further secure the data and prevent it from being ‘gamed’.

eftsure starts by auditing your existing supplier data. This process, known as the Vendor Master File Health Check, sees us comparing all your supplier data against our database of nearly 2 million Australian organisations.

This allows you to know which supplier data in your file is accurate, and where anomalies lie, via a unique eftsure dashboard. Typically, 25% of the records within Vendor Master Files are anomalous.

eftsure then seeks to verify any supplier data that is either incorrect or does not yet exist in our database. When necessary, our team of experts undertake independent verifications on your behalf.

Once your Vendor Master File is clean and matches the verified data in our database, we then help you integrate the eftsure platform into your environment so that you can both manage vendors and verify payments, securely and efficiently.

There are three main ways you do this and derive all the benefits of eftsure:

• Via web browser plugin (either Microsoft Internet Explorer or Google Chrome) that runs eftsure seamlessly in your online banking portal
• Via our web portal which allows you to manage suppliers securely and review and verify payment files generated from your ERP system.
• Via your ERP systemwhen connected to eftsure via an API (speak with our technical team to determine the feasibility of this option in your specific
  ERP).

Having a trusted AP team is important. We all want to believe we can trust those we work with, but a core feature of any risk management framework is:

Trust but verify!

It’s never a good idea to place too much trust in, or be too reliant on, just one person, or even a handful of people. Effective business continuity planning
requires you to have resilient systems in place, rather than being overly reliant on the people in your team.

Fraudsters are actively seeking ways to circumvent your traditional security layers. If those security layers are overly dependent on manual verifications by humans, they will be susceptible to tactics aimed at deceiving them into making errors that result in fraudulent payments.

Apart from the financial cost to your organisation, this also has a human cost with staff experiencing unnecessarily high levels of stress and anxiety. Even hiring additional personnel will not protect you from determined fraudsters.

eftsure allows you to automate many of the human-centric, manual procedures your AP team currently undertakes. Embracing technology removes much of the friction in existing payment controls. It also helps ensure your organisation achieves a more effective and robust approach to mitigating fraud and preventing human error.

Importantly, eftsure delivers significant efficiency dividends, allowing your AP team to focus on other important business priorities.

‘Call-backs’ are an important security measure. However, many organisations struggle to undertake call-backs effectively. For AP teams that are under pressure to complete other important tasks, undertaking call-backs is a time-consuming activity. Most Accounts Payable teams, struggle to conduct call-backs effectively and as a result they:

• Do not independently source supplier contact details.
• Rely on return messages and incoming information which may be from
  malicious actors.
• Do not ask the correct verification questions.

The people conducting call-backs are not trained to detect fraud. Recent reports indicate fraudsters are manipulating telephone numbers in Vendor Master Files, or even using “Deep Fake” technologies to impersonate other peoples’ voices. Call-backs alone are insufficient in the fight against increasingly sophisticated digital fraud.

You may have several systems in your accounting environment to manage vendors and workflow. However, eftsure is a unique platform that both verifies your suppliers’ banking details AND protects your payments in real-time before you process an EFT payment.

By comparison:

• Accounting software matches new information to existing information but does not validate this against external information, such as eftsure’s database comprising nearly 2 million Australian organisations.
• Supplier management systems may deliver efficiencies, but do not contribute to security; they can be infiltrated using trojans and malware eftsure achieves both, in real-time.

A clean Vendor Master File is critical because it is used to generate EFT payment files, not to mention a range of other business activities. Incorrect data makes errors easier and can make attempted fraud harder to detect.

The data in your Vendor Master File is used in many business-to-business transactions, tax and GST reporting, management reports, compliance, purchasing, sales, contracts, sourcing, performance, and risk management.

eftsure helps you achieve and maintain high levels of data hygiene in your Vendor Master File.

No. Integrating eftsure is easy.

If you wish to use eftsure seamlessly within your online banking portal, simply install a plugin in your browser (either Microsoft Internet Explorer or Google Chrome). You’ll be ready to start using eftsure within minutes.

You can also export ABA files from your ERP system and upload them into your eftsure portal to verify the banking information. This should not require any involvement on the part of your IT team.

If you wish to connect your ERP system to eftsure via an API, contact our technical team for additional information and assistance.

There’s no reason why technology or systems upgrades should delay securing your organisation from the risk of digital fraud. If your organisation is in the process of upgrading ERP systems or embracing AP Automation, it is an ideal time to ensure the data being used is accurate and up to date. Irrespective of what systems you use within your AP environment, if the data is incorrect, you are much more likely to experience adverse outcomes.

Integrating eftsurerequires very little investment of time on the part of your IT team, but will deliver significant efficiency dividends, helping you automate many manual processes. In addition, it’s worth considering that fraudsters aren’t waiting, so why should you?

The security of your personal and confidential business information is critical to us.
We take appropriate industry recognised steps to prevent personal and confidential business information we hold from misuse, interference, or loss, and from unauthorised access, modification, or disclosure.

This protection includes the use of technologies and processes such as access control procedures, network firewalls, encryption, and physical security. eftsure is fully compliant with the Australian Privacy Act (APA) and handles all data as if it were Personally Identifiable Information (PII), irrespective of whether that data pertains to an individual or an organisation.

Your supplier data is not visible to any other organisation using eftsure. Nor do you have visibility over other organisations’ supplier data.

Our approach is to aggregate data from almost 2 million Australian organisations. With this data we can determine whether a supplier is being paid using matching banking information by multiple organisations. If this is the case,then there is a very strong likelihood that the banking information is accurate.

No additional information, including the names of payer organisations, nor the amounts of any payments, is disclosed.

All data is encrypted, both in transit and at rest. TLS 1.2 is used for all data is transit, whilst 256-bit encryption is used for all data at rest.

When using the eftsure portal, you can create unlimited numbers of user accounts for people within your organisation. Each user account you create can have different privileges, based upon the level of access to data you want that person to have.

All data is only ever stored in our secure hosting environment on AWS in Sydney (nothing is stored offshore).

The eftsure platform has been extensively vetted by Westpac, PwC, and Amazon Web Services.

To ensure we maintain the highest information security standards, our architecture, processes and systems are regularly audited by independent experts and penetration tested.

eftsure has never been affected by any compromises or data breaches.

We provide comprehensive support throughout your onboarding and beyond. Our goal is to help you maximise the benefits your organisation derives from eftsure

eftsure is used by hundreds of leading businesses in almost every sector of the Australian economy from Education to Construction and Property, Mining and Resources, Infrastructure, State Government Departments, Local Government, Hospitality and Tourism, Financial and legal services to name a few. eftsure is also endorsed by PwC, Crime Stoppers NSW, Westpac, HLB Mann Judd and PKF.

Every day, eftsure alerts organisations to suspicious EFT payments before the funds are irretrievably released. Several hundred ‘red thumb’ alerts are issued each month.

Furthermore, our approach to data hygiene helps you maintain accurate and up-to-data supplier information. This reduces the chances of errors as a result of incorrect banking data in your systems.

Eftsure has stopped attempted frauds. Due to the confidential nature of these defrauding attempts, we are not at liberty to disclose the identities of the impacted organisations.

However, some notable recent eftsure successes include:

• Helping a large construction and engineering firm avoid a $1 million fraud attempt resulting from a BEC attack. Click here for all the details.
• Helping a leading diversified food company avoid paying fraudsters $200,000 following a BEC attack.
• Without eftsure’s unique fraudtech platform, it is highly likely that these attempted frauds would have succeeded. More testimonials can be found here.

eftsure is designed to require very little investment of time from your side.

Prior to going live, we will undertake several important steps:

1. 1. Vendor Master File Health Check: 48 hours – 1 week.
   2. Verification attempts of supplier anomalies and those not in our database: 1 week – 3 weeks.
   3. Staff training: 2 hours.

Once we complete these steps, you can start using eftsure within minutes.

When joining eftsure, you gain full access to all the features in the platform. All the features form a holistic fraud-mitigation system and cannot be separated out.

We are so confident you will see the value of eftsure to your organisation’s efforts to curb digital fraud and EFT payment error, that we offer a full 3-month satisfaction guarantee. If at any time during your initial 3 months with eftsure, you are not fully satisfied with our platform, we will refund all payments, including any set-up fees.