Vendor ACH Security
Sending payments to vendors via ACH is very convenient. Sage 100 Contractor can create the file, and you can upload it to the bank. From the bank’s perspective, this is more secure than writing checks which can be intercepted, names and amounts altered, and other security risks (which is why you want to use Positive Pay!).
When you choose to send payments via ACH, it’s important to have policies in place to confirm and verify any requests for changes in bank routing information or bank accounts. This is one of the BIGGEST phishing scams because it’s successful! Be sure you have a hard and fast policy that these changes are NOT made without a phone call that you initiate to a phone number you already have, to talk with your regular contact person!
So now the next bit of bad news—one of our clients thinks there might have been changes to the vendor email address where the confirmation is sent and the bank info on the ACH section of the 4-4 Vendor screen. In a great pro-active move, they requested a report so they can stay in front of any changes in the actual 4-4 screen related to processing vendor ACH payments.
Using our SQL Script Runner tool, we created a report to take advantage of some of the security tracking of field changes in S100C. The overall guidelines are to run a report that looks back about a month looking for any changes to the vendor email address field in the 4-4 screen, or any of the fields on the ACH Payment Setup tab. The customized output can sort by user, by vendor, indicating the fields changed. This can then be run before creating the ACH file that will go to the bank. If there were changes, they can be verified and confirmed before generating the file!
We’re so glad this client came to us to brainstorm this issue. Congratulations to them for staying in front of this risk. We are happy to have created a custom tool to give them exactly what they need. This is just one example of the custom solutions our Business Applications and Programming team members have rolled out! –CMW