Some of the questions we are being asked

Click on the question to see the answer

It is impossible to remember the BSB and Account number of all the Suppliers you authorise payments for. If you therefor attempt to rely on only the BSB and Account number, you will need to check these against a trustworthy source of these details each and every time you authorise each and every payment.

As an authoriser of payments you rely on the PAYEE name, not the BSB and Account Number, to confirm you are satisfied with releasing funds to the named account as the Account details are impossible to remember for multiple Payees. By doing so exposes you to potential fraud and errors. EFTsure™ ensures that who you see you are paying on the screen is actually who is getting paid.

In most cases, No. In accordance with your banking software license agreement the bank is not ultimately responsible and it is not their loss. They only have a responsibility to recall the payment and request that the counter-party bank write to their customer requesting them to return the funds. The bank cannot access these funds once it's in the recipient's bank account. The recipient doesn't have an obligation to refund the money. In the case of fraud the recipient would already have withdrawn the funds from their account. The customer loses not the bank.

  1. Wrong BSB and Account numbers for current suppliers which would result in payments being made to the wrong account
  2. Obsolete BSB and Account numbers – eg where a supplier has changed banks and the Account details on record are now incorrect. In some jurisdictions eg the UK, account numbers are recycled/reused resulting in lost funds if payments are still made to obsolete accounts
  3. Wrong account name for given correct BSB and account numbers.
  4. Confirmation of Supplier Account names and numbers where they are correct giving you comfort that when you pay to that Supplier name the funds will arrive at that Supplier's account.
  5. Cross verification of your list of Supplier details with other EFTsure™ Customers' Supplier details to reassure you that no collusion between your employee and supplier employees are occurring
  6. Cross verification with other EFTsure™ customers of Supplier names that you are paying but that have different bank accounts to the same or similar supplier names that other EFTsure™ customers are making payments to.
  7. Reports on bounced, invalid format or missing email addresses you have on file for your suppliers.

Before the internet and electronic banking, the bank teller on receipt of the cheque at the counter would review the PAYEE name and would only deposit the cheque if the PAYEE name and bank account details matched. Electronic funds transfer has eliminated this review process.

Yes, this is a real risk and as CFO it would be irresponsible to ignore it. In all likelihood your accounts payable staff are trustworthy but people's circumstances can change overnight forcing the most honest person to succumb to desperate actions. Furthermore your staff are human and thus can make mistakes e.g. in typing in the account number they may mistype or transpose digits. You are ultimately responsible for your company's finances.

Yes, it is your responsibility to ensure the company's assets (money) is protected at the highest level. Are you sure you have never had a fraud perpetrated? Many well executed frauds utilising this vulnerability go undetected for years because it is so easy to do and to hide. Due to press publicity leading to awareness of this issue, as well as an increase in the technical ability of the attackers, the incidence of this specific fraud is now growing very fast. You now know about the problem and you have a responsibility not only to the company but also to yourself to insure the business against this risk.

No, EFTsure™ does not access your banking software.  It improves your banking security by adding checks that your bank doesn't do by complementing your banking software just like your accounting software or any other program you use in your business.

EFTsure™ software has been developed using the highest security protocols. We use Secure Socket Layer (SSL) and best practices industry standard encryption to secure customer data.

Yes, because once the ABA file is uploaded into your banking software payment details can be changed. Additionally the fraudulent set up of incorrect payment details can occur at the accounting software level prior to it being uploaded into your banking software application. Furthermore, the ABA file can be edited prior to upload. Therefore all the change controls in place around Vendor Master File Management in your accounting software can be subverted due to the ABA file being editable.

Because the payment details can be manipulated at the banking software application level. Additionally bank account details can be manipulated at the accounting software level or in the generated ABA file after you have checked it.

Yes, because you are the ultimate person responsible for making the payment as CFO or FC. When you are reviewing your payments you are viewing the name of the payee not their bank account details. If it's a name you know you would authorise the payment not realising its going to be paid into a different bank account because it would be impossible for you to remember the payee's bank account numbers.

EFTsure™ is an independent patent pending third party verification service. There is no higher level of internal control than third party review. Being independent EFTsure™ has multiple customers and therefore able to cross check supplier bank details across customers which gives a far higher level of verification than anything an individual company can do on its own.

We provide an excellent, hassle free service at an affordable price allowing you and your IT department the time to focus on running your business.

This breach in internal controls is now in the public domain. Once you have purchased EFTsure™ it will not matter whether your staff know as you will be protected against this type of fraud or error.

The Privacy Act 1988 (Privacy Act) relates to protecting the Privacy of individuals (natural persons) not companies. The Privacy Act regulates how personal information is handled and defines personal information as "information about an identified individual, or an individual who is reasonably identifiable". Common examples are an individuals name, signature, address, telephone number, date of birth, medical records etc. Accordingly the disclosure by you of your suppliers information to the extent that they are companies (and other types of legal entities) will not be impacted by the Privacy Act. Also, suppliers bank account BSB, account numbers and names typically appear on supplier invoices, cheques and often even websites i.e. supplier information is in the public domain. All supplier information is kept strictly confidential in terms of our confidentiality agreement and only used for the specified purpose of minimising fraud and error for the benefit of both your company and your suppliers.

Our technology, search protocols and authentication procedures are patent pending in Australia and multiple other jurisdictions.

We have uncovered issues of various seriousness in the payee files of every one of our customers! Not a single customer had has a Payee Master File that needed no corrections! Types of issues we regularly find are: Incorrect account numbers, incorrect Account Names, out of date dormant accounts, missing account numbers as well as many cases of Customers paying Suppliers by making payments into accounts that are different to that which other Customers paying the same supplier pay into.

It is extremely difficult if not impossible for them to do so. The payment system was not originally designed to be accessed by end customers directly through internet banking (as it was simply bank to bank computer processes) and therefore could safely rely only on BSB and account numbers with the account name only used as a comment field. The issue was created when online banking interfaces allowed users to make payments directly. The problem the banks now have is that the bank making the payment does not have access to the counter-party banks customer details. To do so would require collaboration between all the banks and sharing of their customer details which they are very guarded about due to competitive pressure.

Alternatively the underlying multibank clearing house payment system would need to be redone which would be an extremely complex and expensive multi bank exercise. Additionally a further complexity arises due to businesses using different naming configurations of their suppliers in their vendor master file. As a result no individual bank can verify the PAYEE name of any payee that is not also their customer and instead relies only on the BSB and Account number provided by you to process the transaction.

EFTsure™ resolves this breach in internal control as a completely independent entity engaging directly with the owners of the bank account and cross referencing them across customers in order to enable them to verify the details no matter who they bank with.