ACH is seeing rapid adoption for use in B2B vendor payments as companies are gradually moving away from paper checks. The ACH network saw a 15.5% increase in B2B transactions compared to last year, for a total of 1.4 billion payments, according to a report from NACHA. NACHA is the organization that oversees the ACH network.
But how safe are ACH payments? According to data from NACHA, fewer than 0.03% of ACH transactions are returned as unauthorized. That is a pretty high success rate by any standard, but while ACH payments are generally quite safe for the payer, the vendor is the one who is putting their sensitive banking data at risk. When it comes to Microsoft Dynamics 365 Business Central, there are a few considerations to ensure ACH payments are properly secured to protect vendor information.
Securing your business’s ACH payments is not only good for vendor relations, it protects you against liability for fraud.
Related: ACH Transfer vs Wire Transfer
It’s More than Just Best Practice, It’s a Growing Compliance Concern
The latest guidelines from NACHA require Encryption at Rest to make recipient bank account numbers invisible to human eyes for all ACH transfers. While these guidelines are being rolled out in phases and currently only affect large businesses in large part, this is the direction the industry is going and it is likely to be required for all businesses in the near future. Business Central does not do Encryption at Rest natively.
What is Encrypted at Rest?
“Data at Rest” is just what it sounds like--data that is not in a state of transit, i.e. data that is not being transferred over the internet. This basically refers to all the natively-stored data on your server, desktop, mobile or other hard disk. “Encrypted at Rest” simply refers to any method used to encrypt any of that at-rest data. The best way to think about Encrypted at Rest is to compare it to storing your data in a bank vault, vs Encrypted in Transit which would be more like moving data with an armored truck service.
Timeline for Encryption at Rest Requirements
Phase 1: This applied to ACH originators and 3rd parties making more than 6 million ACH payments annually. Phase 1 became effective on June 30, 2021
Phase 2: This applied to ACH originators and 3rd parties making more than 2 million ACH payments annually. Phase 2 became effective on June 30, 2022.
Like we said, Business Central does not meet the Encryption at Rest requirement natively, but that doesn't mean it can't be done. Fidesic AP makes it easy to stay compliant with the latest rules and guidelines in accounts payable. If you are running payroll or you make ACH payments through any Business Central module or integration, it is a good idea to check that these are meeting the requirements as well.
Further Reading: What the ACH Boom Means for Dynamics GP and BC Users
3 Steps to Secure ACH Payments
ACH payments are safe for you but you can make them safer for your vendors. Here's how...
1. Remove Human Data Input
Bank account numbers and routing numbers can be used to access funds. Instead of emailing your vendors or collecting this info by phone, set up a secure portal where vendors can enter their banking information so your team never has to lay eyes on the data. This way, vendors aren't sending sensitive data over less secure platforms like email. Vendors should also be able to manage their info through this portal when (or if) they need to make updates.
2. Encrypted Storage
To make sure your ACH payments are secure, it is best to store data in encrypted servers that comply with the highest industry standards of security (SSAE Type 16, SOC 2). Never store this data on local hard drives and it's best if you don't store it on your local servers either. Opting for secure 3rd party storage tends to be the most secure route.
3. Enable Secure File Transfer
Sending ACH files via SFTP will make sure your ACH payments are secure end-to-end. Enable audit traceability for all transactions, and again, remove human eyes from ever seeing banking info to ensure the file can't be edited en route to the bank
How Fidesic Makes ACH Payment Processing for Microsoft Dynamics 365 Business Central Easy and Secure
Fidesic AP is the go-to accounts payable automation solution for Business Central and simplifies ACH with higher levels of security. Here's why Fidesic is different:
- Fidesic AP includes a vendor portal so you (the user of Fidesic) do not handle your vendors' bank account info directly. Your vendor enters their data into our portal so they don't have to email, or deliver their bank info by an insecure method.
- ACH banking info is stored in an 'encrypted at rest' location in our SSAE Type 16, SOC 2 compliant servers.
- We automatically deliver the ACH file directly to your bank over SFTP, which means it's encrypted end-to-end. There's no ability for anyone (whether accidentally or maliciously) to edit the info in the file before it is delivered to the bank.
- Vendors manage their ACH info, so your employees do not have direct access to sensitive info when vendors need to make changes.
- All you have to do is pick the invoices you'd like to pay out of Business Central, and we'll take care of fulfillment, whether that's via paper check or ACH. Every payment we send will give your vendors the option to opt in for ACH payments.
Related: How does Direct ACH Transmission Work?