Interview: How Paper Invoices Could Be the Weak Link in Your Security

September 26, 2017

2:30 pm

When any small business owner comes across news of an internet security breach at a major organization (which seems to be every week lately), one thought likely flits across their mind: Is my business secure? After all, the CEO of Equifax abruptly resigned today following the massive breach on his watch.

But the traditional concerns like password strength and two-step verification all overlook an even more basic security issue: The old-school paper trail left by invoices and the transactions they trigger.

Laura Whitt-Winyard, Director of Information Security at Billtrust, shared her thoughts with TechCo on the vulnerabilities businesses are facing through their invoices. When it comes to cross-organizational security, companies tend to overlook these four potential pitfalls.

Sending Paper Invoices to the Wrong Person

“If your company utilizes a manual invoicing process in their invoice delivery,” Laura starts out, “there is always a risk that the wrong invoice will be sent to the wrong customer, potentially revealing proprietary information to competitors and sensitive information to strangers. Mistakes happen more often than is needed, especially with manual tasks.”

The upshot for business owners, Laura goes on to add: Preventing human error should be a major priority.

Leaving Paper Checks Lying Around

Even after the invoices are paid up, paper transactions leave you open to data breaches.

“Sending a paper check may seem like a secure transaction, but once it is sent, it is out of the customer’s control. It can sometimes sit on someone’s desk for days until a bank run is made to deposit them,” Laura notes.

Emailing Sensitive Data

So what’s left? Email? Not so fast…

“Emails can also seem like a secure option in the accounts receivable (A/R) process, but it is not and can present security gaps. While your company’s emails may be secure at rest, the transmission, forwarding of emails, downloading of emails and the receiver’s account may not be,” Laura says of the process.

Customers Paying With Virtual Credit Cards

And getting customers to offer up credit card information comes with the obvious risk: a database of logins and passwords that could wind up in the wrong hands.

“If companies are using a ‘virtual’ or one-time-use credit card payment option, one of the latest methods for payments in business, the A/R teams are prompted to create login/password information to securely access the payment for process. This can result in thousands of logins and passwords which are not locked down or securely stored online. A safer alternative would be to receive a one-time link in which data entry personnel, in a secure (physically & logically) environment, can process the payments.”

The safest option may be to outsource the risk to a third-party company designed to handle invoice-to-cash solutions securely. However, these companies are only as good as their own security, whether physical or logical. Turning to a SaaS solution cuts down on risk, but no company can be too cautious or too secure: Since security concerns are always evolving, what worked yesterday may not work tomorrow.

Read more about tech’s evolving security challenges here at TechCo

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Adam is a writer with an interest in a variety of mediums, from podcasts to comic books to video essays to novels to blogging — too many, basically. He’s based out of Seattle, and remains a staunch defender of his state’s slogan: “sayWA.” In his spare time, he recommends articles about science fiction on Twitter, @AdamRRowe

  • Shares

Leave a Reply

  • (will not be published)
Startup_Mixology_300x250
.ME Tech.co search 300x600

Get personal with .ME

Make your domain name as unique and memorable as you are. Get creative, get .ME!