However...NACHA file formats, which is what the AP module generates, are
not encrypted. APS (and others) use a different method than using a NACHA file that is uploaded to a bank's portal by the Sage user. Sage may encrypt the vendor's ACH data in Sage tables in 2018 and above (they should be anyway), but AP ACH as it is currently designed does not use any vaults. The NACHA file upload used typically doesn't have any fees when the bank's portal is used, which may be why this is still being used.
This will change I'm sure because of vaulting and the greater integration of ACH into payment processing.
------------------------------
Bob Sosbee
Senior Developer
Accounting Systems, Inc. (ASI)
Covina CA
803-252-6154 x245
------------------------------
Original Message:
Sent: 10-11-2019 13:32
From: Jerry Norman
Subject: ACH Vendor Payments - Bank Information Collection
Storing ACH data in a vault is quite possible. For example, APS and Sage 100 v2018 does this. Just like CC. Also, some processors, like APS, can arrange next-day payment for ACH -- which otherwise takes up to 10 days.
------------------------------
Jerry Norman
President, 90 Minds
Smartbridge Partners
512.419.1444 x112
------------------------------
Original Message:
Sent: 10-11-2019 12:17
From: Doug Higgs
Subject: ACH Vendor Payments - Bank Information Collection
@Jerry Norman This issue is about the initial and ongoing data collection and also the liability associated with the physical custody of the all vendor bank routing and account numbers for accounts payable ACH payments. Sage 100 does not store vendor bank information in the Sage vault like they do credit card information, so this data is not encrypted and more vulnerable to theft. They have asked me for recommendation to improve the security associated with both the collection and the custody of the account information.
------------------------------
Doug Higgs
Assistant Technical Support / Building Maintenance Specialist
Midwest Commerce Solutions, Inc
Original Message:
Sent: 10-11-2019 10:03
From: Jerry Norman
Subject: ACH Vendor Payments - Bank Information Collection
Is this concern about an initial collection of data, or keeping them for later use?
For the latter, doesn't using PCI-compliant solutions like APS solve the security problem?
For the former, have them send a jpg of the info; these are hard to pull ascii info out of.
------------------------------
Jerry Norman
President, 90 Minds
Smartbridge Partners
512.419.1444 x112
Original Message:
Sent: 10-10-2019 08:51
From: Doug Higgs
Subject: ACH Vendor Payments - Bank Information Collection
It's a good point @Myron Stevenson that mailing a check includes the banking information. On one hand the physical custody is compromised, on the other hand, mailing checks to different addresses randomizes the process... only one check is mailed at a time. My customer's concern is the liability they have of maintaining a database of vendors that include the banking information. If the database is compromised all of the vendor banking information could be used for fraudulent purposes... similar to companies we learn of in the news that have data breaches and customer credit card information is stolen.
I like the idea of an encrypted pdf or other document that can be sent to the client... maybe a password protected pdf that is then compressed, encrypted and password protected using pgp or some other method.
------------------------------
Doug Higgs
Assistant Technical Support / Building Maintenance Specialist
Midwest Commerce Solutions, Inc
Original Message:
Sent: 10-10-2019 08:24
From: Myron Stevenson
Subject: ACH Vendor Payments - Bank Information Collection
To collect the information clients usually create a form (PDF) that vendors fill out with banking information.that can be emailed, faxed, or mailed back. Keep this in mind, every time you send out a check, you just sent out your banking information. Do you really know who's got access to your bank information?
------------------------------
Myron Stevenson
Consultant
Clearis Consulting, Inc
Duluth, MN
218-525-6720