How to send invoices securely: Invoicing best practices


As invoicing evolves in sophistication, so do the attempts to defraud businesses via hacking this process. You may have already heard of invoice redirection fraud – costing businesses almost £82m in the UK last year. This is conducted by fraudsters claiming to be the seller and either intercepting and modifying the original invoice, or through follow-up communication to buyers to update them on a change of bank details – resulting in payment being directed to fraudsters’ bank.

With the shift to electronic invoicing during the pandemic lockdowns (to ensure invoices reached buyers well before the due date, wherever they were), there has been a rapid rise in email invoices sent out. In some cases, these are sent without dedicated invoicing software, perhaps utilizing ERP systems or other accounting software’s ability to send emails directly. In extreme cases, traditional paper invoice processes are simply replicated on digital platforms – meaning invoice production and then emailing is every bit as manual as the processes that went before.

Ensuring invoices go out quickly, accurately, and securely is crucial to maintaining cash flow, so let’s dive into where things go wrong and how to ensure maximum security and best practices across your invoicing and payments processes.

What risks does email invoicing pose?

Small business may be tempted to email invoices directly from accounting software such as Xero, Quickbooks or similar, or perhaps export invoices to send via Outlook email or other service.

Bringing invoice and pricing data into invoice templates may seem streamlined and secure, but if these are then sent out in the body of an email, or as an attachment (such as an unsigned PDF), there’s a risk of interception and malicious reworking to redirect payments elsewhere.

Even if email invoices aren’t intercepted and modified, fraudsters have been known to target businesses with spear phishing attacks that identify individuals responsible for invoice payments and either submit false payment requests apparently from internal email addresses, or they claim to be from a known supplier and request an update to the bank account details used for remittance.

Using invoicing software to ensure secure delivery

Invoices can be delivered more securely when using dedicated invoicing software, such as an electronic invoicing presentment and payment (EIPP) platform. With an EIPP platform, invoice notifications are sent via email, but the actual invoice data can be held securely online – linked to from the email, SMS, or other notification.

Customers can easily click through, from the invoice notification, and sign in securely to an EIPP platform with security that’s equivalent to online banking. Once on the platform, customers can quickly verify they are in the right place (their login details worked, they can check old invoices, etc.)

The ability to automate the generation of recurring invoices and delivery via the platform can save repetitive processes which do not need human involvement. Furthermore, workflow can be streamlined for all manner of invoice creation and delivery through connection to ERP systems.

Invoicing system functionality can include rules-based delivery to different contacts depending on invoice value, product type or any other data-driven requirement.

In cases where a PDF invoice, or associated documentation, must be supplied via email, these can include digital signatures to provide customers with the assurance [that the invoice and documentation are legitimate].

Even small business owners would do well to consider the extra security and value that dedicated invoicing systems can provide. As tempting as it might be to send invoices to freelancers via Gmail, every time a shortcut like this is taken, it erodes the overall integrity of your invoicing processes.

A secure payment process for your invoices

An online invoicing solution allows customers to make secure online payments with credit card, debit card, PayPal, ACH, or other common payment methods. The simplicity of online invoicing brings extra security and streamlines the payment process from a customer’s perspective, as well as improving invoice creation workflow for your accounts receivable team.

Depending on the type of invoicing software or EIPP platform you choose, you may have a choice of payment gateways to facilitate the payment process. The payment gateway is provided by a bank or other financial institution and will allow customers to use a variety of payment methods securely online.

Secure invoicing workflow

For optimal security across your electronic invoicing workflow, we suggest an EIPP platform which requires the same level of login security for administrators as it does for customers. However, when run within a business, you can simplify the login process by using single sign-on technology to validate admin users.

Data security should be at the heart of any EIPP platform. Each customer’s accounts should be clearly delineated from others, with individual username (or email) and passwords for every user. An added bonus of requiring each administrator and customer to log in with unique credentials is that the EIPP platform can generate a full audit log of their activities. This is a critical advantage should there ever be a need to investigate issues in the future.

Streamlined online invoicing, via an EIPP platform, should remove any reliance on copying data from one system to another, using workarounds, or dependence on individual know-how to get invoices out on time. Simplicity drives efficiency, removing the risk of human error and secure data leakage at any point.

Furthermore, sending emails via an EIPP platform should provide real-time insight into delivery and receipt status, as well as tracking payments to reconcile against invoices and streamline bookkeeping requirements.

Having this oversight of who has received and responded to what and when enables you to send payment reminders before invoices go beyond payment terms and you need to chase late payments, or resort to bringing in a collections agency

Supporting paper invoices alongside secure electronic invoice delivery

Electronic invoicing has many security advantages over traditional paper invoices. Aside from all of the points mentioned above to ensure access security, veracity of sender, and visibility of payment status, paper invoices have the additional disadvantage of having to travel by post, and may reside — unmonitored — in various locations on their way to the accounts payable desk.

Bringing extra security to paper invoices can be done through requiring delivery status confirmation, or tracked delivery, to ensure each invoice reaches the intended destination safely.

Few invoicing systems allow for electronic and paper invoices to be created, sent, and tracked through the same system. However, Corcentric EIPP can provide this service for clients via a global network of local print hubs – removing the need to print and post internationally. Invoices are sent electronically to the nearest print hub to the customer, printed and delivered from there – saving both time and money.

The shortcut to improving invoicing security

At Corcentric, we can help you swiftly move over to a more secure invoicing process. We can also help onboard customers, migrating them away from a reliance on unsafe invoicing practices as well as reducing their reliance on paper invoices.

Download our guide to Invoice Security for more insight into how Corcentric can improve your invoicing security today.