Security Levels in Electronic Invoice Presentment and Payment


Also known as EIPP, electronic invoice presentment and payment is the method by which a company sends you your service invoice, and allows you to pay this invoice, online. Using the internet for invoice delivery means that EIPP exposes itself to a variety of viruses, hackers and other internet hazards involved in monetary transactions.

Electronic Invoice Presentment and Payment: The Key Issues

Storage: With electronic invoice presentment and payment, a document management system is used to store and generate your invoices online, and on a computer system in a company office. This exposes the invoices to staff at that company, and also intruders to that company office. This danger of EIPP is reduced in most offices by firstly, guarding the computers containing client information with a password, which is changed regularly; and secondly by restricting who may access that office using a security guard, or employing a swipe card system. If EIPP is outsourced to a company such as Corcentric, increased security is offered as they will be familiar with such security issues.

Sending Invoices: Electronic invoice presentment and payment can use two different methods of invoice sending. Firstly, the invoice can be sent as the contents of an e-mail to a customer inbox. This is a less secure method of EIPP because a customer’s e-mail account may be very easy or very difficult to hack, depending on their e-mail provider and their password choice and protection.

Alternatively, EIPP can send the customer an e-mail notification of their invoice, containing a link to that invoice. This link can be guarded with security questions or a password for customer authentication. This method of electronic invoice presentment and payment is more secure because the customer must verify their identity to access their e-mail account, and then further so to view their invoice.

Paying Invoices: Invoices are paid using EIPP by following a link on the invoice e-mail you have received. At this point, caution is necessary as you will probably be asked for your credit or debit card details, and it is impossible to know whether the company you are interacting with are using appropriate security measures with these details, or are even a trustworthy company. To resolve this issue, online banking can be used in conjunction with electronic invoice presentment and payment; where regular payments are made, a direct debit agreement can be made where the money is automatically taken from your bank account.

Alternatively a third party payment system such as PayPal may be employed, whereby you transfer money to an online account and then pay companies you interact with from that account. This is more secure because a corrupt company would only be able to access this third party account, into which you have placed the money you owe.

Document Security in a Paperless Office

For over a decade, the paperless office has been a vision of the future for experts; now, they say, it is nearly upon us. This has become possible with the now abundant use of electronic document distribution in offices everywhere. However, with the paperless office looming, what are the security implications for your invoices and statements?

Security Issues of a Paperless Office

The paperless office and electronic document distribution hold a multitude of advantages for companies and customers alike. The environmental advantages are literally laid out on paper when you consider the contents of your e-mail inbox in paper form, being stored in a filing cabinet. But when stored electronically, in a paperless office, how can you keep those documents secure?

Limit Access: A great way to keep invoices and statements secure in a paperless office is to limit access to the office itself and those documents being sent using electronic document distribution. A paperless office should be accessible only to relevant personnel, who have been security checked. Equally, computers used in electronic document distribution should be password protected.

As a customer, you must take measures to protect invoices and statements which you have received using electronic document distribution. This is achieved by changing your e-mail account passwords regularly, and always using a password which combines numbers and letters, and preferably is not a word found in the dictionary.

Vet Employees: Those working in a paperless office actually have less access to your private details than you might think. Electronic document distribution sends invoices and statements automatically, another reason why the paperless office is favored. This automation means staff will not see your invoices or statements unless you telephone with a query on those documents. For staff to then see the documents you must answer security questions which verify to the computer system that the person accessing your documents has you on the phone, permitting them to do so.

Further security can be achieved in a paperless office with the use of CRB checks on employees who may be given a higher level security access. Although this cannot ensure they will misuse electronic document distribution, as states, criminals are most likely to re-offend, over any other type of felon.

Outsourced Electronic Document Distribution: A company such as Corcentric are experts in the concept of a paperless office and electronic document distribution. Corcentric can help any company who wish to create a paperless office to do so in the most secure and sustainable way.