I have this question too. It isn't related to actual problems, but is related to risks of scammers posing as an employee or supplier on email and requesting their payment details be updated to a different bank account.
Our auditor has identified this as a fraud risk, and informs us that other mainstream accounting software can provide an alert to users if a supplier or employee bank account gets changed for online payment details.
So I'm wondering if this is proposed for development sometime soon by Reckon? (Otherwise our auditor will likely recommend to our board every year that we change accounting software to one that does this already.)
I have seen this type of fraud, but not within a program, more along the lines of emails containing invoices being intercepted and bank information being changed and then sent
Yes that's the issue we were asked to consider, and not external hacking of the software. The auditor's point was having an extra layer to protect us if one employee is convinced by a scammer and makes the change based on a fake invoice or similar. The alert or report would help the manager approving the batch to intervene and check that it was legit to make changes to the bank accounts before releasing payments. They knew of an example where it had happened and been significant funds involved.
In our case we almost had it happen where the payroll officer believed they were communicating with a staff member on email about changing their primary bank account for payroll. After this we made it policy for staff to independently contact a staff member or supplier to verify they had generated the request, but the auditor is also looking for some sort of audit trail or report as well.
If there is a report in Reckon already that does this that would be great.
Some very interesting discussion here and quite important too with the evolving nature of fraudulent activity out there. As @Kris_Williams has also mentioned, I've come across some reports in the media where bank details have been altered after an email account was compromised.
In regard to Reckon Accounts Hosted, currently the Audit Trail is as close as it gets to providing a 'paper trail' so to speak of user activity. I will however send some of the points made here to our Hosted product team. I can't say that we'll be making any changes in near future or even if the codebase would allow this kind of implementation however its certainly worth consideration.
Not to my knowledge..
Looking at a couple of potential fraudulent activities mentioned above the biggest threat is a fraudulent "change of bank account details", I never act on email advice. Whenever I receive notice of a change of bank account I always ring the supplier/employee concerned and confirm the change independently. I have never had anyone who has objected to me doing this. (Sadly I must own up to not being so diligent the first time I enter a suppliers/employees details. 😥 Clearly I need to re-consider my habits in these instances.)
Also, have a look at your electronic banking program. Some banks have a flag which notifies anybody who is involved with the setting up/signing off of payments of details of any new payee, any change of payee details or any payment to an "inactive" supplier. This should serve as a reminder for those involved to be have a second look at what is happening.