Electronic business and financial electronic transactions have become the norm in many parts of the western world today. In the UK for example, the HM Revenue and Customs service has recently issued an edict stating that from 1 April 2012 “virtually all” VAT customers will be required to file VAT returns online.
Amusingly perhaps, the HMRC issued this notice on paper sent by traditional post, but let’s not harbor on that point; business has gone online and we all know it. Electronic commerce brings with it inherent new data risks due to where and when (and by whom) transactions themselves are carried out.
Electronic business risks
“Of course, no business owner would normally write up and sign off a load of blank checks and then leave them in somebody else’s hands. But that is effectively what happens when the power to make payments is handed over to the accounts department or an office administrator of some kind. It is at this point that the business should look to ensure that systems are in place to control the movement of funds and that appropriate levels of authorization and control have been met,” said Daniel Hyde, is an international tax advisor at Westleton-Drake.
They say that with great power comes great responsibility; in this situation it’s more a case of with just a little purchasing power comes great responsibility. Leaving one or more of your employees in control of the opening and closure of the “money pipe” into and out of the business has risks. Realizing this basic business truth and addressing security policies for usage as well as authorization controls is a prerequisite.
Phishing fraud
The truth is that the banking and investments market along with the taxation and revenue services have all been exploited for potential usage in phishing scams quite prolifically in recent years. If a firm has any questions as to the authenticity of communications they receive, then first steps should always be visit the official websites of the organizations they deal with where policy statements will generally always exist
To pick one international bank purely for the sake of example, HSBC immediately advises customers to: “Stop. Don’t click on any links. Don’t open any attachments. Just forward the email to phishing@hsbc.com – We’ll investigate it.”
HSBC offers more information on phishing saying that these scams often manifest as email requests asking the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PIN numbers, etc.
“Financial authorities, as we stand today, will never ask for personal information via email and never suggest that (for example) tax refunds are due over web-based mail services. Common greetings such as ‘Dear Taxpayer’ (or other openings) are obvious signs to look out for and should raise suspicion levels immediately. Once again it comes back to systems, using formal (boxed and branded if you prefer) accountancy packages and accountancy services is a small to medium sized business’s best means of insurance for financial data safety,” said Westleton-Drake’s Hyde.
Systems and electronic finance security are then, it appears, inextricably linked.
No comments:
Post a Comment
Please Register to Leave Your Comments and Feedback here!