Enhanced security offering the right protection for you with Allmybanks
Your treasury and financial transaction management program must ensure the security of your data, whatever your organisation and the geographical scope of its activity. In particular, the authentication of users and their rights, as well as order validation procedures, must be sufficiently stringent for your needs.
The Allmybanks software contains the following features to set up and monitor security:
The access to Allmybanks is secured by a strong authentication. To login, the user must enter two strong factors of authentication from the following three: something they know (like a password), something they own (like a FIDO key) or something they are (like facial recognition).
We offer many ways of authenticating in Allmybanks: our clients are free to choose between the two factors they want to use.
It’s possible to access to our applications thanks to biometric recognition. With a suitable camera or a fingerprint reader, easily scan your face, your iris or your fingerprint to connect to Allmybanks.
It’s a USB key-like that contains a unique encrypted identifier. Easy to find commercially and to use, you only have to plug it after having paired it to your Allmybanks account to login. You don’t have to renew it.
Login and password
The combination login+password is another way to access our software.
In Allmybanks, user authorisations allow you to limit authorised transactions for a user or group of users. The number that has to be entered and the digits on the keypad change with each connection.
The personal digital certificate is a digital identity document. It contains identification information and cannot be falsified. It’s issued by a recognised authority (ex: SWIFT, Certinomis, etc.).
In addition to these five authentication systems, Allmybanks can limit access to the application by IP address.
A range of IP addresses can be defined for each user from which they are authorised to log into the application. If these settings are not activated, the application will monitor the location of each connection to the software by default. Allmybanks will detect an unknown IP address and require the user to reconfirm their identity by entering a security code.
In Allmybanks, user authorisations allow you to limit authorised transactions for a user or group of users.
Authorisations are defined for:
- Financial instruments (bank account, intercompany account, financing, and so on)
- Transaction types
- Action types
The software uses the idea of a profile to assign rights to a user based on a standard profile saved in the system.
The administrator and all persons who have user creation and modification rights can manage set-up rights independently (creating or deleting users, preferences, accounts, and so on.) They can create or edit users and their rights without seeking confirmation from anyone else. As soon as a user logs in, they have immediate access to the functions they are authorised to use. Equally, if the administrator deactivates some or all of the functions for a user, this deactivation takes effect immediately.
The administrator’s actions may also be subject to the validation of a security administrator (see “Rules for managing the reference database” below).
Managing signing authorities within Allmybanks can be configured on three levels:
- Groups of signatories, comprising those persons with the same level of authorisation to validate and sign orders
- Validation ceilings, setting the amounts a particular signatory is authorised to validate (or sign for if the digital signature is activated)
- Signature rules, which define, for a specific range of amounts and type of order, the type and number of validations and signatures needed for the remittance to be sent to the bank
When you have defined the workflow rules that correspond to your requirements, they are automatically applied to every remittance entered online or sent from your management software. Find out more
In Allmybanks, files can be signed individually with a digital signature (X509 certificates, 3SKey type) by authorised signatories before being sent to the bank.
When the file is signed (on PC or Mac), Allmybanks verifies that the certificate is the same as the certificate designated in the profile of the signatory.
The bank receives a signed file (by one or two signatories), and its processing chains can then check whether the signature certificate conforms with the payment authorisations saved in its own information system.
These signature certificates can be obtained from a certification authority or from one of your own banks.
Allmybanks offers the choice of partial or total monitoring of your database by one or more security administrators (the 4 or 6 eyes principle).
This means that any changes to the most sensitive data in your database will require the validation of one or more designated supervisors. Such changes include:
- Creating and modifying users
- Creating issuing accounts
- Creating issuing companies
- Creation and modification of third-party accounts
- Of user actions
Allmybanks automatically generates alogof the actions carried out by users of the application. This log, which is time and date stamped, shows all user actions in chronological order and lists the public IP address, as well as the details of actions carried out by each user.
- Of transactions sent
The inclusion of this feature means you will no longer need to contact your bank to find out the status of your remittances. Allmybanks can receive the following: PSR, ACK, ARA, DLV. Whether you use the EBICS banking communication or SWIFT protocols, the status of your orders is automatically updated in AMB Connect thanks to the receipts sent by your banks.
- Of parameters
The Allmybanks payment and treasury management software contains a book of rights and signing authorities, as well as a list of account parameters.
Allmybanks interfaces with our partner platforms Trustpair and Sis ID to monitor your third parties at all stages of your payments.
This feature aims at detecting fraudulent bank accounts within your payment files (SEPA transfers, international transfers).
When validating your remittances, Allmybanks connects to the platform you have subscribed to in order to check the bank details of the third parties and display the result of the checks directly in Allmybanks.