Anti-fraud tools adapted to your needs
Your treasury and financial transaction management program must ensure the security of your data, whatever your organisation and the geographical scope of its activity. In particular, the authentication of users and their rights, as well as order validation procedures, must be sufficiently stringent for your needs.
Allmybanks offers the following anti-fraud features:
The access to Allmybanks is secured by a strong authentication. To login, the user must enter two strong factors of authentication from the following three: something they know (like a password), something they own (like a FIDO key) or something they are (like facial recognition).
We offer many ways of authenticating in Allmybanks: our clients are free to choose between the two factors they want to use.
Dans le logiciel Allmybanks, les habilitations d’utilisation permettent de limiter les transactions autorisées pour un utilisateur ou un ensemble d’utilisateurs. Authorisations are defined for:
- Financial instruments (bank account, intercompany account, financing, and so on)
- Transaction types
- Action types
The software uses the idea of a profile to assign rights to a user based on a standard profile saved in the system. The administrator and all persons who have user creation and modification rights can manage set-up rights independently (creating or deleting users, preferences, accounts, and so on.) They can create or edit users and their rights without seeking confirmation from anyone else. As soon as a user logs in, they have immediate access to the functions they are authorised to use. Equally, if the administrator deactivates some or all of the functions for a user, this deactivation takes effect immediately. The administrator’s actions may also be subject to the validation of a security administrator (see “Rules for managing the reference database” below).
Managing signing authorities and the order validation workflow
Managing signing authorities within Allmybanks can be configured on three levels:
- Groups of signatories, comprising those persons with the same level of authorisation to validate and sign orders
- Validation ceilings, setting the amounts a particular signatory is authorised to validate (or sign for if the digital signature is activated)
- Signature rules, which define, for a specific range of amounts and type of order, the type and number of validations and signatures needed for the remittance to be sent to the bank
When you have defined the workflow rules that correspond to your requirements, they are automatically applied to every remittance entered online or sent from your management software.
Individual digital signature
In Allmybanks, files can be signed individually with a digital signature (X509 certificates, 3SKey type) by authorised signatories before being sent to the bank.
When the file is signed (on PC or Mac), Allmybanks verifies that the certificate is the same as the certificate designated in the profile of the signatory.
The bank receives a signed file (by one or two signatories), and its processing chains can then check whether the signature certificate conforms with the payment authorisations saved in its own information system.
These signature certificates can be obtained from a certification authority or from one of your own banks.
Rules for managing the reference database (4 or 6 eyes)
Allmybanks offers the choice of partial or total monitoring of your database by one or more security administrators (the 4 or 6 eyes principle).
This means that any changes to the most sensitive data in your database will require the validation of one or more designated supervisors. Such changes include:
- Creating and modifying users
- Creating issuing accounts
- Creating issuing companies
- Creation and modification of third-party accounts
Traceability and log
Of user actions
Allmybanks automatically generates an audit trail of actions performed by users in the software. This log, which is time and date stamped, shows all user actions in chronological order and lists the public IP address, as well as the details of actions carried out by each user.
Of transactions sent
Allmybanks automatically generates a log of the actions carried out by users of the application. Allmybanks can receive the following: PSR, ACK, ARA, DLV. Whether you use the EBICS banking communication or SWIFT protocols, the status of your orders is automatically updated in AMB Connect thanks to the receipts sent by your banks.
The Allmybanks payment and treasury management software contains a book of rights and signing authorities, as well as a list of account parameters.
Third party control
Allmybanks interfaces with our partner platforms Trustpair and Sis ID to monitor your third parties at all stages of your payments.
This feature aims at detecting fraudulent bank accounts within your payment files (SEPA transfers, international transfers).
When validating your remittances, Allmybanks connects to the platform you have subscribed to in order to check the bank details of the third parties and display the result of the checks directly in Allmybanks.