With Internet security issues top of mind for both users and providers of online services, electronic bill presentation and payment is bound to attract its share of concern. The benefits of receiving bills by e-mail and Web, and paying those bills through convenient online mechanisms, can only be realised if users are adequately protected.
Does changing from paper billing to e-billing increase risk?
Technology alone will not minimise exposure without good Internet security habits.
Alison Wright, sales and marketing director, Striata
We are so used to receiving confidential information through the postal system, that the risk associated with this process has long been accepted and is generally ignored. There is a perception that the postal system, by its very hands-on nature, is not secure, and that an envelope travelling through many hands can easily be lost or compromised. We accept that communication may or may not be delivered intact through this medium.
Sending the same document through an electronic process requires a much more stringent set of rules. Why migrate online if the process is not improved?
The security risks involved in electronic communication are threefold:
One of the key focus areas is the security of billing and payment information passing through the Internet network. While an envelope can be opened by a person in the postal chain, information on the superhighway could be compromised by a host of hacking applications in the hands of threatening types anywhere in the world.
Not only does electronic interaction present `in-transit` risk, there is the even greater risk of your information being stored on a vulnerable server. The majority of fraud is perpetrated using information that has been lifted off a machine that shouldn`t have allowed access.
E-billing requires you to interact (send and receive e-mails and documents) with various organisations, which may also present a virus risk.
How do we realise the significant benefits of e-billing, while safeguarding against virus infestations and maintaining information integrity?
The technology exists to protect users from viruses, but technology alone will not minimise exposure without good Internet security habits. All Internet users, whether from office or home, should be vigilant about opening e-mails, especially attachments, from unknown sources. Updating virus software regularly will provide protection, but the sophistication of the latest virus strains means they spread incredibly quickly and there will be a window period in which there is no patch.
The bottom line is: don`t open attachments from people you don`t know - no matter how much you think you need that Dilbert cartoon.
Making the grade
Protecting information in transit and storage is a factor of which service providers you trust to provide you with electronic bills. In SA, we have minimum requirements to a valid tax invoice, but an organisation can send other information to you without security, and in any format.
The key is to educate yourself as to the minimum security you are willing to accept, and then don`t sign up for electronic bills from organisations that do not meet those standards.
The information should be encrypted between the sending server and your e-mail inbox. If it`s not encrypted, it is available to be viewed by someone who intercepts the e-mail in transit. The likelihood of this happening is slim, but there`s no reason why an organisation should be sending confidential information in the `clear` (unprotected).
There is also no excuse for an organisation that is sending or storing your confidential information to have vulnerabilities in its network security.
The next consideration is: do you require privacy from anyone else using your machine or monitoring your e-mail? If you don`t want your PA to view your electronic credit card statement, then the document needs to be protected by a username and/or password. For documents that are not confidential, this may be unnecessary, but medical health statements, bank statements and itemised telephone billing should be limited to your personal viewing.
To protect yourself against risks on the service provider`s side, only agree to receive electronic bills from trusted organisations. When you sign up for e-billing, ask about the company`s security policy. You want to be sure the firm is protecting your information at every step through the e-billing process.
With the recent fraud cases involving local banks, many service providers have revamped their security procedures to the benefit of all users. Take advantage of the new security features offered by your bank, Internet service provider and within your own organisations.
The benefits of e-billing will far outweigh the risks, as long as users are vigilant, and educate themselves.
Share