Sage partner Peresoft has released Cashbook Version 2026, with added security features to reinforce EFT payment security and streamline audits.
Bobby Perel, Managing Director of Peresoft, says the new features address growing demand in the market, as EFT fraud becomes increasingly sophisticated.
According to the South African Banking Risk Information Centre (SABRIC), digital banking fraud remained the most dominant financial crime channel in 2024, accounting for 65.3% of reported incidents. The number of cases almost doubled in volume to 64 000 in 2024, while losses increased to over R1.4 billion.
“Secure payment processing can no longer rely on simple file creation and manual uploads. True EFT security requires control not only over the payment batch, but also over the underlying data and the method used to deliver payments to the bank.”
Cashbook delivers this through a combination of strong authorisations and Secure File Transfer Protocol (SFTP), ensuring that EFT payments are protected from the moment they are created through to final processing by the bank.
From creating an EFT payment batch, verifying and authorising payee and vendor account details using Peresoft’s Miscellaneous EFT Authorisation, approving the payment batch itself, and finally sending the payments via SFTP to a secure site where the bank fetches the file automatically, every stage is controlled and protected.
Authorisations and enhanced audit trails
Perel explains that the latest Cashbook release will address risk with a new verification process and multiple authorisations for vendor details, with features to address auditor concerns about vendor information accuracy.
“Our Miscellaneous EFT Authorisation is very similar to our existing authorisation process. Whoever enters in the vendor details will be able to send through a notification to the person above them to go and verify and authorise these details, with an audit trail of that process, so that these vendor details can’t just be changed. The enhanced security extends beyond the payment batch itself. Critical set-up data – such as vendor bank accounts, payment methods and other sensitive control values used in EFT processing – must be authorised before they can be used. This ensures that payment batches cannot be created using unauthorised or manipulated master data. This approach guarantees that neither the payment account details nor the payment amounts can be tampered with before collection by the bank. It provides complete control, full traceability and peace of mind – all from within Cashbook.”
He explains that once a payment batch is created, it is locked and cannot be sent to the bank until it has been authorised by the designated approver(s). Authorisation rules can be configured according to company policy, including user-specific limits, multiple levels of approval and optional one-time password (OTP) verification.
“Vendor bank details are effectively locked to their authorised values, and any change requires a further authorisation before it can be used in a payment batch. This prevents internal fraud, configuration tampering and accidental errors that could redirect funds.”
“Authorisations add a critical control layer by ensuring that no payment batch can be released without the required approval. This enforces proper segregation of duties and removes the risk associated with a single user controlling the entire payment process.”
“Authorisations ensure that the entire payment process, including both the payment batch and the data it relies on, has been reviewed and approved. A full audit trail is maintained, meeting governance, compliance and audit requirements.”
Authorisations have been a highly requested feature, and with the new capability to attach supporting documents within Cashbook, audits are more streamlined because less back-and-forth communication is required.
Enhanced security with SFTP
Perel notes that using SFTP in conjunction with authorisations prevents EFT files from being viewed, edited or compromised before they reach the bank. “We view SFTP as the future,” he says.
Many EFT systems still rely on generating text files that users manually upload through online banking. These files are vulnerable: once created, they can be altered intentionally or accidentally before submission.
“With SFTP, the EFT file is never exposed to the user. Cashbook supports encryption and automatically transmits the authorised payment batch directly to a secure SFTP location. The bank then automatically fetches the file and posts it to the client’s account, without requiring any online banking login or manual upload.”
All records are validated, encryption is applied where configured and hash totals are enforced to ensure data integrity. If the payment batch does not balance back to the original hash total, it cannot be processed. The bank returns a processing report confirming whether the batch was accepted or identifying any rejected entries. Cashbook reads this report and automatically creates an error batch that the user can correct and re-post.
“This method provides the highest level of EFT security currently available, while also being the simplest and most controlled way to submit EFT payments. Most major banks in South Africa now support SFTP-based EFT processing.”
Proper EFT security from start to finish
With authorisations and SFTP, Cashbook now delivers a closed and secure EFT payment process in which:
- Payment batches cannot be sent without approval.
- Vendor and payee details cannot be changed without authorisation.
- Hash totals and encryption ensure data integrity.
- EFT files are never exposed to users.
- Payments are securely transmitted and fetched by the bank.
“Without balancing back to the original hash total, a payment batch cannot be posted. Without authorisation, vendor details cannot be used. Without SFTP, files are created locally and exposed to manual handling. This layered approach ensures proper security, protection against fraud and user error, and complete confidence that payments processed are exactly the payments approved.”
Share
