TIPS & BEST PRACTICE 08. DEC 2016
To make long-term savings through electronic invoicing means preventing manipulation
Big potential savings and new risks through automated invoicing
Big savings can be achieved by automating the process of sending out invoices and not having to print them, put them in envelopes and pay for the postage. A study by Deutsche Bank* calculates the added cost to the service provider of a paper invoice to be around €6.40. The potential savings for the recipient are even greater, averaging €10.90 per invoice. For data to be directly processed in digital form without the need to switch media clearly represents an increase in efficiency.
The move to electronic invoicing is accompanied by new potential risks, however. Cybercriminals have developed scams for making money out of electronically transmitted invoices. In the October edition of its member magazine, the Brandenburg Chamber of Industry and Commerce warned against the dangers of manipulated invoices. This type of cybercrime, known as payment diversion, is becoming more and more widespread.
Without digital signatures, sender and recipient can not detect the manipulation of emails
Electronic invoices are vulnerable to lucrative man-in-the-middle attacks
Fraudsters gain access to email traffic, intercept emails and alter their contents; suddenly an invoice email contains a message about new bank details. The recipient cannot tell that it was added by scammers after the email was sent and makes the payment into the new bank account.
Any queries about the manipulated email invoice are also intercepted and doctored. The business partners remain unaware of the meta-communication that has been established between the fraudster as the man-in-the-middle and the recipient and sender of the invoice.
Digital signatures and encryption provide protection against fraud
Scams like these stand no chance of success if the sender and receiver use electronic signatures, because a security alert would be triggered on receipt of the email if its content had been altered after it was sent. Communication is made even more secure when emails are encrypted.
Signatures and encryption are both easy to implement with Z1 SecureMail Gateway, even when invoices are being produced in large quantities by automated systems. In this way, you can rest assured that the savings you make through electronic invoicing aren’t being turned into losses through cybercrime. Rely on us for specialist advice!
* Source: „E-Invoicing – Krönung einer effizienten Rechnungsbearbeitung“ by Deutsche Bank Research