…continued
How secure is e-billing?
By Alison Treadaway

Security is now top of mind for many organizations, thanks to the recent e-banking fraud and various virus infestations. But what efforts are being made to provide secure e-billing?

With Internet security issues top of mind for both users and providers of online services, electronic bill presentation and payment is bound to attract its share of concern. The benefits of receiving bills by email and Web, and paying those bills through convenient online mechanisms, can only be realized if users are adequately protected.

Does changing from paper billing to e-billing increase risk?

We are so used to receiving confidential information through the postal system, that the risk associated with this process has long been accepted and is generally ignored. There is a perception that the postal system, by its very hands-on nature, is not secure, and that an envelope traveling through many hands can easily be lost or compromised. We accept that communication may or may not be delivered intact through this medium.

Sending the same document through an electronic process requires a much more stringent set of rules. Why migrate online if the process is not improved?

The security risks involved in electronic communication are threefold:

One of the key focus areas is the security of billing and payment information passing through the Internet network. While an envelope can be opened by a person in the postal chain, information on the superhighway could be compromised by a host of hacking applications in the hands of threatening types anywhere in the world.

Not only does electronic interaction present 'in-transit' risk, there is the even greater risk of your information being stored on a vulnerable server. The majority of fraud is perpetrated using information that has been lifted off a machine that shouldn't have allowed access.

E-billing requires you to interact (send and receive e-mails and documents) with various organizations, which may also present a virus risk.

How do we realize the significant benefits of e-billing, while safeguarding against virus infestations and maintaining information integrity?

The technology exists to protect users from viruses, but technology alone will not minimize exposure without good Internet security habits. All Internet users, whether from office or home, should be vigilant about opening e-mails, especially attachments, from unknown sources. Updating virus software regularly will provide protection, but the sophistication of the latest virus strains means they spread incredibly quickly and there will be a window period in which there is no patch.

The bottom line is: don't open attachments from people you don't know - no matter how much you think you need that Dilbert cartoon.

Making the grade

Protecting information in transit and storage is a factor of which service providers you trust to provide you with electronic bills. In SA, we have minimum requirements to a valid tax invoice, but an organization can send other information to you without security, and in any format.

The key is to educate yourself as to the minimum security you are willing to accept, and then don't sign up for electronic bills from organizations that do not meet those standards.

The information should be encrypted between the sending server and your e-mail inbox. If it's not encrypted, it is available to be viewed by someone who intercepts the e-mail in transit. The likelihood of this happening is slim, but there's no reason why an organization should be sending confidential information in the 'clear' (unprotected).

There is also no excuse for an organization that is sending or storing your confidential information to have vulnerabilities in its network security.

The next consideration is: do you require privacy from anyone else using your machine or monitoring your e-mail? If you don't want your PA to view your electronic credit card statement, then the document needs to be protected by a username and/or password. For documents that are not confidential, this may be unnecessary, but medical health statements, bank statements and itemized telephone billing should be limited to your personal viewing.

To protect yourself against risks on the service provider's side, only agree to receive electronic bills from trusted organizations. When you sign up for e-billing, ask about the company's security policy. You want to be sure the firm is protecting your information at every step through the e-billing process.

With the recent fraud cases involving local banks, many service providers have revamped their security procedures to the benefit of all users. Take advantage of the new security features offered by your bank, Internet service provider and within your own organizations.

The benefits of e-billing will far outweigh the risks, as long as users are vigilant, and educate themselves.

This article was opened in a new window. Close this window to return to Striata Learning.