Enter your idea

Could we please add this feature? It is very important for security!

I honestly thought this was already happening, until I changed a bank account today and it has only notified me. Needs to be across all payment parts including payroll. Currently anyone can update an account and we could be paying them alot of money. BASIC SECURITY.

This is just basic security!

This should be granular for all payments that can be generated - payroll, super, suppliers etc. Simple fraud is someone altering details and generating payments which look genuine, or are mixed in with other payments in an ABA file or similar.

It has been a glaring hole for years. We have had to remove the ability from multiple staff members to do this, as we cannot be covered for fraud insurance without this basic functionality.

This change needs to be for Supplier and Payroll bank accounts. Thanks

Agree with Les, disappointing this hasnt been addressed.

OK thanks Megan. Hopefully Xero get onto this. The response so far is very disappointing in that they seem more interested in making changes that suit the marketing spiel, rather than building a "grown up"SME accounting system that has much needed controls. I'm really not sure why this is such a big deal to implement.

Hi Les, we had to get our IT company to implement this, otherwise you would have to set up a rule on everyone individually.
We basically set up a rule that says anything that comes through from the xero email that has the reference o "Automatic Xero Alert: Bank account for" in the title to be redirected/forwarded to the relevant email addresses.

Hi Megan,

Thanks for this workaround. Could you please post some more details, eg the menu options to use to access the ability to set a redirect for any email that goes to our staff when they change the Xero bank details to send to a manager.

Cheers, Les

For those following, a partial work around we have found. We have set a redirect for any email that goes to our staff when they change the Xero bank details to send to the managers. This only works on updating bank details, not adding in new ones unfortunately, but its better than nothing. It would be better if we didnt have to set these rules and it was automatic from Xero like with MYOB.

Our auditors have asked us numerous times to enable this in Xero, not understanding that although it is a basic function of most finance software packages, Xero seems to have been left behind. This should be planned and in the near future. A much better use of resources and feature rollout than the recent changes to archiving in files....

Do Xero's competitors, eg MYOB, QuickBooks or SAe have this functionality?

System generated bank changes (e.g. via 3rd party platforms like Dext, Envoice) get pushed through into Xero without oversight, and without a manual review of the contact history, this won't be picked up.

Is this idea ever going to get into the product roadmap (given it was raised in 2015 and it's now 2025)?

A request to add "Files - Bulk export/print attached files" to product development has been accepted, albeit without a timeline. This function is much more important as it is a key day to day internal control to reduce the likelihood of being scammed.

What is needed for this to move to the Development queue?

A request to add "Files - Bulk export/print attached files" to product development has been accepted, albeit without a timeline. This fuinction is much more important as it is a key day to day internal control to reduce the likelihood of being scammed.

What is needed for this to move to the Development queue?

I agree that more than just the changer needs to be alerted to any changes to bank accounts, this is critical to be able to enhance internal fraud control.

This is how fraud is committed every day in business. A main administrator or group of administrators must receive a message if bank accounts are changed. Please Xero make these vital upgrades for your customers!

This is critical to enhance internal controls and prevent fraudulent activities. If an employee changes a supplier account to their own account, how could this be picked up is only the employee is advised that change has been made?

Also, given the risks of an email account being compromised, it is again important that more than one user can be alerted to a change.

I agree with all comments below, it is critical that this functionality is implemented.

In todays climate, this is super important, it would be good to see this feature actioned