Skip to content
← Security & support

Enter your idea

Security & support: Security

Categories

Invoices: Ability to have password protected email invoices

As is frequently reported in the news, cybercrimes are prevalent and increasing. In light of a security incident experienced by one of our own clients - additional security measures to avoid cyber security issues need to be addressed.
Being able to safely send invoices electronically that have some type of protection on them is of utmost importance.

One small step that can easily be made within Xero is to remove the word 'Invoice' from the subject line of the email which basically can lead hackers to where the dollars are.
This can be updated in your email settings- however secondary security is also of importance.
Please consider additional security for protecting invoices.

16 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jodi Herbein shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Gaining Support  ·  AdminDavina Roper (Admin, Xero) responded  · 

Thanks so much for taking the time to share this idea with us.

We’ve now moved it to our Gaining support stage. This means it’s on our radar and we’ll be keeping an eye on how much interest it gets from other Xero users.

The best next step is to encourage any friends or colleagues who’d also benefit from this to add their vote and a short comment on how it would help them. More support and real‑world examples make it easier for our product teams to understand the impact when we’re prioritising future work.

While we can’t promise if or when this will be built, your feedback genuinely helps shape what we focus on next, so thank you again for sharing it 🙂.

Show previous admin responses (1)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Sharon Spouse commented  ·   ·  Report

    When sending invoices to mark the email sensitivity to private or confidential.

  • Jean Sutherland commented  ·   ·  Report

    I recently spoke to a client who was scammed when an invoice emailed from a new supplier was intercepted and the bank account details changed on the pdf.

    I tested a pdf Xero invoice and it is possible to do this.

    Has any consideration been given to pdfs being able to be secured before sending? Or (and I don't know if this is possible) being able to secure certain fields e.g. the bank account appears in our template footer so can that area be secured?

  • Lewis Rosenberg-Smith commented  ·   ·  Report

    If Xero users are required to authenticate their logins it would make a lot of sense for invoices sent from Xero to require authentication, or another layer of security before they can be viewed. Whether its a code sent via SMS or an app, it would set Xero apart from a security standpoint for customers to know that if an email account of an invoice recipient is compromised there is still one further step stopping them from accessing an invoice template.

  • Tania Brussow commented  ·   ·  Report

    Business critical, especially with fast increasing cyber crimes and protection of privacy laws becoming more strict.