Settings and activity
2 results found
-
135 votes
Appreciate wanting an update from us here, everyone. We know that having more visibility of when a supplier’s bank account details change is important to you and understand that there are some security concerns around this. This is something our product teams are aware of the appetite for, however we want to be upfront that this feature is not planned in the near future.
While not a direct solution to what you’re asking here, it’s worth noting that the ability to change supplier’s bank account details is limited by the bank account admin permission. Advisors will have access to the Assurance dashboard where you’ll be able to get an easy view of any Contacts whose bank account details have been edited, and you can also view this information running the History and Notes report.
An error occurred while saving the comment An error occurred while saving the comment 
Graeme Teasdale
commented
With the additional requirements of specific cyber security insurance for business' this process is a direct question that gets asked when applying for insurance.
A lack of action by Xero is increasing the cost of business to owners
Xero already has a security alert for employee bank detail changes, why are we still waiting for this to be implemented regarding suppliers.
This is a compliance issue for Xero, and one that currently allows fraud to committed.
Come on, this has been a request for 8 years now!
An error occurred while saving the comment Graeme Teasdale
commented
We recently have had a case of fraud against us by the fact that Xero does not notify other users with credentials to changes in bank account details of suppliers.
As Shaun Walker has advised below, a note or some other notification regarding bank account change is a critical feature to minimise impropriety. Personally I would like to be able to assign to Advisors that they are notified when bank account details are changed to confirm that the change is correct
If, as in our situation, a person who has the security credentials to change bank details, is the only person notified of the change, how does Xero allow the appropriate oversight to ensure that this doesn't happen? It can't.
Under the current system it relies on a individual to go through each individual payment and cross check bank account details, that is exhaustive when batch payments get longer and longer
-
4 votesGraeme Teasdale
supported this idea
·
@Kelly Middleton given you understand the appetite for it from your paying customers and I'm guessing that you understand the security and compliance issues that not having this causes, why does Xero choose not to implement it?
I get an email every time an employee changes their bank account so why can I not with a change to contact bank details?
Regarding the Bank Account Admin Permission and this statement
- If you change any digits of a contact's bank account, you’ll receive an email notification to check that the change is valid.
In this instance, and please correct me if I'm incorrect, but the User who changes the account is the person who gets the email. That is utterly pointless regarding preventing fraud.
As a business owner who has been the victim of fraud due to the actions of an employee at an accounting firm, the above options you suggest are only great after the fact, only after the fraud has been discovered, we are wanting security functionality to prevent fraud. Why does Xero have no appetite to do this?