Taking the fight to the fraudsters (Sponsored)

Oct 02, 2018
Confirmation is investing heavily to provide auditors with the safest and most secure confirmation service.

As online data security and privacy concerns continue to dominate headlines, there’s a growing demand in Ireland and across the EU to store sensitive data locally. The advent of the EU General Data Protection Regulation (GDPR) has amplified this sentiment.

Confirmation – the world’s leading audit confirmation platform – serves top audit firms and banks in Ireland and its customers have echoed this local-approach message.

The company opened a new data centre in Ireland earlier this year, bolstering its security offering to European customers by having their data stored within the EU. The new facility is a direct response to customer feedback, as Dan Zangwill, Chief Security Officer at Confirmation, explains: “We’ve created such a secure platform over the last 18 years that adding the local data centre in the EU is less about specific security concerns and more about meeting the needs of our European users. Putting aside political agreements, regulations, and contracts that do permit the overseas transfer of EU data abroad, European customers have a strong preference to retain data within the borders of the region. Confirmation understands the underlying reasons behind this, and we’re happy to accommodate them.”

“It’s becoming so common for companies to require their data to be held locally,” adds Confirmation’s Chief Information Officer, Suresh Babu. “This is just the latest step we’ve taken to increase our commitment to our European customers. With an office and sales teams across the region, we’re looking forward to making an even bigger impact here in 2019.” 

Confirmation stays on top of technology and security trends, and it was well-prepared for GDPR implementation. In fact, according to Zangwill, the impact of GDPR has actually been favourable for Confirmation and its clients. “GDPR is an important step forward in streamlining data protection requirements across the EU, and it’s an opportunity for our organisation to strengthen our commitment to data protection at the global level,” he says. “GDPR hasn’t really made much of a noticeable impact on customers, but it has provided useful guidelines for our marketing and sales teams and ensures that customer data protection and privacy is always at the forefront of our thinking.”

In addition to GDPR requirements, Confirmation has put in place a number of security measures to ensure compliance with other EU- and UK-specific regulations. “The vast majority of our changes have been internal and have dealt with policy changes that strengthen data protection within the organisation through assessing risk and implementing appropriate data loss prevention controls to mitigate these risks,” says Zangwill.

Zangwill advises other companies to adopt basic best practices as a first line of defence in the battle against cybercrime and fraud. “In terms of infrastructure, implementing strict access control processes, intrusion prevention systems, and an in-depth defence architecture are all key ingredients to reducing risk,” he says. “Lastly, automated vulnerability testing, manual ethical hacking and static source code scanning are all essential to protecting against both traditional and creative cybersecurity attempts.”

“Keep an eye on what’s happening in the world and adapt your policies and procedures to that,” Babu adds. “Staying one step ahead of the bad actors out there requires a nimble and creative team to anticipate today’s threats, but is well worth the investment.”

While moving traditional, paper-based processes to digital platforms can pose risks, Zangwill points to greater risks and deficiencies in traditional ways of working. “The primary risk is always around validating the users involved in the sharing of information,” he explains. “The traditional email, post, and fax-based methods of processing audit confirmations are very susceptible to fraudulent activities, as there is really no sound way to verify the identities of participants in the transaction. It’s simply a piece of paper in the mail with signatures, not all of which can be independently verified.”

Confirmation addresses these vulnerabilities by providing a secure platform with comprehensive authentication and authorisation protocols to verify the identities of requestors and responders and to validate their position at the firm or bank. “We verify our users with a number of proprietary methods that are performed at the point of registration and on a percentage of the existing user base annually, so that everyone is re-verified on a regular, rolling basis,” Zangwill adds. 

“Additionally, we are independently audited on these processes semi-annually as part of our SOC 1 examination. We know who the people are at each end of the transaction. It’s not just a piece of paper with a signature on it that can’t be verified and can be easily intercepted. This greatly reduces the risk of interception or fraud.” All these efforts are further underpinned by the use of distributed ledger technology, Babu adds. “Confirmation is already using blockchain technology to enhance security and further reduce the risks associated with taking processes digital.”

Confirmation has taken a straightforward and proactive position on global data protection, Zangwill concludes. “Everything changes, and the EU is not the only place challenging web-based industries. We protect data using top-tier encryption methods, create strict internal processes around access control, and, most importantly, respect the rights of our users by only using their data in the manner they have intended. These three building blocks are at the heart of being able to adapt quickly to the ever-increasing demands of protecting our users’ data and privacy.”

A solution for the confirmation process

More than 125,000 auditors around the world use Confirmation’s digital platform to make their work faster, easier, and more secure. The application allows accounting firms and banks to control the audit confirmation process from start to finish by securely connecting auditors, clients, and third-party responders such as companies, financial institutions and law firms.

Founded in 2001 by Brian Fox, Confirmation is now the world’s leading provider of online audit confirmations. While working with two of the Big Four accounting firms, Fox experienced first-hand how the paper-based process was both inefficient and open to a high risk of fraud. In 1999, that led him to put together a business plan that outlined how internet-based software could replace the conventional paper-based confirmation process.

He established Confirmation two years later to improve the audit confirmation process for the accounting and banking professions. The company initially focused on developing the infrastructure for the world’s first secure online confirmation clearing house. At the same time, a number of high-profile fraud cases put a spotlight on the inherent weaknesses of the paper-based process and the accounting profession realised more had to be done to prevent confirmation fraud.

In subsequent years, Confirmation provided the leadership, expertise and a powerful solution to meet the challenges presented by the ongoing evolution of accounting standards. Today, Confirmation is the most trusted name for secure online audit confirmations worldwide. The application and website are available in several languages including English, Spanish, Portuguese, French, German, Japanese and Chinese.