Auditors have raised concerns that users creating and saving EFT files could potentially edit those files before transmitting them to the bank for processing. This is considered an unacceptable security risk and we need a more secure workflow.
We would like to remove control as to where an EFT file is created/saved from the user creating the file, and have it saved in a secure network location where only a security admin or someone responsible for transferring that file to the bank will have access.
Andrew Karr
| Company | Oldcastle Materials Group |
| Job Title / Role | PR Admin |
| I need it... | Yesterday...Come on already |
Dear Viewpoint Suggestion Box contributor;
We at Viewpoint sincerely thank you for your contribution to Suggestion Box on how we can improve Viewpoint products. While we can’t do everything at once, we rely upon your feedback to help guide the prioritization of our product improvements, and Suggestion Box is a critical tool for us to understand and prioritize our customers’ needs.
Viewpoint reviews Suggestion Box regularly for all of our products and updates statuses, adds comments, and performs various house-keeping (including deleting) as needed to ensure that Suggestion Box is maintained as a productive environment for product enhancements requests.
© 2023 Trimble Inc. All Rights Reserved. Viewpoint®, Vista™, Spectrum®, ProContractor™, Jobpac Connect™, Viewpoint Team™, Viewpoint Analytics™, Viewpoint Field View™, Viewpoint Estimating™, Viewpoint For Projects™, Viewpoint HR Management™, Viewpoint Field Management™, Viewpoint Financial Controls™, Vista Field Service™, Spectrum Service Tech™, ViewpointOne™, ProjectSight® and Trimble Construction One™ are trademarks or registered trademarks of Trimble Inc. or its affiliates in the United States and other countries. Other names and brands may be claimed as the property of others.
The fact that we are in 2020 and still cannot generate an EFT file from AP with PPD and are told by Viewpoint to manually change an EFT file is completely unacceptable. This should be a standard feature.
One concern is that paying individuals through AP on an EFT requires changing CCD to PPD in the data file. Vista KB requires that adjustment to the data file in order to process payments to individuals as opposed to corporations. The file creation process would need to require an option for CCD or PPD if this were to be locked down for audit purposes.
The proposed solution is precisely what we were thinking - sounds good.
Gary – I don’t think this is going to work. This method would still allow a user to copy the data and paste it into a notepad txt file, manipulate it and upload it.
Can we have a conference call to discuss?
T
Troy Hagen
Director of Information Technology
O 763-262-7017 | C 612-281-3621
troy.hagen@mnlimited.com
Hi Gary,
Instead of changes being audited, I think any file modifications should be audited. Such as creating a file etc. Preferably with the audit log containing the information on the transaction.
Though you would also need a way for naming conventions. Currently, all eft files are created with preftactivetext.aba for example. Though we always save them as <yyMMdd>.aba so they are ordered by sequence. They are also ordered by date then year then month, so all months are together and all years are together.
So maybe another field where you can put text then a date format so we could either have text first then date, or date then text etc.
How's this for a possible solution?
Companies with concerns about access to AP and PR EFT files would be provided an option to specify a secure network location where all EFT files would be created and saved.
This is a significant security risk. Any Vista-generated EFT file should not be able to be modified after it is created.