How Remote Payment Services Keeps Your Payment Information Secure

What are Remote Payment Services (RPS)?

Companies are finding that they no longer want to print, sign, stuff, and mail payments like they have done for nearly 100 years. Instead, AP leaders are looking to outsource this labor-intensive task to improve efficiency, security, and to enable remote workflows.

Mekorma’s Remote Payment Services allows Dynamics GP users to keep payment batch creation and approvals within the ERP, but then transmit the data to an outsource provider who will send the actual payments.

Our Remote Payment Service providers can print and mail traditional paper checks on your behalf and give your vendors choice to move to more secure electronic payment methods (like ACH and virtual credit cards).

Of course, you need to know how your payment data is protected every step along the way. This article aims to explain the various security protocols you can depend on before, during and after transmission.
Graphics-13.png


How does Mekorma protect my information?

Mekorma software takes advantage of Dynamics GP’s built-in security model. Only those users with permissions can see, report, and work with payment data based on their roles. This means only authorized users can approve or send payments to the outsource provider’s platform.

Secure Approval Workflow

Mekorma enhances Dynamics GP security through the Payment Hub’s secure approval workflow. You can configure multi-level thresholds to ensure the appropriate users approve payments in GP before they’re available to send to the outsource provider for further processing.

Whether you process payments in-house or through our outsource providers, we recommend utilizing Mekorma approval workflow for maximum security.

Connecting to Remote Payment Services

When Mekorma sends transactions from Dynamics GP to one of our provider’s platforms, we use security methods typically used by transaction providers:

  • Credentials to access the provider’s API are stored encrypted in the database. They are only decrypted when needed for authentication and are never displayed to the user or accessible in a report.

  • Credentials are used to access an authentication server to obtain an authorization token.

  • The token is valid for a limited time (time varies with the provider) and is used to access the provider’s API.

  • Communication with both servers is encrypted and secured using TLS 1.2 or newer.

We take security seriously to protect our endpoints.
 


How does the Remote Payment Services provider protect my information?

Mekorma’s Remote Payment Connector integrates Dynamics GP with the AvidXchange and Corpay (formerly Nvoicepay) platforms. Both providers encrypt the transaction data before it is sent and also during transmission.

AvidXchange has adopted the following industry standards:

  • AICPA (SOC Compliance)

  • FFIEC

  • ISO (27001, 27002, and 31000)

  • NIST (SP 800-53 and SP 800-30)

  • pci DDS

  • NICST CSF

Corpay has adopted:

  • AICPA (SOC 1, 2, and 3 Compliance)

  • IAASB ISAE No. 3402 Standards

Both companies invest heavily to protect your data when it’s at rest and in transit. Additionally, they provide ongoing threat assessment and 24x7/365 security operations staff to protect your business continuity even in times of disaster.

Corpay and AvidXchange can provide detailed standards reports and validations – you may be required to sign an NDA to access that information.

Secure, for you.

Mekorma takes security of your data very seriously and we’ve partnered with companies that adhere to the highest standards. If you need specific information that is beyond the scope of this document, please contact us at sales@mekorma.com and we can assist you.