Credit transfer security
FinDock SEPA Credit Transfer gives you the ability to instruct your bank to transfer money from your bank account to other bank accounts. There are many use cases where this is needed. However, you need to make sure the process of transferring money is secure and auditable.
Both Salesforce and FinDock offer a set of features to secure and audit your SEPA Credit Transfer usage. When implemented well, they provide safety and confidence, helping protect you from fraud and other potentially malicious actions.
This is not a complete overview of all security features, but a set of recommendations and best practices to help you implement what you need. Please be aware that you are responsible for the security at all times.
Data scope
When it comes to securing and auditing credit transfer data, there are certain options in the FinDock payment data model that you should prioritize. Not all fields on these objects are essential, however, below is an outline of the most important items, though this list is not necessarily exhaustive. The full scope needs to be defined by your organization, and should include at least the following.
Installment object credit transfer data
| Field label | Field name | Data type | Description |
|---|---|---|---|
| Amount | cpm__Amount__c | Currency(16, 2) | Full amount to be disbursed. |
| Payment method | cpm__Payment_Method__c | Picklist | Value must be 'SEPA Credit Transfer’ for credit transfers. |
| Payment profile | cpm__Payment_Profile__c | Lookup(Payment Profile) | Shows to which payment profile (of the beneficiary) the installment is linked |
| Payment schedule | cpm__Payment_Schedule__c | Lookup(Payment Schedule) | Shows to which payment schedule the installment is linked |
| Record type | RecordTypeId | Record Type | Value must be ‘Payable’ for credit transfers. |
| Status | cpm__Status__c | Picklist | See here for details. |
Payment Profile object credit transfer data
| Field label | Field name | Data type | Description |
|---|---|---|---|
| Account | cpm__Account__c | Lookup(Account) | Account of the credit transfer beneficiary |
| IBAN | cpm__IBAN__c | Text(35) | Beneficiary's IBAN, which must be an IBAN within the SEPA zone |
Payment Schedule object credit transfer data
| Field label | Field name | Data type | Description |
|---|---|---|---|
| Hashcode | cpm__Hashcode__c | Text(255) | Unique hash of the record, The hash is cleared if status is set back to ‘Scheduled’ |
| Hashcode date | cpm__Hashcode_date__c | Date | Date hash was generated |
| Status | cpm__Status__c | Picklist | Status indicates which stages of the process the payment schedule has passed. |
PaymentHub File object credit transfer data
| Field label | Field name | Data type | Description |
|---|---|---|---|
| Hashcode | proh__Hashcode__c | Text(80) | Unique hash of the payment schedule record |
| Total elements | proh__Total_elements__c | Number(18, 0) | Total number transactions in the payment schedule |
| Total Record Amount | proh__Total_Record_Amount__c | Currency(16, 2) | Total sum of all installment amounts attached to the payment schedule |
| Total Record Count | proh__Total_Record_Count__c | Number(18, 0) | Total number of individual records included in the payment schedule |
Security best practices
Activate / Deactivate FinDock Credit Transfer
The simplest way of preventing fraud is by not having the ability to transfer money. This is why, by default, FinDock Credit Transfer is not enabled for your Salesforce org. It can only be enabled by FinDock. We recommend not enabling SEPA Credit Transfer in your Salesforce org unless you absolutely certain you need it. If you are certain, contact FinDock Support to enable the credit transfer functionality.
Restrict Salesforce Data Access
Salesforce provides a flexible, layered data sharing design that lets admins control access to data. Managing data access enhances security by exposing only the data that is relevant to and needed by users. Use permission sets, permission set groups and profiles to control the objects and fields users can access. Use org-wide sharing settings, user roles and sharing rules to specify the individual records that users can view and edit. For further information, see the Salesforce Help article Control Who Sees What.
Be extra careful with granting permission to delete records.
Approval processes
You can and should define an approval process to govern the execution of credit transfers. This enables users to quickly progress to the next stage and keeps an audit trail of the various stage changes and who approved the transfer. For further information, see Approval processes with Payment Schedules.
Auditing best practices
Auditing provides information about system use and activities which can be critical in diagnosing potential or real security issues. Auditing doesn't secure your org, but they are a critical part of definition and maintaining security. Your organisation should do regular audits to detect potential abuse.
To verify that your org is actually secure, you should perform audits to monitor unexpected changes or usage trends. The following sections provide an overview of the auditing tools that Salesforce and FinDock offer to help you audit the credit transfer processes.
Real-time monitoring
Salesforce Real-Time Event Monitoring gives you access to detailed performance, security and usage data on all your Salesforce apps. See who is accessing critical business data when, and from where in near real-time. You can store the event data for auditing or reporting purposes. You can create transaction security policies using Condition Builder—a point-and-click tool—or Apex code. For details, see the Salesforce Help article Real-Time Event Monitoring.
Hash of the credit transfer file
To help validate that the credit transfer file has not been changed between generation (on ProcessingHub) and uploading to the bank, a hash of the generated file is calculated and stored in Salesforce. The hashcode is stored on both the Payment Schedule in the fields cpm__Hashcode__c and cpm__Hashcode_date__c and on the PaymentHub File record in the field proh__Hashcode__c. When the credit transfer file is uploaded to the bank, the hash of the generated file can be compared to the hashcode as calculated by the banking application.
Comparing counts and totals
When the credit transfer file is being created (by ProcessingHub), FinDock performs two additional quality checks before moving the file to Salesforce. Both the number of records processed and the total amount of the processed records are counted and compared against the resulting credit transfer file. If either does not match the count from the processing job, the file creation is canceled, and FinDock generates an error message in ProcessingHub (viewable through ProcessingHub Manager).
The details of the file that is created and uploaded to your Salesforce org are stored on a PaymentHub File record. On this record you can find:
- The payment schedule used to create the file
- The related installment records
- The number of records in the file
- The sum of the amount to be transferred
- The hash of the file
- The actual file that was created
Every step of the credit transfer process is based on your data. This means you can use this data to implement your own checks and auditing on the credit transfer process by comparing the count of records and totals attached to
- the Payment Schedule,
- the credit transfer file,
- the PaymentHub File record
- the Transaction record from your bank statement confirming the credit transfer by the bank.
Salesforce Record Modification Fields
All objects include fields to store the name of the user who created the record and who last modified the record. This is useful basic auditing information.
Salesforce Login History
You can review a list of successful and failed login attempts to your org for the past six months. For more information, see the Salesforce Help article Monitor Login History.
Salesforce Field History Tracking
You can also enable auditing for individual fields, which automatically tracks any changes in the values of selected fields. For more information, see the Salesforce Help article Field History Tracking.
Field history data is retained for up to 18 months through your org, and up to 24 months via the API. Field Audit Trail, however, lets you define a policy to retain archived field history data up to 10 years from the time the data was archived. This feature helps you comply with industry regulations related to audit capability and data retention. For details, see the Salesforce Help article Field Audit Trail.
Salesforce Setup Audit Trail
Administrators can also view a Setup Audit Trail, which logs when modifications are made to your org’s configuration. For details, see the Salesforce Help article Monitor Setup Changes with Setup Audit Trail.
Salesforce Recycle Bin
When you allow certain users to delete records of certain objects, you can find those records in the Salesforce Recycle Bin.
As an admin, you have access to your own Recycle Bin and the Recycle Bin of the Salesforce org. You can view, restore and permanently delete records in the Recycle Bins. Use list view functionality to sort and filter to find the records you need and get insights into who deleted those records. For details, see the Salesforce Help article Recycle Bin.