Suppliers can securely and automatically verify their account payment details through the Eftsure Bank Link (Yodlee) option. The underlying financial system is leveraged to securely verify the Supplier's specified Account Name and Bank Account Number against the Registered Business Name and Trading Names from the New Zealand Business Number (NZBN) Register.
The Bank Link option leverages the regulated compliance requirements that financial institutions must adhere to when accounts are opened by business entities, per section 11 of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (New Zealand), that requires reporting entities (such as banks), to perform Customer Due Diligence (CDD) using supporting formal company documents to identify, and verify the identification of businesses.
Eftsure leverages the internationally recognised Yodlee solution for our Bank Link Supplier Verification process, where Suppliers with appropriate authority to log into their bank can nominate the account where payments are to be paid into by Customers. The account holder's name is cross-referenced against the New Zealand Business Number (NZBN) Register, including registered variations of Business Names and Trading Names, to verify against the Account Holder's details. Yodlee is a global leader in data aggregation, data analytics and consumer-permissioned financial data sharing. Yodlee are also formally accredited for Open Banking by Payments New Zealand, as listed on the Payments New Zealand website. (https://www.apicentre.paymentsnz.co.nz/)
As part of the Yodlee solution, the Supplier logs into their banking portal via Yodlee (or directly into their bank through Open Banking once, supported by the underlying bank). User login credentials are never saved or stored by either Yodlee or Eftsure. This process is fully segregated and external to Eftsure, where we only receive the nominated Account Holder details after the Supplier has selected the account to verify.
Eftsure has additionally completed our standard 3rd party vendor assessment processes, as required under both ISO 27001:2022 and SOC 2 requirements. We evaluated the security posture of the Yodlee organisation and the underlying solution, including receiving their latest penetration tests, where no medium, high, or critical issues were reported.
Yodlee is also certified to multiple internationally recognised security frameworks, including ISO 27001, SOC 2 Type 2 and PCI-DSS. Eftsure has also performed our own authorised penetration testing against the Yodlee solution through a CREST-accredited, independent 3rd party security firm, where there were no medium, high, or critical issues identified.