Tips for the Safe Implementation of Electronic Bill Pay

Considering that billions of dollars are moved to and from electronic accounts every day, it’s safe to say that online financial transactions aren’t exactly new. Every minute, Americans spend around a half-million dollars on online retail, and they permit even greater sums to sit as digital dollars and cents in online bank accounts. Yet, even though e-commerce has been around for well over a decade, using the web to pay bills is relatively new - and remarkably uncomfortable for many Americans. 

Businesses and banks began integrating EBPP (electronic bill presentiment and payment) into their online customer interfaces about three years ago. The service allows customers to skip inputting card numbers or creating electronic checks; instead, they can use a portal to make one-time and recurring payments. However, EBPP is only a few years old, and data theft is becoming a serious issue. How can businesses ensure that their EBPP services are secure?

Choose a Trustworthy Service Provider
This is true of nearly every online service a business uses: Before signing a contract, before making payments, and before sending any transactions, businesses must be able to trust their EBPP provider. A dishonest EBPP provider can wreak havoc on business and customer finances by charging unfair fees, selling personal information, and even stealing payment data. It is these very organizations that continue to besmirch the good and valuable name of EBPP. 

Fortunately, there are plenty of indications of untrustworthiness in an EBPP service provider. Providers that lack a thorough and professional-looking website, whom offer poor customer service and support, and refuse to provide an official-looking fee structure are not likely to be worth a business’s time and money. Instead, businesses should look for providers who have plenty of experience in the field, a variety of service options, and a reputation for excellence.

Review the Privacy and Security Policy
It has become second nature to breeze past the long pages of small print that comprise a business’s privacy and security policy. When it comes to something as important as making and receiving payments, it is incredibly vital that a business understands how a provider handles sensitive information like customer names, addresses, and bank account numbers.

Typical policies should take only about ten minutes to read and understand, which is almost nothing compared to the months required to rebuild consumer trust after a data breach. While businesses review potential policies, they should be primarily concerned about the following issues:

  • Encryption- Is data encrypted during all phases of collection and storage?
  • Secondary data usage- Is the provider co-opting data for a purpose other than EBPP?
  • Sharing- Do any third parties have access to the data?
  • Control - What are the terms for sharing data with the government? Can businesses delete their own data after it has been sent?

Avoid Services Reliant on Email
While it is acceptable - though not ideal - to use email services to send simple communications, bills should never be paid through electronic mail. Sending and receiving email is easily among the least secure activities people engage in; there are dozens of opportunities for cyber-criminals to gain access to emails and retrieve potentially sensitive information. Thus, reputable EBPP providers will not only use secure web portals to collect and send payments, but they will never request personal information through email. In fact, any request for sensitive information through email is likely a scam that should be deleted immediately.

Use and Encourage Anti-Malware Software
Malware comes in all shapes and sizes, but it is almost always looking for one thing: data. Payment-related data is the most valuable of all, so EBPP users must be diligent about avoiding malware at all costs. Anti-malware software should provide additional firewalls, scan incessantly for malicious content, and generally enhance a device’s protections against cyber-attack. EBPP users, both businesses and individuals, should outfit their devices with appropriate anti-malware tools and look for EBPP providers who place a similar importance on security.

Avoid Cookies and Sign Out After Payment
It’s common for devices to remember usernames and passwords for different sites, but businesses and consumers who want to keep their EBPP accounts safe should disable this feature for any EBPP portals. Further, users should sign out of their bill pay accounts as soon as their payment is complete. Then, even if a device is stolen or hacked, no one but the rightful user will be able to access any bill pay information.

Rehan Jiaz is an entrepreneur, business graduate, content strategist and editor overseeing contributed content at He is passionate about writing stuff for startups. His areas of interest include digital business strategy and strategic decision making. 

What’s Hot on Infosecurity Magazine?