Interface file creation 101.

Uncertainty. Pressure. A faster heart rate. These are just some of the things people feel when they have to develop a new, electronic Commercial Card interface file for a particular system (finance or other). Even if you relish the challenge, formulating a plan can take time. Through personal experience and by helping others, I have learned it is best to break down the project into manageable steps. The following offers direction on four key aspects associated with interface file development. Keep this handy for the next time you face this situation.

Four Key Aspects

  1. Determine what you need the interface file to do/accomplish.
  2. Identify the system into which the interface file will be uploaded, and the related specifications.
  3. Select the relevant card-related data to be included in the interface file.
  4. “Map” where each piece of card data belongs in the interface file, based on system specifications.

In reality, you might work on these aspects concurrently. Remember to build time into your project for file testing purposes. 

Breaking It Down 

1. What Do You Want the File to Accomplish?

What are you seeking and why? Will you need to add or modify fields in the system used for transaction reconciliation? For example, is there a piece of data you need to capture in the interface file that would need to be supplied by cardholders?

Most commonly, an interface file is needed for the finance system, but you need to decide which one—AP system or general ledger. Further, there is more than one way to approach it. For example, will the interface file serve to initiate a payment to the card issuer? Maybe; maybe not. It could depend on how often you pay the issuer, how often cardholders reconcile transactions, and/or other factors.

2. Where Will the Card Data Go?

Can the identified system (#2 above) accommodate a file upload? If so, what are the requirements and specifications? Elements to explore include: fields to be populated, field length and type (e.g., alpha, numeric, or either), any prohibited characters that could cause problems during the file upload, etc. You may need to consult with the system provider/vendor.

Also, your card issuer might be able to offer some insight if any of their other end-user clients have an interface file for the same system. 

Do not let an interface file project overwhelm you. Break it down into manageable stages.

Do not let an interface file project overwhelm you. Break it down into manageable stages.

3. What Card Data is Available?

There are three broad categories of card-related data:

  • Transaction information, such as date, amount, sales tax, and line-item detail (if available); may also include any data entered by the cardholder during reconciliation
  • Supplier information, such as name, address, and merchant category code (MCC)
  • Cardholder/card information, such as name, zip code, and account number

You likely do not need every piece of available data. Determine the information that best supports what you want to accomplish.

4. Where Does Each Piece of Card Data Belong?

The system into which you will upload the file probably does not have field names that exactly match the names of card-related data. You need to figure out what to put where.

Lastly, some data might need to be automatically added to the interface file—to satisfy certain field requirements—versus originating from the card activity. For example, the file specifications might include a field designated as “Payment Type” for which you want a constant default of “PCARD” each time the interface file is downloaded. 

Resources

For an introduction to interface files and information about finance system options, visit the Interface Files webpage. If you are seeking external expertise, contact Recharged Education to inquire about consulting services.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Phishing for security weaknesses.

I recently had a déjà vu experience. About a year ago, I wrote about a fraudulent email I received while preparing to deliver a virtual workshop on P-Card risk analyses. This prompted me to share tips and statistics related to information security, and recommend Verizon’s Data Breach Investigations Report as a resource. The same things are occurring again. Another fraudulent email landed in my inbox (different topic this time), another virtual workshop on risk analyses is coming up, Verizon released a new report, and this post offers additional security tips. Keep reading to learn more and see images of the fraudulent emails.

Phishing

There is no shortage of social engineering tactics. Among the most common are phishing expeditions designed to entice people to click links or email attachments that open the door to fraudsters and their malicious software. Last year, I received a fake FedEx email. This month, it was a fake Dropbox email with a link to view an invoice. Ensure your AP department is aware of this scam. While it is not new, they might not have encountered it previously. See related images in the adjacent column.

Per Verizon’s 2017 Data Breach Investigations Report:

  • 7.3% of users across multiple data contributors were successfully phished—whether via a link or an opened attachment.

  • In a typical company (with 30 or more employees), about 15% of all unique users who fell victim once, also took the bait a second time. 

While 7.3% is not huge, just one successful phishing incident can have far-reaching consequences. 

Who will fraudsters catch? Help your cardholders avoid the phishing bait. 

Who will fraudsters catch? Help your cardholders avoid the phishing bait. 

Training Tips

In my related blog post last year (“Attack fraud through training”), I noted that cardholders should be able to differentiate between legitimate communications from the card issuer and fraudulent ones.

To enhance your training efforts, can your issuer share examples of fraudulent emails that target cardholders, as well as real ones that they send? Also train cardholders to pause and evaluate any emails appearing to be from the issuer. For example:

  • Were they expecting an email (e.g., you told them something would be sent pertaining to “X” topic) or is the communication a surprise, which might indicate potential fraud? 
  • Is the sender’s email address consistent with your issuer’s email addresses? Per the images in the next column, fake emails typically reflect odd addresses.
  • Does the email stress urgency (e.g., “You must click here ASAP!”) or include a threat (e.g., “Failure to complete this action could result in card deactivation.”)?

If your training includes a quiz element, then add something related to phishing, such as: If you receive an email that appears to be from the bank and it directs you to click a link to update your contact information, what is the BEST action to take?

Besides NOT clicking on anything, cardholders should notify the appropriate internal party. You/your organization needs to stay informed and take any necessary action (e.g., alerting other cardholders, contacting your issuer, etc.).

Finally, if possible, as part of a process audit, simulate a phishing email to test cardholders’ reactions Do they click on anything? Do they report the suspicious email?

Fraudulent Email Images

Below are the emails mentioned earlier. In each, the sender’s email address has nothing to do with FedEx or Dropbox.

Virtual Workshop

P-Card Risk Analysis

Information security is just one of many topics that I will cover in the three-hour June 21 workshop hosted by AP Now. If you have not completed a robust P-Card program risk analysis recently, this workshop is for you. Registrants will also receive two bonus items:

  1. P-Card risk analysis template with more than 100 questions to help you assess your controls
  2. Guide on revitalizing your P-Card policies and procedures. 

Please visit the AP Now website to learn more and register.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

12 program support responsibilities.

The trifecta of Commercial Card program management is the program manager/administrator (PM/PA), procurement, and accounts payable (AP). However, the latter two might get overlooked when program roles are developed. Does your organization assign specific card-related responsibilities to procurement and AP? They can fulfill an important support function, regardless of which department the PM/PA resides in. Even though department roles vary from one organization to the next, you still can ensure the following 12 tasks are assigned to an appropriate party. Your card program will benefit from everyone working together.

Procurement

Program success is dependent on supplier acceptance of Commercial Cards. Procurement (or a related department) should:

  • Address card acceptance in competitive bids/RFPs 
  • Specify card-related terms in supplier contracts; for example, prohibit surcharges for card acceptance and mandate compliance with the Payment Card Industry Data Security Standard (PCI DSS)
  • Notify AP about card-accepting suppliers

AP

AP is in a gatekeeper position to uphold policies and/or contracts concerning payment method. They should:

  • Remove card-accepting suppliers from the master vendor file (unless there is a good reason, along with accompanying controls, to pay a particular supplier more than one way)
  • Not set up new suppliers in the master vendor file until they verify the intended payment method
  • Refuse to process check requests for suppliers that accept cards
  • Reduce the frequency of check runs to encourage supplier acceptance of electronic payments

Both Departments

Tasks for both procurement and AP include the following.

  • Contribute to the establishment of, or updates to, an internal “payments policy”
  • Train their staff on their card-related roles and responsibilities
  • Monitor suppliers/payments to ensure card payments occur as expected
  • Look for additional opportunities to use cards—plastic or virtual—based on payment history
  • Track the impact of card payments (e.g., process savings, PO reduction, etc.), which helps fuel program metrics

How many of the 12 things noted herein does your organization consistently do? How can you strengthen program support roles? See also a related blog post on how management needs to address two aspects of the staff members (like procurement and AP) responsible for executing the organization’s payment plan.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.