Blog Post

MYOB Announcements
6 MIN READ

MYOB Secure Invoicing Upgrade: update and Summary 11/03

Mike_MYOB's avatar
Mike_MYOB
Community Manager
11 months ago
Hi everyone, Due to a high number of comments (and MYOB replies) about Secure invoicing, I am posting a summary of the change, frequent questions/complaints and the answers from MYOB to make it ea...
Updated 10 months ago
Version 3.0
announcements
Jamie2's avatar
Jamie2
Member
6 months ago

MYOB states this is about "CyberSecurity", with all the Optus, Medibank and recently Qantas data leaks, the best thing MYOB could do for the community regarding CyberSecurity is to NOT collect data that it does not need to transact with us.  MYOB has not needed this data over the past 20 years and does not need it now.  MYOB is doing nothing more than increasing our CybeSecurity risk footprint. 

  • Mike_MYOB's avatar
    Mike_MYOB
    Community Manager
    6 months ago

    Hi Jamie2​ ,

    To confirm, these documents are not being stored (at all) and certainly not by MYOB.
    It is a one off verification of the documents, similar to showing your ID when you go to the movies.


    The documents provided by businesses as part of this verification process are not provided to MYOB directly, nor are they being stored long term. It is a one-time verification process. Identification documents are provided to FrankieOne (their privacy policy is here) and once the verification is completed, documents are securely erased.

    I made another response earlier today in another thread that also seems relevant around why owners need to give their ID compared to verifying the 

    Personal vs Business verification

    You're correct that the business verification process requires director/business owner ID. This is because we need to verify that the owners of the business are the ones using our software. ABNs, website URLs, physical addresses are all publicly available information.
    Anyone could technically create an account as a business, that they may not own or have anything to do with.
    Therefore this is not so much about proving that a business is in fact real (that part is easy) but it is that the people using the MYOB software, are in fact the owners of that business and not any kind of impersonator/fraudster.

    • Jamie2's avatar
      Jamie2
      Member
      6 months ago

      Hi Mike,

      It doesn't matter who is storing them, they are being stored because MYOB requires the data to be collected. I don't believe a business can hand-ball its accountability just by stating "we are using a third party". 

      If you need veritication to use your software, I can understand this (at a stretch) for new users, but for customers who have been using the MYOB platform for years, decades, it is unnecessary.

      I also, don't think MYOB shoud not have combined the secure invoicing with your payment gateway, that is just stinky and has caused me serious concerns about the ethics of the company who is purporting to require this information to make us more secure, while underhandedly turning on the payment gateway! If the payment gateway was off before, it should be off after the vertifaciton and we should not have to Opt-Out, having an automatic Opt-In model is straight out unethical. 

      Cheers

      Jamie