Closing the door to security risks with 3SKey

Published: October 6, 2015

Companies are working closely with their lead banks to address the myriad types and constantly increasing threat of fraudulent payments. Liz Salecka reviews how one company, Bonduelle, is employing SWIFT’s 3Key security technology to heighten security in its payment transactions.

This content is only available to our subscribers. Please click here for details of subscription plans or to request trial access.

In 2012, Bonduelle became an early adopter of SWIFT’s 3SKey, a Public Key Infrastructure-based security technology that relies on digital signatures to authenticate the identity of the treasury professional making payment instructions to a payments bank. 

“As a corporate we had enough scale to advise all our banks that 3SKey was the technology we wanted to use, and they went along with us. At that time 3SKey was not yet that well established, and in some cases we had to work with our banks on its implementation in what were pilot projects. But this helped many banks, and us to gain an understanding of 3SKey and it is now generally widely accepted.”

When Bonduelle’s centralised treasury operation receives authorised invoices from its subsidiaries, which are signed off by at least two local managers using an internal treasury system, it authorises bank payments in batches using the 3SKey token. The encrypted payment files are sent to the relevant payments bank with the digital signature of one member of the headquarters office. 

Only a very few key staff in the headquarters office have authority to authorise bank payments using digital signatures.

“Invoice payments need several internal signatures at local office level, which are usually those of management staff, before being sent to us,” says Wattinne, pointing out that this is the case for most of the 46 overseas Bonduelle entities that the centralised treasury services. “We then aggregate the payments due in batches and send them on to the relevant payments bank with one of us providing a digital signature.”

He explains that this process has helped Bonduelle to maintain its own internal security. 

“A payment has to go through several people – internal signature locally at the invoice approval stage – and then through a member of the headquarters management who are authorised to make payments to a bank using a 3SKey digital signature. No one individual has the full power to authorise a payment.

“Once the bank receives the payment file, they need a specific key to open it. This process ensures that only a fully authorised person from within the headquarters has validated the payment. Once a bank has opened the file, they will always advise us that it has gone through okay,” he explains.

Since adopting 3SKey as a security solution, Bonduelle’s centralised treasury has realised a number of important benefits including a streamlined and standardised approach to ensuring security in its payments activities with multiple banks as well as time and cost savings.

“One of the biggest benefits of using 3SKey is that we don’t have to have several different systems and processes for putting payments through the different banks we work with. We have one security process which is multi-bank, and this is exactly the same regardless of the country, the amount being paid, as well as the technology used by the payments bank,” says Wattinne.

“We have a centralised treasury department, but it is not huge in terms of personnel, and using 3SKey with all our banks means that we also benefit from less maintenance and lower fees. Using the different proprietary systems of different banks would create more work and bring higher costs to us.”