EDI and Digital Signatures - Data Confidentiality
by Nigel Taylor, Head of e-Invoicing, GXS
Wednesday, May 02, 2012
In my last post, I discussed the different levels of complexity associated with e-Invoicing using EDI and digital signatures. I concluded that while digital signatures are slightly less complex to set up than EDI, it’s important to decide which method is best for your company based on a variety of factors including your trading partners’ preferred methods.
In this blog, I will focus on how effective EDI and digital signatures are at keeping your data secure.
E-Invoicing by nature involves transmitting sensitive data about your company. However, as VAT law doesn’t focus on information security, measures to protect sensitive data are left to trading partners themselves to manage. Invoices contain information such as pricing details, discounts or information relating to traded materials. These details are valuable competitive and commercial information so it is imperative that security is front of mind when an e-Invoice exchange takes place. With that in mind, how do the two e-Invoicing frameworks handle this challenge?
European Directive 1994/820/EC guarantees that security is intrinsic in correctly implemented EDI. It states that EDI networks have to be secure to ensure the authenticity and integrity of the document and that it is received exactly as sent. The network is therefore secure by default and e-Invoices can be transferred between companies in a safe manner without risk of a breach in data confidentiality, and the processes within the EDI network guarantee that any errors are captured and dealt with appropriately.
Digital signatures are flexible and less complex than EDI which means they can be sent through a variety of means, including over the internet or in an email. However, this simplicity comes at a price as these transfer methods are not necessarily secure and could lead to breaches in security. To ensure the protection of digitally signed invoices, businesses must send them over secure protocols, including a protected B2B portal.
EDI as a standalone remains the most secure platform out of the two due to its compliance with 1994/820/EC and the secure processes that are inherent within such networks. When evaluating data confidentiality within an e-Invoicing solution, consider the diversity in the marketplace. If both EDI and digital signatures are used by your trading partners the solution should accommodate this variation.
You can learn more about all aspects of e-Invoicing at http://www.einvoicingbasics.co.uk.