18th Jun 2019

What is SFTP… and how does it work?

It’s vital for organisations to secure the data they send in payment files, so they can process and handle payments safely and keep cash flow running smoothly. One tool that’s become popular for this purpose is sFTP. Here AccessPay asks: What is SFTP… and how does it work? Read to find out…

SFTP – the basics

SFTP stands for ‘Secure File Transfer Protocol’. Let’s flesh this out a bit, to get a basic understanding.

According to Technopedia, SFTP is a “secure version of file transfer protocol which facilitates data access and data transfer over a secure shell data stream”. In simple terms, it’s a tool used to transfer files containing data between organisations. Commonly used by large organisations for tasks like Payroll and pension scheme enrolment, it’s suitable for uploading large files of payment data in standard generated formats such as CSV, XML of Fixed Width.

How safe is SFTP?

The next question that may spring to mind, is “how safe is SFTP”? In order to shed some light here, we need to look at the mechanics of SFTP and how it all works.

SFTP is the next generation of the File Transfer Protocol (FTP). This is the standard network protocol that’s used for the transfer of files between a client device and a server across a computer network. It’s constructed on a client-server model architecture, which uses separate control and data connections between said client device and server.

There’s one key feature that makes SFTP an advance on FTP, when it comes to offering security for file transfers. SFTP uses the ‘Secure Shell,’ which experts explain is “a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network”. Also, the SFTP system applies encryption tech to commands and data.

Naming the benefits

SFTP is now a key tool for processing payments. This is because it offers various benefits, including…

  • Enabling remote working

SFTP also provides a measure of greater flexibility in the way you and your staff work. Take AccessPay as an example. With us, your users can upload files remotely to our platform via SFTP.

This could put your organisation at a major advantage in the competitive jobs market going forward. Numbers show that around half of the UK workforce will be working remotely by 2020, so offering them the chance to work from any location via SFTP could help you attract the best talent.

  • Convenient integration

SFTP works on a wide range of platforms. This means that you can easily integrate this security tech with your legacy systems, without facing significant upgrade costs.

Making secure payments

These benefits have made SFTP an invaluable tool for organisations that batch payments for processing and routing. This is because it allows the sensitive information contained in said files (for example supplier sort codes and account numbers) to be transferred securely between servers.

It’s especially popular for Payroll. Due to the predictable nature of Payroll, teams often use batch files to make sure staff get paid on time every month. This task involves sending large files which contain a lot of sensitive info (e.g. employee National Insurance Numbers) that needs to be handled very securely. SFTP makes sure this info stays out of the hands of cyber-criminals.

If your Payroll files are breached, there could be financial and reputational consequences for your organisation. Supermarket Morrison’s hit the headlines, for example, when it emerged they faced compensation claims running into the millions of pounds following a Payroll data breach in 2014.

There’s your obligations under the EU’s General Data Protection Regulation (GDPR) to contend with too. GDPR requires your organisation to protect any personal data with care. If you don’t, you could face fines equalling either 4% of global revenue or €20 million – whichever is higher – so SFTP can be valuable from a compliance perspective. We offer masking capability in the AccessPay user interface, as well, meaning you can have the employee names in your Payroll run hidden for added security.

Find out more about GDPR with this guide.

AccessPay’s SFTP solution

If you want to take advantage of the benefits of SFTP, find partners who have the expertise needed to help you leverage it responsibly. This is where AccessPay comes in. We offer a solution which allows you to handle payment files via SFTP in a way which promotes maximum security.

Through our solution, you can either manually or automatically upload your files through SFTP from your back-office systems to a folder hosted and encrypted by us. A file watcher service polls this folder continuously and when it finds something new, it’s pulled into UPP and your approver will receive an email notification telling them to log in and complete the submission. Teamed with security tools like data masking and PGP encryption, this allows you to use SFTP to handle payments safely.