The 'Architecture of Negligence': Why File-Based Banking is a Security Hole
We need to have an honest conversation about "Secure Payments" in the Dynamics 365 ecosystem.
As Solution Architects, we spend months designing role-based security (RBAC) inside the ERP. We enforce MFA. We audit logs. We lock down the SQL database behind Private Links.
But when it comes to the "Last Mile"—actually moving the cash from the Payment Journal to the Bank—90% of Australian enterprises revert to what I call the "Architecture of Negligence."
The "Alt-Tab" Vulnerability
If your banking integration involves a human downloading a file, you have a security hole.
The typical mid-market workflow looks like this:
- Approval: Finance User approves a $5M payment batch in Business Central / F&O.
- Export: User exports an ABA or ISO20022 file to their local desktop.
- The Gap: For the next 5 minutes, that file sits in the
Downloadsfolder. It is unencrypted text. It is editable. - The Switch: User Alt-Tabs to the CommBiz or NAB portal.
- Upload: User uploads the file manually.
For those few minutes, the data is At Rest on an unmanaged device. It bypasses your ERP's audit trail. If a bad actor (or malware) modifies the BSB/Account Number in that text file before upload, your ERP will still show "Paid to Vendor A," but the bank will pay "Hacker B."
This is not a theoretical risk. This is how payment redirection fraud happens.
The "Iron Layer" Simulation
At Demiton, we argue that Infrastructure must replace Intervention. We don't just talk about this architecture; we simulate the traffic flow to prove the chain of custody.
Run the simulation below to see how a RAM-Only execution pipeline handles a payment event versus a manual process.
Payment Execution Simulator
REAL-TIME VISUALIZATION OF THE IRON LAYER
The Three Pillars of Sovereignty
As shown in the simulation above, the "Iron Layer" relies on three non-negotiable architectural principles. If you are building a solution for Critical Infrastructure (Energy, Health, Government), these are likely mandatory under APRA CPS 234.
1. RAM-Only Execution (Ghost Protocol)
Data must never be written to a disk (even a temporary cloud disk) in plain text.
Legacy connectors often save a file to C:\Temp or an Azure Blob Storage container before an FTP service picks it up. This creates a Forensic Footprint.
We stream payment data from the ERP directly into Volatile Memory (RAM). If you pull the power cord on a Demiton server during a transaction, the data vanishes instantly. It cannot be recovered because it was never written down.
2. In-Stream Encryption (Protocol Zero)
The transformation from JSON to Bank Format (ABA/ISO) happens inside the RAM enclave. Crucially, the payload is digitally signed and PGP-encrypted (AES-256) before it leaves the memory buffer. The bank receives a blob that only they can decrypt using their Hardware Security Module (HSM).
3. Sovereign Exit (The Kill Switch)
Cloud IPs are dynamic. Banks hate dynamic IPs. To solve this, many integrators use "Relay Servers" hosted in the US or Europe to static-route the traffic. This breaks Data Sovereignty.
We utilize a dedicated Network Address Translation (NAT) Gateway locked strictly to Azure Australia East. This provides a single, static IP address that the bank whitelists, rejecting all other traffic. Your data never leaves Australian soil.
The Architect's Comparison: Files vs. Tunnels
If you are evaluating a banking ISV, use this matrix to determine their risk profile.
| Feature | The "Cowboy" Method (Manual) | The "Relay" Method (Legacy ISV) | The Iron Layer (Demiton) |
|---|---|---|---|
| Transport | Browser Upload | Cloud Relay | Host-to-Host Tunnel |
| Encryption | None (Plain Text) | SSL Only | PGP (Payload Level) |
| Storage | Local Desktop Disk | Database / Blob | Volatile RAM |
| Sovereignty | Local Device | Often EU / US | Azure AU East |
| Liability | The CFO | The Partner | The Infrastructure |
Stop Accepting "Good Enough"
The "Action Initiation" bill for Open Banking has passed, but the B2B infrastructure isn't ready. You cannot wait 3 years for the government to build pipes for you.
If you are a Practice Lead or CFO, ask your current integration provider one question:
"At any point in the process, does the unencrypted payment file get saved to a disk?"
If the answer is yes, you are carrying liability you don't need.
Stop fixing broken CSV integrations.
Join the Partner Alliance. Get an NFR license to build a bank-grade "Iron Layer" for your practice and eliminate the liability of manual file uploads.