Invoice security depends on:
- the technology used ;
- existing controls within the enterprise;
- agreements concluded between the concerned parties.
The use of the Peppol network provides guarantees for the secured transfer of data. Access to the network is provided by certified service providers. You can compare this to a telecommunications network. On the other hand, the e-mail channel - even if it is very flexible - is very sensitive when it concerns invoice fraud and Internet crime (phishing, malware, ransomware, etc.).
'Service Providers' (also called 'Access Points') in the Peppol world are like letterboxes in the paper world: entry and exit points in a transport network ensuring efficient service. That responsibility can be shared among several operators provided they commit to common rules. In the Peppol context, those rules are set out in a contract, the 'Service Provider Agreement'. Service providers sign this contract with a Peppol authority (the coordinating Peppol authority, the Belgian non-profit association OpenPeppol, or the national Peppol authority, in Belgium FPS BOSA (Federal Public Service Policy and Support)). All service providers are aware of the various local regulations at the place where they want to operate.
The latest list of service providers who have signed a contract with FPS BOSA can be found here: Belgian Peppol Authority. You will also find the latest version of the Peppol Service Provider Agreement here (Dutch and French).
To gain access to the network, compliance with KYC ('Know Your Customer') requirements is essential. This means that verification of your identity is necessary to establish a network connection. During the registration process, the software provider will request documentation that confirms your identity and will verify your authorisation to act on behalf of that company.
A service provider that would not comply with certain conditions would risk losing its certification and access to the network.
