Tech Republic

Image: StackCommerce TL;DR: Automate your email marketing and bulk content creation with AI-powered tools in this six-course Canva and ChatGPT bundle for $24.99 (reg. $120). As a solopreneur, your time is too valuable to waste designing every email and marketing asset manually, but did you know there are ways you can use AI automation to streamline those tedious tasks? Instead of spending hours crafting individual emails or designing graphics from scratch, Canva’s tools, powered by OpenAI, streamline the entire process. This beginner-friendly 2025 six-course Canva bundle teaches you how to leverage Canva’s AI features for bulk email marketing, content automation, and branding, helping you create high-quality assets in minutes without needing a design or copywriting team. Six courses to automate, design, and scale your business marketing Stop writing the same email repeatedly after taking the Canva & ChatGPT Hacks for Bulk Content Creation course. You’ll learn how to use ChatGPT to generate high-converting email sequences, newsletters, and promotions in bulk, then pair them with Canva’s AI tools to create branded visuals that match your messaging instantly. Automate your marketing without sacrificing quality or consistency. Your emails shouldn’t just deliver a message; they should sell your brand. Canva for Branding, Business & Marketing will show you how to design reusable email templates, social media graphics, and promotional materials that keep your branding consistent across every campaign. Whether sending weekly offers or nurturing leads, this course helps you create professional, on-brand content in minutes. Additional courses cover streamlining your content creation beyond just emails and branding; Canva & AI for Viral Short-Form Content Creation teaches you how to automate video content for social media, making it easy to align your marketing efforts across platforms. Canva for Innovative Graphic Design helps you create AI-powered logos, typography, and visuals, ensuring brand consistency in every piece of marketing material you produce. Canva to Create Business Cards allows you to design a professional, reusable digital business card perfect for email signatures and networking events. Content Creation in Bulk with Canva & ChatGPT walks you through automating graphics, captions, and branded visuals for both email and social media marketing. If you want to work smarter, not harder, this bundle teaches you how to leverage AI and automation to scale your business while reducing manual work. Get the 2025 six-course Canva AI bundle for just $24.99 (reg. $120) and start automating your content creation today. Note: Many AI-powered features covered in these courses require a Canva Pro subscription, which is not included. StackSocial prices subject to change. source

Image: cynoclub/Envato Elements Apache Tomcat is under attack as cybercriminals actively exploit a recently disclosed vulnerability, enabling remote code execution (RCE). With simple HTTP requests, attackers can trigger the deserialisation of malicious data and gain control over affected systems. The vulnerability, CVE-2025-24813, was disclosed by Apache on March 10, with the first proof of concept being released on GitHub about 30 hours later, posted by user iSee857. Soon after, security firm Wallarm later saw that this was being leveraged in the wild, warning that the attacks are undetectable to traditional security filters as HTTP requests appear normal and malicious payloads are base64-encoded. First, an attacker sends a PUT request containing an encoded, serialised Java payload, which is then written inside Tomcat’s session storage and automatically saved in a file. Then they send a GET request with a JSESSIONID cookie pointing to the malicious session. When Tomcat processes this request, it deserialises the session data without proper validation, executing the embedded malicious Java code and giving the attacker full remote access. SEE: How to Use the Apache Web Server to Install and Configure a Website Must-read security coverage Which Apache Tomcat versions are vulnerable? No authentication is required for this to work but, according to Apache’s security note, the following must be true for a Tomcat application to be vulnerable: Writes are enabled for the default servlet Partial PUT request support is enabled Tomcat includes a library that could be leveraged in deserialisation attacks The default storage location uses file-based session persistence As well as remote code execution exploits, the vulnerability can allow attackers to view or amend security-sensitive files if the following conditions are met: Writes are enabled for the default servlet Partial PUT request support is enabled The security-sensitive files are stored in a publicly available directory and were uploaded by partial PUT The attacker knows the filenames With these conditions fulfilled, the following Tomcat versions are all vulnerable: Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0.M1 to 9.0.98 Mitigation: How to protect your system To mitigate the vulnerability, Apache recommends users upgrade to Tomcat versions 11.0.3 or later, 10.1.35 or later, or 9.0.99 or later, respectively, as these are all sufficiently patched. Alternatively, users can turn off partial PUT support, disable writes for the default servlet, and avoid storing security-sensitive files in directories that are publicly accessible. Wallarm researchers warn that this vulnerability highlights the possibility of other security flaws emerging due to Tomcat’s handling of partial PUT requests “which allows uploading practically any file anywhere”. “Attackers will soon start shifting their tactics, uploading malicious JSP files, modifying configurations, and planting backdoors outside session storage,” they wrote in a blog post. “This is just the first wave.” source

Image credit: NVIDIA During the NVIDIA GTC conference in San Jose, CA, the GPU giant announced two small supercomputers: the DGX Spark and DGX Station. Both supercomputers use the NVIDIA Blackwell Ultra platform and are targeted to developers, researchers, data scientists, and students training, running inference, and deploying large language models. “AI has transformed every layer of the computing stack. It stands to reason a new class of computers would emerge — designed for AI-native developers and to run AI-native applications,” said NVIDIA CEO and cofounder Jensen Huang in a press release. “With these new DGX personal AI computers, AI can span from cloud services to desktop and edge applications.” More must-read AI coverage DGX Spark has 784 GB of memory in a small package NVIDIA claimed the DGX Spark, previously known as Project Digits, is the world’s smallest supercomputer. The GB10 Grace Blackwell Superchip inside includes a Blackwell GPU that can perform 1,000 trillion operations per second of AI computing. NVIDIA NVLink-C2C interconnect technology hooks a CPU and the GPU together at five times the bandwidth of fifth-generation PCIe, NVIDIA said. From DGX Spark, users can export AI models to DGX Cloud or any accelerated cloud or data center infrastructure. SEE: Microsoft accidentally removed its Copilot AI assistant from some devices – and some users are glad to hear it. DGX Spark can run NVIDIA’s recently-announced GR00T N1 robotics foundation model, and the Cosmos world generation system that teaches AI-powered robots about the physical world. A waitlist is open now for the DGX Spark, which will cost $3,000. The DGX Spark will be produced by manufacturers including ASUS, Dell, and HP. DGX Station is built for desktop AI development The updated edition of the DGX Station will be available later this year from NVIDIA’s manufacturing partners, including ASUS, BOXX, Dell, HP, Lambda, and Supermicro. The price has not been disclosed. With the current-gen DGX Station, users receive 784 GB of coherent memory space, suitable for training and inferencing for large AI workloads. Inside is the NVIDIA GB300 Grace Blackwell Ultra Desktop Superchip, the Blackwell Ultra GPU, and the NVIDIA Grace CPU, all connected by the NVLink-C2C. Inside the supercomputer also sits an NVIDIA ConnectX-8 SuperNIC, which supports networking at up to 800Gb/s. It can link several DGX stations together for massive workloads or for making network-accelerated data transfers. Plus, the DGX Station interoperates with the NVIDIA CUDA-X AI platform for desktop AI development, the NVIDIA NIM microservices, and the NVIDIA AI Enterprise software platform. source

Image: garloon/Envato Images Senior officials from the U.K. have privately met with their U.S. counterparts to clarify that their request for access to encrypted data in Apple’s iCloud is not a blanket demand; instead, they are seeking access solely to data linked to individuals already involved in crimes such as terrorism, according to Bloomberg. People familiar with the matter told the publication that the British officials emphasized separate warrants would be required for each access request, ensuring they are strictly tied to investigations into serious crime within the U.K. They denied seeking wide-ranging powers to access anyone’s data for any reason, particularly that of U.S. residents, a claim that has fueled controversy. Must-read Apple coverage Apple fights back, restricts encryption for UK users In February, it was reported that the U.K. had asked Apple for a way to access user information that was covered under Advanced Data Protection, an optional security layer introduced in 2022. The Home Secretary’s office invoked the Investigatory Powers Act of 2016, which grants law enforcement the authority to compel companies to provide access to data as part of criminal investigations. The law also prevents Apple from publicly disclosing the request, issued as a Technical Capability Notice, or voicing its concerns to the public, effectively imposing a gag order on the company. In response, Apple took action weeks later, removing access to ADP encryption feature for U.K.-held devices. iPhone, iPad, and Mac users in the country can no longer sign up for ADP, and existing users must disable it manually to retain iCloud access. U.S. Director of National Intelligence Tulsi Gabbard has warned the U.K.’s demands may violate the CLOUD Act, which limits foreign governments from directly accessing encrypted data stored by U.S. companies. US lawmakers warn of free speech and privacy risks Earlier this month, Apple challenged the legality of the U.K. government’s access demands, arguing that compliance would jeopardise user privacy and set a dangerous precedent. “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption,” Apple wrote in a statement to Parliament. The statement, issued in response to proposed amendments to the U.K. Investigatory Powers Act, did not directly confirm the existence of the Technical Capability Notice. Gabbard has also raised concerns about the effective gag order the Investigatory Powers Act of 2016 imposes on Apple, which were reiterated by a bipartisan group of U.S. lawmakers this week. They have urged the U.K. to “remove the cloak of secrecy” surrounding the order, claiming that it is “violating the free speech rights of US companies and impairing Congress’ power and duty to conduct oversight on matters of national security.” Under President Donald Trump’s first term as president, the FBI protested Advanced Data Protection over similar concerns regarding law enforcement’s inability to access encrypted data — a barrier the U.K. is now attempting to bypass. Meanwhile, tech companies like Apple warn that creating a backdoor would increase the risk of abuse by criminals and authoritarian governments alike. source

Image: vinnikava/Envato Elements Cross-platform encrypted messaging between iPhone and Android is coming soon, thanks to updated Rich Communication Services (RCS) standards. The GSM Association has announced that the latest RCS specifications now include end-to-end encryption based on the Messaging Layer Security protocol. This breakthrough, initially teased back in September, will finally allow secure, encrypted messaging between different mobile platforms. This is a huge privacy win — end-to-end encryption (E2EE) means nobody else can see your messages, not even your cell carrier or the companies that make the messaging apps. According to the GSMA, they developed this new RCS standard by bringing everyone to the table: mobile carriers, device makers, and tech companies, including Apple. GSMA Technical Director Tom Van Pelt wrote on his organization’s site that, “…RCS will be the first large-scale messaging service to support interoperable E2EE between client implementations from different providers. Together with other unique security features such as SIM-based authentication, E2EE will provide RCS users with the highest level of privacy and security for stronger protection from scams, fraud and other security and privacy threats.” Must-read security coverage Apple’s commitment to cross-platform security According to Apple spokesperson Shane Bauer in a statement to 9to5 Mac, end-to-end encryption is a powerful privacy and security technology that iMessage has supported since the beginning. Bauer added, “… we are pleased to have helped lead a cross industry effort to bring end-to-end encryption to the RCS Universal Profile published by the GSMA. We will add support for end-to-end encrypted RCS messages to iOS, iPadOS, macOS, and watchOS in future software updates.” Google’s commitment to secure messaging Google spokesperson Ed Fernandez told The Verge that, “Google Messages users have had end-to-end encrypted (E2EE) RCS messaging for years. We’re excited to have this updated specification from GSMA and work as quickly as possible with the mobile ecosystem to implement and extend this important user protection to cross-platform RCS messaging.” The end of fragmented messaging security Apple rolled out RCS support for iPhones with the iOS 18 update back in September. While iMessage has had end-to-end encryption for ages, this security feature didn’t carry over to RCS messaging because the previous standard simply couldn’t handle cross-platform encryption. On the Android side, Google Messages did offer end-to-end encryption for RCS texts, but only when chatting with other Google Messages users; conversations with iPhone users or people using different Android messaging apps weren’t protected. The new standard should finally fix this fragmented situation. No specific timeline has been given for when we’ll see this feature roll out, but when it finally arrives, it will certainly be a big privacy upgrade. source

Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple previously fixed this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back in late 2023, but this release adds a supplemental patch. In the release notes for iOS 18.3.2, Apple stated that the issue has been “addressed with improved checks to prevent unauthorized actions.” That same patch has also been applied in iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. “Vulnerabilities in WebKit should be patched quickly, as it is the framework that powers Safari and renders other web-based content,” Adam Boynton, Senior Security Strategy Manager at Apple security firm Jamf, told TechRepublic in an email. “In this particular flaw, attackers were able to use maliciously crafted web content to escape the iOS Web Content sandbox. Breaking out of a sandbox allows an attacker to access data in other parts of the operating system.” Must-read Apple coverage A mysterious delay: Why did Apple take so long? It is not clear why the initial fix was not sufficient or why Apple has only now released the update this week, but the company does refer to “an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2” which may have occurred recently. This suggests that state-sponsored hackers have been exploiting the vulnerability to surveil high-profile individuals, such as government officials, journalists, or senior business executives. SEE: Why is Apple Taking Legal Action Against UK’s Government? The fact that this update comes just a month after iOS 18.3.1 and addresses only one security issue does indicate urgency. Cupertino typically withholds detailed information about vulnerabilities in the early stages to give users time to update their devices. This strategy helps prevent attackers from exploiting the flaw before the majority of users have secured their systems with the latest update. Curiously, iOS 18.3.1 landed just one day after Google released an update for its Chrome browser on Mac, Windows, and Linux devices which also patches CVE-2025-24201. Like Apple, Google described it as an out-of-bounds write issue for the Mac GPU and noted that it had a high impact and is aware that an exploit for it exists in the wild. It was reported to Google by Apple Security Engineering and Architecture on March 5, so it seems Apple has been working on its own patch for a number of weeks. Why you should update your Apple devices now On top of patching CVE-2025-24201, the Apple update “addresses an issue that may prevent playback of some streaming content.” Some social media users have also reported that the update loads with Apple Intelligence, Apple’s bespoke artificial intelligence system, automatically enabled, even if the user had previously switched it off. This is frustrating some users who don’t wish for their data to be analysed by the model, but they are able to switch it off again. Despite this, it’s recommended that Apple users update their devices as soon as possible, especially those running an older operating system than iOS 17.2, to prevent bad actors attempting to exploit the now-publicised vulnerability. It is available for iPhone XS and all newer iPhones, as well as iPad Pro (11-inch, 3rd gen and later, and 12.9-inch,1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later). You should be prompted about the update automatically, but if not, you can initiate the download manually by going to Settings, General, and then Software Update. source

Image: Microsoft News Microsoft just dropped its March 2025 Patch Tuesday update, which includes 57 fixes though closer to 70 with third-party vulnerabilities included. The update addresses some critical security issues that require immediate attention, including the following six zero-day vulnerabilities that hackers are actively exploiting. CVE-2025-26633: A security hole in Microsoft Management Console that lets hackers bypass normal protections. They typically trick you into opening a specially designed file or website through email or messaging apps. Rated Important, with a danger score of 7.8 out of 10. “In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the vulnerability,” explains Microsoft. “In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker’s site or send a malicious attachment.” CVE-2025-24993: A memory bug in Windows that allows hackers to run whatever code they want on your computer. Even though Microsoft calls this “remote,” someone or something needs to be physically at your computer to exploit it. Danger score: 7.8. “An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability,” explains Microsoft. CVE-2025-24991: A Windows flaw that lets attackers peek at small bits of your computer’s memory. They’d need to trick you into opening a special kind of disk image file. Moderate danger at 5.5. CVE-2025-24985: A math error in Windows’ file system that lets attackers run malicious code on your computer. They’d need you to open a harmful disk image file first. Danger score: 7.8. CVE-2025-24984: A Windows bug that accidentally writes sensitive information to log files. Hackers would need physical access to your computer to plug in a malicious USB drive. Lower risk at 4.6. CVE-2025-24983: A Windows flaw that lets someone with access to your computer gain full system control by exploiting a timing vulnerability. Danger score: 7.0. There’s a seventh vulnerability – a remote code execution bug in Windows Access – that’s been made public but doesn’t seem to be actively exploited yet. True to form, Microsoft kept with tradition and didn’t share any digital fingerprints that could help security teams spot if they’ve been hit. Must-read security coverage Additional security vulnerabilities including in Remote Desktop Client Microsoft also highlighted several nasty bugs that could allow attackers to run malicious code over networks. The scariest part is that they can do this without needing user interaction. One standout is CVE-2025-26645, a path traversal vulnerability in Remote Desktop Client. This one is a doozy because if you connect to a compromised Remote Desktop Server using a vulnerable client, the attacker could immediately execute code on your computer. Disaster. Microsoft strongly advised Windows administrators to prioritize patching critical remote code execution vulnerabilities affecting Windows Subsystem for Linux, Windows DNS Server, Remote Desktop Service, and Microsoft Office. Download TechRepublic Premium’s customizable patch management policy, which provides guidelines for the appropriate application of patches in an organization. source

Your customers are only half the equation. Other businesses will inevitably send and receive cash, too. This situation involves business-to-business (B2B) payments, which are a different kind of money movement. Unlike small sales with everyday customers, B2B transactions tend to involve greater sums of money sent more regularly. They also sometimes involve issuing credit and invoices, which can leave you without upfront cash. Let’s explore the nitty gritty details behind these complicated transactions. What are B2B payments? B2B payments are transactions that occur between two businesses for goods or services. This term differs from business-to-consumer (B2C) transactions, which are made directly with everyday individuals. Let’s say you manufacture notepads. You oversee a factory and also run a storefront in a busy shopping center. If a major retail chain wants to purchase thousands of notepads from you to resell, then this situation would involve a business-to-business payment. There are several methods to receive your money, which are discussed below. On the other hand, individuals walking into your storefront looking to buy holiday gifts involve business-to-consumer transactions. In this case, private citizens use their personal credit card or other payment method to conduct a one-time purchase. This interaction is more straightforward than B2B activities. B2B activity typically involves larger sums and more complex processes. They’re a fundamental element of working with wholesalers, suppliers, and contractors. How B2B payments differ from B2C payments The distinction between B2B and B2C payments isn’t just about the type of customer — it also involves differences in payment amounts, transaction frequency, and payment methods. Criteria B2B B2C Transaction size/volume Larger amounts, often due to bulk orders or ongoing service contracts Lower values that occur more frequently, driven by everyday retail or online consumer sales Payment terms Longer payment terms, such as Net 30 or Net 60, which involves delivering goods and services that are paid for at a later date Instant or near-instant; consumers pay for goods or services upon purchase Payment methods In-house bank transfers, checks, wire transfers, Automated Clearing House (ACH) transactions, and digital credit card payments; involves fewer in-person payments than B2C Consumer credit/debit cards, digital wallets (Venmo, Coinbase, etc.), and buy now, pay later services like Klarna; involve more in-person payments than B2B Requirements Sometimes involves manual vetting for larger orders or new clients with no history; Net 30 or Net 60 requires creditworthiness qualifications Minimal security, like zip code or PIN entry for bank cards or counterfeit detection for cash Example clients Wholesalers, suppliers, contractors, service providers, non-profits, bulk orderers Individuals, one-time organization purchasers (such as for special events or emergencies) Types of B2B payment methods Knowing the various payment methods you can use in B2B transactions is crucial as a small business owner. Here are the hallmark ways of sending cash from businesses to other entities and consumers. Checks Traditional paper checks are still commonplace in the B2B sphere, especially for smaller entities or those not involved in high-tech industries. While these valuable notes offer a tangible record and greater control over the transaction, they have drawbacks, such as longer processing times and increased risk of fraud. Pros: Easy to issue and track Cons: Slow processing and potential for fraud if not properly secured Wire transfers Wire transfers are fast and secure, usually moving cash within hours. Given their speed and irreversibility, they’re ideal for international transactions. But they carry a premium. Indeed, they can be costly and charge much steeper fees than ACH payments. Pros: Speedy and secure, especially for international payments Cons: Higher transaction fees, making it less cost-effective for smaller payments SEE: Best International Merchant Accounts Credit and debit cards Credit and debit cards boast flexibility and simplicity, but they’re prone to chargebacks and fraud. So, they’re better suited for smaller transactions. Once you’ve established a good history with another business, you can increase the amount you’re willing to charge via these pieces of plastic. Pros: Instant and trackable; can feature credit card cashback programs Cons: Incurs 2% to 3% transaction fees and meaningful risk of chargebacks and fraud SEE: 6 Best Payment Processing Companies ACH payments Automated Clearing House payments are a common method of pushing money between bank accounts in the U.S. This approach is cost-effective and secure. It’s ideal for recurring and one-time transactions. However, a sender must ensure sufficient cash in their bank account to start the process. This mandate makes it less flexible and advantageous than credit cards. Pros: Low transaction costs and reliability for recurring payments Cons: May take one- to three business days to process SEE: Best ACH Payment Processing for Businesses Digital wallets Digital wallets like PayPal, Stripe, and Square allow for faster transactions, making them increasingly popular in B2B payments. They can handle both domestic and international payments, offering convenience for smaller transactions or global demands. Pros: Quick and easy; suitable for international payments Cons: Higher transaction fees compared to ACH payments or bank transfers; less anti-fraud protection Trade credit and net terms Trade credit is a form of B2B financing where one business buys goods or services with the promise to pay later. Unsurprisingly, you’ll need to establish solid trust before granting this convenient arrangement. Many entities require upfront payment for the first transaction to start on the right foot. Then, later payments switch to trade credit up to a certain limit. If your client misses any payments, you’ll want to refrain from further business until the debt is resolved. Pros: Convenient; preserves clients’ working capital until payment is due Cons: Could lead to unpaid debts; requires trust and excess working capital on the supplier’s side In business parlance, this type of B2B payment method is where invoicing, accounts receivable, and accounts payable come in and involve terms like net 30, net 60, and net 90. Here’s a quick breakdown of common payment terms: Net 30: Payment due thirty days from the date of invoice. Most common B2B term. Net 60: Payment due sixty days from the date of invoice. Often used for larger transactions. Net 90:

TL;DR: Making smart business decisions can be tricky, so why not get assistance from SkillWee AI, a decision-making app that offers informed comparisons and decision simulations for only $49.99 (reg. $299)? Running a business is challenging, but knowing which decisions can benefit and grow your brand vs. destabilize it can be tricky if you’re not able to test strategies or compare options fully. Do you struggle with indecision? Let SkillWee AI assist. This decision-making app helps entrepreneurs make smarter business choices by letting you test business strategies in a risk-free environment for less than $50. Did you begin a startup and need to decide on funding? Or are you a small business owner needing to determine which growth strategy is best suited to your brand? Regardless of the scenario, SkillWee is designed to help you weigh your options more thoroughly and make wiser decisions. Think of it as a business strategy crystal ball. Check out how SkillWee may become the business decision partner you never knew you needed: Test strategies before taking action. The app lets you simulate real-world scenarios to explore various decision paths and see potential outcomes. Analyze risks and rewards from decisions: You’ll be able to ponder through the pros, cons, and long-term effects of each business decision you may make. SkillWee’s AI can offer recommendations for decisions needed for funding, hiring, leadership, and growth. Ask the app for insights on your decision-making. It’ll help you refine them and improve your choices, as well as help you improve your decision-making skills, whether you’re a business leader or manager. By using this app, you could gain skills similar to those of world business leaders, as well as those involved in higher-scale crisis management and strategic planning. Get lifetime access to the SkillWee AI-powered decision-making app, now just $49.99 while supplies last. SkillWee AI-Powered Decision-Making App: Lifetime Subscription StackSocial prices subject to change. source

Key takeaways: Pay by bank is an electronic exchange of funds that can be used for personal or commercial transactions. For individuals, the pay-by-bank method is popularly used for large, one-time money transfers. For businesses, pay-by-bank transactions are a great alternative to credit cards that charge merchants with much higher processing fees. The latest advancements in pay by bank include digital banking, which is slowly enabling real-time and cross-border exchange. 1 Pipedrive CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features 24/7 Customer Support, Analytics / Reports, API, and more 2 CrankWheel Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Analytics / Reports, API, Dashboard, and more What is pay by bank? Pay by bank is a secure payment method that allows direct bank transfers between individuals and/or businesses. It is also referred to as electronic bank transfers or EFT because the exchange of funds is done electronically between the sender’s and recipient’s banks. In the early days, pay by bank was commonly known as bank-to-bank, account-to-account (A2A), or direct bank transfer, as this payment method was used primarily for money transfers between two individuals. Eventually, pay by bank became a staple for B2Bs because it allows for clear paper trails. Consumers have also begun using electronic checks instead of the paper version to pay their bills. Today, the pay by bank method includes a modern C2B approach where customers pay merchants directly through online banking and mobile banking apps. Types of pay-by-bank methods Pay by bank includes everything from traditional ACH transactions to digital banking apps. Each option differs in processing speed and fees. Wire transfers: Simple bank-to-bank processes used for large-value transfers; best for one-time transactions. ATM payments: Bank transfers initiated from an ATM machine; best for one-time transactions IVR payments: Bank transfers conducted via a computerized transaction from a pay-by-phone or Interactive Voice Response (IVR) system; best for large, one-time transactions Debit card payments: Transactions completed by paying with a debit card to access the source of funds; best for small, frequent payments Digital wallet payments: Payments made by choosing a bank account that is linked to the digital wallet in order to complete transactions; best for small, frequent payments Local bank-to-bank or Global ACH: Bank transfers involving accounts that are located in the same country or region. Global ACH is possible if you have an account with a foreign bank that has a presence in your region or country. Best for small, occasional payments. ACH payments: Transfers that go through the ACH payment network. Exclusive to US banks. Direct deposit: Sender completes the transaction; used for employee paychecks, taxes, and echecks Direct payment: Both sender and receiver initiate and complete transactions ACH debit: For subscriptions/recurring payments ACH credit: Such as Zelle and Venmo In the US, the Automated Clearing House (ACH) network is composed of financial organization representatives that assume the role of processing, clearing, and settling all ACH and echeck payments. See: Best ACH Payment Processing for Businesses How do bank payments work? The personal pay-by-bank (individual bank transfers) process differs from commercial pay by bank (C2B, B2B) in terms of how transactions are initiated. However, the processing and clearing stages are mostly the same. In most cases, the receiver in individual bank-to-bank transfers does not request (or initiate) the payment. Meanwhile, commercial pay by bank transactions are often characterized by payment requests, such as an invoice. Step 1: Payment is initiated. For personal pay by banks: The customer chooses a pay-by-bank method and prepares a fund transfer request. For commercial pay by bank: The customer receives an invoice from the merchant, chooses a pay-by-bank method, and prepares the fund transfer request. Step 2: Sender transmits payment request to their bank. The sender chooses from one of the pay-by-bank types. For IVR and ATM payment type: The sender interacts with the IVR system or ATM machine by going through the prompts to process their payment request. For debit card payment type: The sender verifies the specified amount on the payment terminal and enters their PIN code on the PIN pad. For digital wallet payment type: The sender logs into the app and follows the prompt for sending payments. For all other pay-by-bank types: The sender fills out a form that specifies the transaction details as well as provides a notice of official authorization to complete the transaction. Step 3: Sender’s bank receives and processes the request. For all pay-by-bank payment types: The sender’s bank receives the payment and authorization request. The bank first verifies the identity of the account holder and then validates that the sender’s account has sufficient funds. For ACH and echecks: Once the bank verifies and validates the financial information, the funds and the transaction details are routed electronically to Nacha’s ACH network for clearing and forwarding to the recipient’s account. Step 4: If the request is approved, the bank initiates the fund transfer process. The sender’s bank debits the transaction amount for approved (and cleared for ACH and echecks) payment requests. The bank adjusts the sender’s fund balance and also notifies the sender that the request is successful in the form of a receipt. If the request is rejected, the sender is also notified and will have to choose a different payment method. For digital wallet, IVR, debit card, and ATM payment types: The approval or rejection notice is also displayed on the terminal screen in addition to a printed or emailed receipt. Step 5: Funds are credited to the recipient’s bank and the recipient is notified of the successful transaction. The recipient of the funds will get a notification by email from their bank once the transfer is successful. For debit card payments at the point of sale: Transaction records are kept and updated within the POS software. Note that fund transfer speed varies depending on the pay-by-bank type. Digital wallet, IVR, debit