Well, i don't know much about this but there are few things that i can say: -
Firstly KFISHER you said "The best thing I've been able to find is "look for the little lock symbol at the bottom of the screen," but that doesn't feel like a professional IT response I'd want to give to Finance. "

This doesn't really mean that the webserver you are accessing is secure, the best example that comes in my mind about this is HOTMAIL.com.

Depending on the policy of your orgranization I mean how much they can spent over this issue you can implement lots of techniques:
1) You can ask ur partners about the tunneling. PPTP
2) Encryption.
3) Digital signatures and certificates. You can go for verisign for this.
4) The best protocol for you scenario is using SET protocol i.e. Secure Electronic Transaction Protocol.