New debit rules pose security challenges for banks
“Payment fraud is not localized to one industry or one company — it is widespread and pervasive. Fraudsters are getting more and more creative,” Paramita Bhattacharjeevice president and product line manager at Early warning servicesLLC told PYMNTS.
As the new WEB debit account validation rule implemented by Nacha came into effect last year, account validation practices are moving fully into the digital age, preparing financial institutions (FIs) and businesses for real-time payments. At a high level, Bhattacharjee said, the Nacha WEB debit rule was created initially to address fraud concerns on the Automated Clearing House (ACH) network.
Since last March, Nacha has required all ACH originators of WEB debit entries to include account validation as part of their anti-fraud efforts and initiatives. A series of extensions gives an idea of the complexity of the technical lift to improve account validation, she said, noting that the effective date of March 19, 2021 came after an extension of the original date of January 1, 2020. Organizations, perhaps unsurprisingly, needed more time to comply, given the lingering impact of COVID-19.
Nacha also said she would not apply the rule until a year after the March 2021 implementation – which means, well, this month.
Read also: Nacha’s WEB Debit Account Validation Rule Goes Into Effect
Mechanically, the rule requires FIs to perform account verification as part of anti-fraud initiatives.
“This applies to financial institutions,” Bhattacharjee said, “as well as businesses – and basically any organization of any size.”
These entities are mandated – through a rule formulated by Nacha and the Faster Payments Council in 2018 – to use a “commercially reasonable” fraudulent transaction detection system in an effort to prevent companies from posting fraudulent payments. , incorrect or unauthorized. These efforts will make payments more secure, she said, while improving quality and risk management within the ACH Network.
Importantly, the use of these fraud detection systems, backed by advanced technologies, enables FIs and other organizations to meet consumer demands for fast and frictionless transactions.
As Bhattacharjee put it, “digital overdrive has been accelerated by the pandemic and financial institutions are increasing their digital footprint while securing their environment.” During the pandemic, she noted, about a third of FIs have been impacted by at least one type of ACH fraud (like most non-FI organizations), as consumers increasingly make payments over the internet. and on mobile devices.
See also: For the banking industry, migrating to the cloud is a matter of when, not if
Many financial institutions, she said, may not have the internal resources to comply with the new rule, and many businesses and government entities only require their customers to enter account numbers and details. routing for a payment. Businesses that do not complete an account validation step will not be compliant with the new rule.
“If they haven’t created a project to get compliant, they’ll have to prioritize all of their resources very quickly,” she told PYMNTS. There are a number of use cases here – covering payments, of course, but also sign-ups for new accounts and funding and links for the movement of money.
Bhattacharjee said accounts could be validated by several methods – manually or by micro-deposits. She noted that Early Warning has an account verification solution that leverages collaborative account information: Early Warning’s National Shared Database® resource.
“We can see if someone transacting is authorized to do so on the account, if the account is open and active, if it is a new account and the status of the account, including whether it has a negative balance,” she added.
While validation happens in the background, she said, front-end activities — in other words, the customer experience — should remain unchanged if the proper tools are in place.
As commerce grows online, she said, we will see more and more attempts by fraudsters to compromise credentials through account takeovers and social engineering.
Digital-first and digital-only banks attract more customers by making it easier to onboard. And with the rise of social media marketing, scammers are targeting companies that may not yet have strong controls or lack the physical infrastructure to meet customers face-to-face.
As 2022 approaches, and in the short and long term, she told PYMNTS, “we will see new evolutions of the Nacha WEB debit rule that will take into account all these trends”.
Read also: New Treasury Banking To-Do List: Fraud Prevention, Digital Privacy and Zero Friction