As automated clearinghouse volume increases, securing ACH payments is becoming more difficult, particularly because mobile-payment providers and businesses are increasing their use of ACH payments to achieve speedy processing.
NACHA, which oversees the nation’s ACH system, says ACH payments moved past 20 billion transactions valued at nearly $34 trillion in 2011.
And that is creating some security concerns. “Fraud and attempts at fraud have become more of an issue for companies, especially as we see corporate account takeovers increasing, and fraud can happen to any company–a large company or a small business,” says Nancy Atkinson, a senior analyst at Aite Group.
For tech firms that offer ACH-related technology, this is good news because many of these companies have been beefing up security to include more verification layers and checks on transaction integrity that banks can offer their clients (see story).
Fiserv Inc., for example, just released an expanded a version of PEP+, which turns check payments into ACH transactions. The service’s enhancement includes dual verification, which ensures proper controls to mitigate fraud and error in ACH transactions.
The enhanced PEP+ also will enable automated tracking to report on how the controls are performing. “It’s an automated way to require additional verifications for certain transactions,” says Bert Harkins, Fiserv senior vice president. Dual verification helps combat a scenario in which fraudsters obtaining access to account information attempt to create fake payments.
Using Fiserv’s dual verification, financial institutions can write rules that require additional verification to approve ACH transactions of a specific size or that involve a certain firm or party. The detection of ACH transactions or parties that require extra verification occurs electronically through Fiserv’s engine, and the approvals or other action can take place electronically.
Harkins contends the security threat is not necessarily increasing, though there is an effort to allow additional assurance of digital transaction integrity as processing speed and volume of ACH transactions increase.
This new technology is ensures there are safeguards, Harkins says. “There are concerns about any sort of system where customer data is passed from bank to bank,” he says. “Users of payment systems have access to information through an ACH file or transaction file.”
No specific regulation requires dual verification, but agencies such as the Federal Financial Institutions Examination Council support layered verification as a protective measure against digital payments fraud.
The increased security concerns for ACH payments come as more business-to-business and consumer payments use the ACH rails. NACHA reports consumer-initiated transactions grew 13.3% last year as financial institutions expanded direct payments made by consumers through ACH payments.
Web and mobile payments also are increasing, making up 16% of ACH volume. And business-to-business payments using addenda records (or remittance information) increased more than 12% as more firms seek the benefits of straight-through processing (see ACH overview).
What do you think about this? Send us your feedback. Click Here.