Complying with faster pay rules is not enough to prevent fraud
The demand for faster payments speed and volume has surged over the past year. And with it, there has been a significant rise in cases of fraudulent activity, highlighting the need for the forthcoming Nacha WEB Debit Account Validation. The updated regulation is a significant step in minimizing payments risk, which can be enhanced with additional fraud prevention tools.
Automated clearing house payments have grown increasingly prevalent, particularly as more transactions and accounts moved online during the pandemic.
Nacha reported its network volume reached 13 billion payments in the first half of 2020— almost a billion more compared with the same period in 2019. Speedy transaction demands also contributed to the network’s 37% jump in same-day ACH volume in 2020’s second quarter from the year-earlier period.
At the same time, businesses continue to demonstrate that they are no match for criminals’ swift ability to hijack vulnerable personally identifiable information or socially engineer victims into payments fraud.
Nacha’s pending Supplementing Fraud Detection Standards for WEB Debits rule, which takes effect March 19, 2021, is a good first step in preventing administrative returns and potential fraud losses — but some gaps remain.
Currently, ACH originators of web debit entries must use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. The supplemental requirement explicitly requires “account validation” to be a part of that detection system.
Many businesses, however, are not even deploying account validation measures — a basic and critical component of securing faster payments. This is unfortunate and likely to result in avoidable returns and losses.
The first step to reducing losses is to embrace the Nacha rule change as a welcome step in reducing unnecessary returns, which will in turn enhance fraud protections.
Second, to effectively reduce risk, businesses need to go beyond simply confirming whether an account number is valid.
While not explicitly detailed in Nacha’s account validation requirements, businesses that want to truly mitigate payments risk need to also validate status; payment history, particularly NSF or chargeback history; ownership, including matching ownership to the payment originator; and PII, including name, address, phone number, and email. These validations should occur prior to setting up a payment account, and initiating the first payment, as well as at every subsequent customer touchpoint, throughout the customer life cycle.
Adding this extra layer of validation will be critical to protecting payments as the number of transactions and volume over the network continue to increase.
By adding additional layers to the account validation process, businesses can better understand who they are distributing money to as well as calculate risk. These measures will also help businesses prevent some of the most prevalent fraud tactics, including identity fraud schemes, business email compromise and other social engineering scams.