Beginning September 15, same day ACH Debits will become a reality for financial institutions, payments providers, businesses, and consumers. Despite this looming transition, the majority of organizations are not prepared for offering this new service to their customers.
While NACHA’s move to faster payments offers substantial benefits to businesses and consumers, it should prompt a comprehensive review of your organization’s existing risk mitigation systems. Particularly at risk are service providers with high volumes of automated or customer-initiated debit payments. These include cell phone service providers, utilities, cable companies, insurance, and retailers, just to name a few.
When processing same-day ACH debits, there is little room for error on the side of processors. Speed is on the side of fraudsters who can take advantage of shortened settlement windows to bypass existing fraud prevention tools and defraud financial institutions, payment processors, and their customers. Many legacy account validation processes, including prenotes and trial deposits, will frequently fail to identify and prevent fraudulent debits, resulting in higher rates of unauthorized and administrative returns, fines and penalties, deteriorating customer experience, and unacceptably high fraud losses.
Organizations planning to offer same-day ACH debits need to update their existing systems and processes to validate both account status and ownership in real time in order to prevent a surge in fraud attempts and take steps to proactively reduce unauthorized and administrative returns before making same day debits available to customers.
NACHA predicts ACH Originators will generate approximately 1.4 billion same day ACH payments per year within ten years of implementation and rollout. Though there has not been a notable increase in fraud losses since same day credits were launched, same day debits represent a substantial risk to originating financial institutions (ODFIs) and their customers.
Debit transactions on the ACH network have historically been more susceptible to higher return rates than credit transactions, and the risks associated with debit transactions will be exacerbated by the transition from delayed payment to same day. The systems and processes that many payment providers currently have in place to identify potential fraudulent transactions are not adequate to defend against the increased risk associated with the move to same day settlement.
If your organization is planning to offer same-day ACH Debits to your customers, consider the following recommendations in order to smoothly facilitate same day payments without increasing the potential for higher return rates, fines and penalties, fraud losses, and customer complaints.
First, improve defenses against customer impersonation and account takeover with better customer intelligence. This can only be accomplished through a robust upfront validation of not only account status and account ownership, but also the consumer’s name, address, phone number, email, and social media. This provides a truly comprehensive view into the risk associated with that customer and gives a solid verification on their authority to transact on the account in question. If not, financial institutions and processors that solely rely only upon traditional fraud prevention systems, such as account status, will find themselves targeted by fraudsters who realize that the institution has no enhanced fraud prevention tools specifically designed for same day processing.
Second, automate and accelerate transaction reviews to enable faster risk analysis and transaction decision making. Many of the fraud reduction systems in use today are manual and housed independently in organizational silos that require hours, if not days, to identify risk. This makes a comprehensive, simultaneous screening that includes OFAC checking, identity verification, and payment validation impossible when moving to a same day environment.
Third, stop relying on customer-initiated transaction flagging as a stop-gap to prevent fraudulent or mistaken transfers. With the move to same day, most customers will no longer have time to identify suspicious debits and alert their financial institution or service provider before the payment is debited. This will require payment providers confirming account ownership and verifying transaction authority prior to the transaction being approved. Those organizations that continue to rely on customer reporting of suspicious transactions or that perform little or no account owner validation will experience record levels of both unauthorized and administrative returns.