Companies that provide automatic bank withdrawal payment options will need to implement an additional layer of security by Jan. 1, 2020.
NACHA, the Electronics Payments Association, passed a recent rule entitled, “Supplementing Fraud Detection Standards for WEB Debits” which affects any organization that processes ACH debits that are initiated by a consumer over the internet.
New NACHA rule explained
Currently NACHA requires a “commercially reasonable fraudulent transaction detection system” to ensure funds are being transmitted to the right account. The new rule makes it clear that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” This rule applies to an account’s first use and if any changes are made to an account number.
Companies are looking for innovative solutions to create the least inconvenience to customers while providing the toughest security.
Standard solutions that satisfy NACHA’s new rule:
- Completing a pre-notification on the first use of an account number which can delay the transaction up to three days.
- Performing micro-transactions which may delay transactions up to five days and require additional steps by the customer making the payment.
- Using a third party service to validate account information which can potentially increase costs for clients.
Next steps for your organization:
- Identify all the systems on campus that process ACH WEB Debits.
- If you’re working with outside payment vendors, begin the dialogue to see how they’re planning to comply with the new rule.
- If you have an internal system for processing ACH WEB Debits, begin researching options to ensure your institution is compliant with the new NACHA rule by Jan. 1, 2020.