New debit rules put banks in front of security loops

“Payment fraud is not limited to just one industry or company – it is widespread and ubiquitous. The scammers are getting more creative.” Paramita BhattacharjeeVP and Head of Product Line early warning servicesLLC to PYMNTS.

With the enactment of the new WEB Debit Account Validation Rule implemented by Nacha last year, account validation practices fully enter the digital age, preparing financial institutions (FIs) and corporations for real-time payments. At a high level, Bhattacharjee said, the Nacha-WEB debit rule was originally created to address fraud concerns in the automated clearing house (ACH) network.

As of last March, Nacha has mandated that all ACH originators of WEB direct debits include account validation as part of their anti-fraud efforts and initiatives. A series of extensions give an indication of how complex the technical lift was to improve account validation, she said, noting that the rule’s effective date of March 19, 2021 has been pushed back after an extension of the original date, March 1, 2021. January 2020, came. With the ongoing impact of COVID-19, perhaps unsurprisingly, businesses have needed more time to comply.

Nacha has also stated that she will not enforce the rule until a year after it was implemented in March 2021 – which is this month.

Also read: Nacha’s WEB Debit Account Validation Rule comes into effect

In terms of mechanics, the rule requires FIs to conduct account verification as part of anti-fraud initiatives.

“This applies to FIs,” Bhattacharjee said, “as well as corporations — and basically any organization of any size.”

Commercially sensible

These companies are required – by a rule formulated by Nacha and the Faster Payments Council in 2018 – to use a “commercially reasonable” fraudulent transaction detection system to deter companies from posting fraudulent, incorrect or unauthorized payments. These efforts will make payments safer, she said, while improving quality and improving risk management within the ACH network.

Importantly, using these fraud detection systems, supported by advanced technologies, enables FIs and other organizations to meet consumer demands for fast and smooth transactions.

As Bhattacharjee said, “The digital overdrive has been accelerated by the pandemic, and financial institutions are expanding their digital footprint while securing their environments.” She noted that during the pandemic, about a third of financial institutions have been hit by at least one type of ACH scam ( like most non-FI organizations), while consumers increasingly make more payments via the internet and mobile devices.

See also: For the banking industry, cloud migration is a question of when, not if

Many FIs, she said, may not have the internal resources needed to comply with the new rule, and many businesses and government agencies will only ask their customers to enter account and routing numbers for a payment. Companies that do not complete an account validation step will not comply with the new rule.

“If they haven’t created a project to be compliant, they have to prioritize all their resources very quickly,” she told PYMNTS. There are any number of use cases here – extending to payments, of course, but also to new account registrations and funding and linking for money movement.

Bhattacharjee said accounts could be validated through a variety of methods — manually or through micro-deposits. She pointed out that Early Warning has an account verification solution that leverages collaborative account information: Early Warning’s National Shared Database® resource.

“We can see if a person making a transaction has permission to do so on the account, if the account is open and active, if it’s a new account, and the status of the account, including a negative balance,” added her.

While validation runs in the background, if the right tools are in place, the forward-looking activities – in other words, the customer experience – should remain unchanged.

As more commerce goes online, scammers will see more attempts to compromise credentials through account takeovers and social engineering, she said.

Digital-first and digital-only banks attract more customers by making onboarding easier for them. And with social media marketing on the rise, scammers are targeting businesses that may not yet have robust controls or a lack of physical infrastructure to meet customers in person.

Over the course of 2022 and in the short and long term, she told PYMNTS: “We will see new developments of the Nacha WEB debit rule that take all these trends into account.”

Also read: Treasury Banking’s New To-Do List: Fraud Prevention, Digital Privacy, and Zero Friction



About: Forty-two percent of US consumers are more likely to open accounts with FIs that make it easy to automatically share their banking information during signup. The PYMNTS study Account opening and credit management in the digital environmentsurveyed 2,300 consumers to explore how FIs can use Open Banking to engage customers and create a better account opening experience.

Previous Government raises 951 bln rupees as yields see up 130bps - Journal
Next Maria Sharapova reacts to Russia and Vladimir Putin's invasion of Ukraine | Tennis 2022