An article from PaymentsSource points out that the new Nacha WEB Debit Account Validation rules may help reduce fraud in the age of faster payments but that much more can be done if the “commercially reasonable fraudulent transaction detection system” also validates other important aspects of the transaction. This includes payment history, particularly NSF or chargeback history; ownership, including matching ownership to the payment originator; and PII, including name, address, phone number, and email:
“Currently, ACH originators of web debit entries must use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. The supplemental requirement explicitly requires “account validation” to be a part of that detection system.
Many businesses, however, are not even deploying account validation measures — a basic and critical component of securing faster payments. This is unfortunate and likely to result in avoidable returns and losses.
The first step to reducing losses is to embrace the Nacha rule change as a welcome step in reducing unnecessary returns, which will in turn enhance fraud protections.
Second, to effectively reduce risk, businesses need to go beyond simply confirming whether an account number is valid.
While not explicitly detailed in Nacha’s account validation requirements, businesses that want to truly mitigate payments risk need to also validate status; payment history, particularly NSF or chargeback history; ownership, including matching ownership to the payment originator; and PII, including name, address, phone number, and email. These validations should occur prior to setting up a payment account, and initiating the first payment, as well as at every subsequent customer touchpoint, throughout the customer life cycle.
Adding this extra layer of validation will be critical to protecting payments as the number of transactions and volume over the network continue to increase.
By adding additional layers to the account validation process, businesses can better understand who they are distributing money to as well as calculate risk. These measures will also help businesses prevent some of the most prevalent fraud tactics, including identity fraud schemes, business email compromise and other social engineering scams.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group