Among the highest ideals for digital payments – driving innovation in transactions and customer experience – is, of course, the concept of seamlessness. That implies an ease of use while giving up nothing when it comes to security. Getting there is a long road with many twists and turns, with guidance provided not only by back-end technology but also by updated rules from organizations with a governing role across the payments industry.
In a new PYMNTS interview, David Barnhardt, executive vice president of product at GIACT, which offers fraud detection and account validation tools, talks about an upcoming change by NACHA, national administrator of the ACH network, to make internet-initiated debit transactions (WEB debits) safer and more seamless. The rule change not only could bring more work for financial institutions and payment service providers, but also underscores the effort needed to bring more payments into the digital age with faster speed and more security — all part of that general ideal. The rule change is the subject of a recent white paper published by GIACT.
New NACHA Rule
For a rule that comes into effect on January 1, 2020, NACHA says that “ACH originators of WEB debit entries are required to use a commercially reasonable fraudulent transaction detection system to screen WEB debits for fraud.” The organization adds that “this existing screening requirement will be supplemented to make it explicit that account validation is part of a commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.
The purpose of the new rule, according to NACHA, is to “enhance quality and improve risk management within the ACH network by supplementing the fraud detection standard for internet-initiated (WEB) debits.”
In short, the new rule might require companies that deal with ACH payments to retool their fraud detection systems. How much effort will that require, then?
According to Barnhardt, it “really depends on the company.” Large companies, those that are “accepting millions upon millions of payments weekly or monthly,” are likely to already have in place “some type of account validation” that at least approaches that new NACHA standard for WEB debits. For smaller operations, the job might be more challenging “to demonstrate that they are complying” by the rule deadline date.
The new account validation protocols from NACHA, he told PYMNTS, will “shine a light on the process” used by companies to detect fraud and secure these types of transactions. The key parts of knowledge are who owns the account and who has the right to transact, he said. The new rule is part of the overall effort to better meet consumer demands for “fast, frictionless payments,” Barnhardt noted.
Quick, Secure Validation
Quick and secure ID and account validation, of course, is all the rage in digital payments and commerce. Consumer activity is becoming more global and mobile – and quicker, as real-time payment infrastructure spreads throughout the world – while, at the same time, fraudsters are becoming more organized and sophisticated. Staying a step ahead of those criminals while providing a speedy payment experience is among the keys to thriving in the growing global digital economy. And doing so depends on data – not only the collection of the most useful information, but also its proper analysis and deployment, while conforming to the NACHA WEB debit rule.
Simply put, that means ensuring pieces of data such as customer email addresses and mobile phone numbers – data points that help with the overall effort of account validation – “fit in line with the overall digital DNA of customers,” Barnhardt said. “It’s kind of like assembling the pieces of a puzzle to [achieve] a complete picture.”
Biometrics, too, promise to play a bigger role going forward – especially as mainstream consumers are becoming accustomed to using thumbprints and facial recognition (including via selfie) to access financial services apps. Even so, “there is still very much that needs to be done on the back end to identify and prevent fraudulent enrollment,” he noted. “If you don’t enroll customers properly, you’ll be limited in terms of what innovative customer services you can roll out in the future.”
Often, too, putting up a proper defense against fraud – and this certainly holds true as the NACHA WEB debit deadline looms – comes down to what Barnhardt described as “one or two pieces of non-traditional data” that help to authenticate legitimate consumers and validate their accounts.
“In today’s world, it’s all about having the customer experience without the high customer abandonment rate,” he said.