Detecting fraudulent activities involving debit and credit card transactions is a worldwide concern. Despite the presence of current digital safeguards in the financial sector, payment institutions and banks continue to implement measures to further prevent anomalous transactions. These safety features and schemes may not always guarantee full fraud protection, but the sector is always evolving.
As one of the most automated processes in the financial technology sector, card fraud is also the most prevalent problem facing credit and debit card holders. This issue is so widespread that the Nilson report estimated more than USD$27.8 billion in losses due to card fraud in 2019.
To further prevent these losses, banks and financial companies have relied on data analytics, machine learning, and AI-driven methods to outsmart cyber attackers.
Data credibility assessment:
Machine algorithms can detect inconsistencies in paper documents, which are prone to human error and system records. Machines can now detect fraud by looking for missing values in a series of transactions and validating personal details through various sources.
Data analytics can also be used to detect potential fraudulent transactions. For instance, it can flag and ask for verification from people whose cards are used in payments done too far away from their addresses. With this development, consumers may now experience a safer online shopping experience.
Fraudulent transactions may come in the form of deliberate double transactions, charging customers twice the amount of money for a merchandise or service that was only availed one time. A machine learning approach can detect an erratic double transaction and a potential fraud with more precision.
At the same time, the Automated Clearing House (ACH), a digital funds-transfer mechanism covering banks and other financial institutions, has established its own methods in preventing ACH fraud. Put simply, ACH fraud happens when a particular account is accessed without the knowledge of the actual account holder. This typically occurs when a scammer gets a hold of the victim’s business checking account number and bank routing number.
With the said pieces of information, a fraudster can use the phone or the Internet in initiating unauthorized transactions on an unsuspecting victim’s behalf. Card fraud attempts involving ACH-enrolled accounts have become prevalent, prompting the National Automated Clearing House Association (NACHA) to set up additional safety guidelines concerning the prevention of fraudulent activities within the network.
Additional Fraud Protection Strategies
NACHA has approved changes in security rules to reduce fraud, and these rules are expected to take effect on March 19, 2021. With the COVID-19 pandemic, however, concerned institutions are requested to strictly enforce the rules by March 19, 2022.
Current NACHA guidelines state that ACH originators use ‘any commercially reasonable fraudulent transaction detection system’ to identify potential fraudulent transactions in ACH payments. At its core, the new NACHA rule for Internet payments or web debits requires accounts to be validated as an added layer of protection for all web payments across the ACH network.
Web debit originators are free to decide how to carry out the account validation rules to reduce fraud. But, these may be of interest:
Account validation service:
This involves the originator comparing the routing number and account information to a validated database of accounts. NACHA has an Account Validations Resource Center containing the details of merchants and third parties where this service is available. This resource, however, doesn’t contain all the customer details, so it may not be comprehensive and updated.
Account validation via API:
In this method, the originator connects securely to the customer’s bank and an application programming interface (API) to access the routing number and account from the client’s web banking interface. It won’t work unless the client shares their login credentials, which can lead to further concerns about privacy and security.
Prenotification entry transmission:
An originator may send a pre-notification entry to the ACH network to validate an account. You can still assume that the account is verified even if you don’t receive a return entry.
If you want a longer process, consider making a small deposit, typically a few cents, to a customer’s account, and wait for the latter’s confirmation of a successful deposit.
Whatever the size of your business, you’ll be impacted by the new NACHA rules as long as you collect any form of payment via phone or online channels.
However, because of potential data protection concerns, an originator accepting online payments would need to consult with a lawyer to determine the best form of account validation strategy that won’t put the organization at risk of a lawsuit.