Safeguarding Your Business
Take Steps to Protect Your Organization
With ever-increasing means of alternative payments, especially through mobile devices and social commerce, you face the potential of increased risk of fraud or corporate account takeover.
Understanding, establishing and maintaining sound business practices is the key to protecting your organization, so NACHA strives to provide the knowledge and resources needed to guide you in managing your organizational risk.
- Sound Business Practices for Evaluating Customer Risk -This sound business practices document provides financial institutions with guidance on appropriate due diligence, at both the enterprise and ACH-specific level, before onboarding a new ACH Originator and on an ongoing basis to ensure that a financial institution has a thorough understanding of a business's potential risk profile.
WEB Standard Entry Class (SEC) code transactions, or Internet-Initiated/Mobile Entries, are one of the fastest growing areas of Direct Payment via ACH. As more organizations look for sound business practices and solutions to offer WEB payment options, NACHA developed eResources to support businesses and financial institutions in implementing and using the WEB code.
These eResources will help organizations broaden payment options for customers of all types, realize efficiencies of electronic payments, and have necessary guidance to fully understand ways to address compliance, security and risk factors. They seek to expand knowledge and understanding among all stakeholders in the industry, supporting effective implementation of WEB transactions.
- Encryption is a core technology that underpins the security of the ACH Network. The eResource, based on information gathered from industry professionals, underscores its value and generates greater awareness about the need for methods for all ACH Network participants to combat data threats and attack scenarios.
- Authentication in the ACH Network is a common challenge among all ACH Network participants, particularly for WEB transactions. The eResource covers relevant risk management requirements for WEB in an effort to help participants better understand authentication technologies that are available on the market.
- Authorization involves determining what information should be collected and retained so that there is adequate proof in the event that a transaction is challenged--a common challenge among ACH Network participants that originate or process WEB ACH consumer debit transactions. The ability to prove that a transaction was properly authorized is highly dependent on the attributes of the authorization process and any underlying processes used to validate identity, all of which may vary among institutions, transaction types and operating models.
Regulatory Guidance and Information
Payments-related regulatory guidance helps to ensure the security and efficient exchange of ACH transactions and other electronic payments. Regulatory bodies such as FinCEN, FFIEC, OCC and others issue and update guidance regularly, and it is important that financial institutions and other ACH Network participants are aware fof and understand the implications new regulations and guidance can have on their operations.
Today, fraud threats can take many forms. Threats and fraud can be perpetuated through cyber attacks, email compromise, account takeover, social engineering and even vendor impersonation fraud. While these threats are not about a direct compromise of the ACH Network or other payment systems, they exploit vulnerabilities or gaps in processes or procedures. NACHA is committed to helping financial institutions, businesses, other organizations and consumers protect themselves and prevent fraudulent activity.