Supplementing Fraud Detection Standards for WEB Debits
The effective date for an upcoming change in the Nacha Operating Rules is being extended by the Nacha Board of Directors. The WEB Debit Account Validation Rule now takes effect March 19, 2021, rather than Jan. 1, 2020. The rule was originally approved by Nacha members in November 2018. The Nacha Board of Directors approved the extension in effective date to allow for additional time, education and guidance to be provided to the industry. Additional information from Nacha will be forthcoming.
Currently, ACH Originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. This existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.
This Rule modifies the following areas of the Nacha Operating Rules:
Article Two, Subsection 220.127.116.11 (Additional ODFI Warranties for Debit WEB Entries) to make explicit that a fraudulent transaction detection system must, at a minimum, validate the account to be debited.
Effective Date: March 19, 2021
Possible re-tooling of ACH Originators’ fraud detection systems
Or implementation of a system for Originators who currently do not perform any fraud detection for WEB debits
These impacts could increase the cost of originating WEB debits for some parties
RDFIs could receive a greater volume of ACH prenotifications, micro-transactions, or other account validation requests
Some could be in lieu of receiving live-dollar transactions initially
There were 83 respondents to the Request for Comment. 80% of financial institution respondents supported adding account validation to WEB debit fraud screening, and that this should apply to the first use of an account number and subsequent account number changes.