Supplementing Fraud Detection Standards for WEB Debits

This change to the NACHA Operating Rules will enhance quality and improve risk management within the ACH Network by supplementing the fraud detection standard for Internet-initiated (WEB) debits.

Detail Icon

Detailed Information

Currently, ACH Originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. This existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.

This Rule modifies the following areas of the NACHA Operating Rules:

Article Two, Subsection 2.5.17.4 (Additional ODFI Warranties for Debit WEB Entries) to make explicit that a fraudulent transaction detection system must, at a minimum, validate the account to be debited.

Effective Date: January 1, 2020

Potential Impacts:

  • Possible re-tooling of ACH Originators’ fraud detection systems
    • Or implementation of a system for Originators who currently do not perform any fraud detection for WEB debits
    • These impacts could increase the cost of originating WEB debits for some parties
  • RDFIs could receive a greater volume of ACH prenotifications, micro-transactions, or other account validation requests
    • Some could be in lieu of receiving live-dollar transactions initially

Coming soon

There were 83 respondents to the Request for Comment. 80% of financial institution respondents supported adding account validation to WEB debit fraud screening, and that this should apply to the first use of an account number and subsequent account number changes