Supplementing Fraud Detection Standards for WEB Debits

Effective Date

Rule Status

Rule Status

The effective date for an upcoming change in the Nacha Operating Rules is being extended by the Nacha Board of Directors. The WEB Debit Account Validation Rule now takes effect March 19, 2021, rather than Jan. 1, 2020. The rule was originally approved by Nacha members in November 2018. The Nacha Board of Directors approved the extension in effective date to allow for additional time, education and guidance to be provided to the industry. Additional information from Nacha will be forthcoming.
 

Details

Details

Currently, ACH Originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. This existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.

Technical

Technical

This Rule modifies the following areas of the Nacha Operating Rules:

Article Two, Subsection 2.5.17.4 (Additional ODFI Warranties for Debit WEB Entries) to make explicit that a fraudulent transaction detection system must, at a minimum, validate the account to be debited.

Impact

Impact

Effective Date: March 19, 2021

Potential Impacts:

  • Possible re-tooling of ACH Originators’ fraud detection systems

    • Or implementation of a system for Originators who currently do not perform any fraud detection for WEB debits

    • These impacts could increase the cost of originating WEB debits for some parties

  • RDFIs could receive a greater volume of ACH prenotifications, micro-transactions, or other account validation requests

    • Some could be in lieu of receiving live-dollar transactions initially

FAQs Section

FAQs Section
Coming soon

RFC Summary

RFC Summary

There were 83 respondents to the Request for Comment. 80% of financial institution respondents supported adding account validation to WEB debit fraud screening, and that this should apply to the first use of an account number and subsequent account number changes.