Updates About COVID-19 (Coronavirus) - Learn More

Supplementing Fraud Detection Standards for WEB Debits Rule

2/16/2021 - By Janice Weisz, AAP

Currently, ACH originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud.  

Effective March 19, 2021, Nacha will enhance this rule to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.”

This enhanced Rule requires all originators, including ODFIs acting as the originator, to validate the account number to be used for the WEB debit, meaning that the account to be used is a legitimate, open account to which ACH entries may be posted at the RDFI.  

The supplemental requirement will apply to the first use of an account number, or changes to the account number. For existing WEB debit authorizations, the rule will be effective on a going-forward basis. Originators will have to perform account validations as there are updates to account numbers in existing authorizations.

The rule is neutral regarding specific methods or technologies used to validate first-use consumer account information.  Example methods to validate an account may include but are not limited to, the use of an ACH prenotification entry, ACH micro-transaction verification, or the use of a commercially available validation service.

Effective Date

The effective date is March 19, 2021; however, Nacha will not enforce this rule for an additional period of one year from the effective date with respect to covered entities that are working in good faith toward compliance, but that require additional time to implement solutions. Nacha strongly encourages all such covered entities to work towards compliance as soon as possible.

Impact to Participants

Originators

Originators of WEB debits may need to re-tool their ACH fraud detection systems to comply with the rule. Those originators of WEB debits that do not currently perform any fraud detection will need to implement a system to do so.

RDFIs

RDFIs may receive a greater volume of ACH prenotification, micro-transactions, or other account validation requests.

For more information, you can visit Nacha’s website at www.nacha.org/rules/supplementing-fraud-detection-standards-web-debits.

Staying in compliance can be challenging, if you have any questions or need assistance preparing for these new Nacha Rules, email me or a member of our Financial Institutions Team so we can help.

About the Author | Janice Weisz, AAP
Janice is a consultant in the Financial Institution Advisory Group at Saltmarsh, Cleaveland & Gund. Janice has been working with financial institutions since 2001 with an emphasis on operations, compliance, audit and internal controls. She currently provides ACH compliance, NACHA compliance, internal audit and other consulting services to the firm’s financial institution industry clients.


Related Posts

Contact Us

FORT WALTON BEACH
(850) 243-6713

ORLANDO
(407) 203-8990

NASHVILLE
(615) 661-0885

PENSACOLA
(850) 435-8300

TAMPA
(813) 287-1111

info@saltmarshcpa.com
(800) 477-7458

2020 Saltmarsh, Cleaveland & Gund • Privacy Policy

Stay Connected

Sign up to receive updates and important information from Saltmarsh!

FIRM FAST FACTS