Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 13, 2010
Numbers don't back up fears about WEB and TEL
Recently, I got word that many banks, particularly small banks, may be bypassing the opportunity to market certain ACH origination services to their corporate customers because they are concerned about the underlying potential for fraud. In particular, banks may be holding back on offering debit origination services to companies selling services or accepting bill payments over the web or telephone. These are recognized as WEB or TEL entries in the parlance of ACH.
Certainly, conscientious, well-controlled financial institutions should be concerned about ensuring that they are not party to fraudulent transactions through the ACH. However, there is nothing inherently risky about WEB and TEL entries compared to any other types of transactions. In fact, in recent presentations, the NACHA-The Electronic Payments Association has revealed encouraging long-term trends with regard to a key statistic in sensing fraud: the level of unauthorized ACH returns.
WEB and TEL return data are favorable
Data collected from the Federal Reserve and the Clearing House Payments Company—the two ACH operators—and aggregated by NACHA show that the overall return rate for WEB transactions stands at 0.03 percent, or three transactions in every 10,000, as of the second quarter of 2010. Interestingly, this rate is actually slightly lower than the rate for all preauthorized debits—such as insurance premiums, car payments, and health club fees—which stands at 0.04 percent over the same period.
For TEL transactions, the rate is somewhat higher at 0.11 percent, or 11 returns for every 10,000 transactions. This higher rate may stem from the fact that a good percentage of TEL transactions flow from telemarketing activities that are sometimes fraudulent or sometimes characterized by "buyer's remorse." In contrast, Federal Reserve data show that return rates for check collection—a business generally thought to be safe by most banks—average something less than 1.0 percent. The point here is that data shows that ACH WEB and TEL transactions do not appear to be risky by common transaction processing measures.
Knowing the customer is still critical
As with all account relationships held by financial institutions, a small dose of due diligence can go a long way to help ensure that an institution does not engage with a fraudulent firm. This "know your customer" process, if applied regularly, can diminish any significant chance of experiencing ACH fraud for TEL transactions. For that matter, the same due diligence is necessary for remote deposit capture, remotely created check relationships, and credit card services. In addition, both the Federal Reserve and the Clearing House offer originating depository financial institutions ACH risk management and monitoring services that allow a bank to quickly detect any dangerous trends in unauthorized return experience. In fact, the Federal Reserve service allows originating financial institutions to reduce their risk exposure by establishing debit and credit origination limits on any of their corporate originators as part of their overall risk management program.
The only thing we have to fear...
It's possible that some of the concerns that small banks have regarding these transactions stem from recent news reports. Some corporations that have fallen victim to so-called account takeovers have accused their banks of not doing enough to help them detect fraudulent activity in their ACH-originated payroll files. As most professionals know by now, Internet-based criminals use the account takeover scheme to insert malware into a company's system through e-mail, spam, or some other vehicle. Banks are still wrestling with ways to help their clients monitor such files, and ACH operators do not have any specific services in place yet to help the banks do this. However, WEB and TEL transactions involve the origination of debit transactions, not credit transactions, as is generally the case with account takeovers.
Small banks may also not be originating WEB and TEL transactions simply because many smaller companies, utilities, manufacturers, and retailers are not yet offering web-based payment services. In essence, the market for selling such services is limited, but it's clear that over time more and more small companies will be able to offer these payment services and will be asking their banks to support ACH WEB and TEL originations. And really, given the data and controls noted above, "The only thing we have to fear is fear itself," to quote a famous president.
Marie Curie said it a little differently: "Nothing in life is to be feared. It is only to be understood." It is important to be risk-conscious, but it is also important to understand the available data and controls for informing decisions about ACH services that could represent opportunities to service a customer's changing needs better.
By Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Numbers don't back up fears about WEB and TEL:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud