Take On Payments

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

May 23, 2016


What Would Happen If the Lights Went Out for a Long, Long Time?

In 1859, a massive geomagnetic solar storm known as the Carrington Event caused extensive damage to telegraph systems and other nascent electrical devices worldwide. Telegraph lines sparked and telegraph operators could send and receive messages without the use of electric batteries. The Northern Lights lit up the sky in all of North America. Though not widely reported, on July 23, 2012 a massive cloud of solar material similar in magnitude to the Carrington storm erupted off the sun's surface, radiating out at 7.5 million miles per hour. Fortunately the impact of the solar storm missed Earth by nine days because of the Earth's orbit position.

One report estimates that a Carrington-level storm today could result in power outages affecting as many as 20–40 million Americans for a duration ranging from 16 days to two years at an economic cost of up to 2.5 trillion dollars. A research paper in Space Weather estimated the odds of a Carrington-level storm at about 12 percent over the next 10 years. Early warning of such a storm is possible since satellites can detect impending storms and have the potential to provide a minimum one-day warning before it hits Earth.

So what would happen if the lights went out in much of the United States because of such a cataclysmic event? One could anticipate serious disruption of electronic payments such as ACH, cards, and wire transfers in the affected areas and beyond. What would one do to facilitate commerce in such an emergency? Well, cash and, to a lesser degree, checks could come to the fore. Use of checks would be problematic given the electronification of checks, high risk of fraud, and overdrawn accounts if banking systems are not up and running. Cash would have fewer problems if it were on hand to distribute to the affected population. Perhaps cash accompanied by ration books could be used to mitigate hoarding.

For a low-probability extreme-impact event that results in cash becoming the only way, among existing payment instruments, for commerce to take place, what contingency plans are in place to ensure that consumers and businesses can obtain cash? Since the contingency systems we have in place to handle a future Hurricane Katrina or Hurricane Sandy are likely not sufficient for an extreme event of nationwide scale, some of the issues that need to be resolved include:

  • How does one ensure that sufficient cash is on hand during an emergency?
  • How is cash going to be distributed and accounted for along the supply chain with ATMs and bank offices and their core systems inoperable due to no electricity?

Addressing these questions and others involves a monumental effort, and I don't have a ready answer. Fortunately, cash solves the problem for small-scale, low-value payments during a long-term power outage. That is, during the immediate, in-person exchange, it is an instrument that doesn't require electricity, communication networks, or computers.

This and other major calamities have always made me concerned about the push in some quarters for a full transition to electronic payments at the expense of payments less reliant on electricity and our communication networks. As an engineer by training, it is in my nature to wonder what can go awry if failsafe systems aren't in place when the unexpected happens.

With the possibility of a catastrophic event in our lifetime, would you rather have cash in hand or a card/mobile app? As for me, I'm going to the bank to cash out my accounts and then on to the hardware store to buy a gas-powered electric generator. Just kidding, though I think serious consideration and appreciation is needed for the contingency aspects of cash when things invariably go awry.

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail  Payments Risk  Forum at the Atlanta Fed

May 23, 2016 in ACH, cards, checks, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 11, 2016


Combat Gear for Tax Season

Recently, a local newspaper reported on two ex-bankers who were sentenced for their roles in a two-year-long fraud scheme. These ex-bankers created fraudulent bank accounts, then generated more than 2,000 false tax returns totaling more than $2.8 million in fraudulent refunds. The IRS has plenty more stories of tax fraud to tell.

Currently, "file taxes" is number one on my to-do list, and maybe yours. Do you shiver considering the possibility a tax return in your name has already been filed by someone else? Criminals, organized or not, know they can earn a living by filing fake returns. Even a legitimate taxpayer who owes taxes can be a victim of identity theft tax (IDT) refund fraud, as defined by the Internal Revenue Service's (IRS) Security Summit. (Note: The Electronic Tax Administration Advisory Committee, which reports to Congress, calls IDT refund fraud stolen identity refund fraud, or SIRF).

Formed on March 19, 2015, the Security Summit joins the IRS, state departments of revenue, and members of the tax refund ecosystem to discuss ways to combat IDT refund fraud. The Summit currently has seven working groups, including one focused on refund authentication and fraud detection. We have blogged before on the importance of data analytics in detecting fraudulent filings; this working group is attempting to strengthen these data tools. The working group also laid out best practices for software providers in enhancing identity requirements and strengthening validation procedures. At the end of last year, Congress provided a big assist in these efforts by passing the Protecting Americans from Tax Hikes, or PATH, Act of 2015, which closes one of the biggest loopholes in the tax refund process by requiring employers to electronically file W-2 forms and 1099 forms with the IRS by January 31 of each year instead of March 31. This new requirement, which becomes effective in 2017, will allow federal and state taxing authorities to match returns with actual W-2s for the first time.

The Security Summit also has a Financial Services Working Group, which explores ways to prevent criminals from using stolen identification credentials to establish financial services products such as checking accounts and prepaid cards that would allow the criminal to access the proceeds of fraudulent returns. After all, fraud may not be realized until after processing the tax return. Refunds are distributed either by check or direct deposit via ACH, which can be sent to a prepaid account (card) or traditional bank account. The IRS can't determine which account type an ACH refund is destined for since routing number and account number aren't standardized by account type, nor is there a database of routing numbers to identify prepaid accounts. Some have suggested that knowing when it is a prepaid account could be helpful in risk rating the return before sending the refund. The Financial Services Working Group has developed a standard state ACH file-naming convention so that state tax refunds can be identified by the industry in order to apply enhanced fraud filtering. Suspicious state tax refund deposits can be detected based on amounts, name matching, account type, length of relationship, and volume of deposits or withdrawals. The new format standard will strengthen fraud control systems in that all tax refund deposits will be able to be further scrutinized.

The Security Summit has a total of seven working groups, and they have their work cut out for them. While I shiver to think I could be a victim to identity theft, I support the progressive efforts to stop this crime, especially in the pre-filing and pre-refund stages so the criminals can't see a reward for their efforts.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 11, 2016 in ACH, consumer fraud, fraud, identity theft | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 4, 2016


Same-Day ACH: A Call to Action

As my colleague recently blogged, there were standing-room only crowds during four sessions related to same-day ACH at an annual conference sponsored by EastPay and the Atlanta Fed. I moderated two of the sessions, which focused on operational and product opportunities available to financial institutions (FIs) in supporting faster payments.

My suspicion is that attendance was so heavy because many FIs still have a lot to do to get ready for faster payments. I was already aware of the lack of readiness among some of the processors that these FIs rely on so heavily. During one session, only a few hands were raised among 60 attendees when they were asked if they had been contacted by their processor about preparing for the September 2016 rollout. Of course, engagement is best when it's a two-way street. On the other side of things I have heard that processor training sessions devoted to supporting same-day ACH have been poorly attended. Additionally, FI session attendees indicated that no efforts were under way to educate corporate account holders about the looming service changes to ACH.

If my suspicions are right, the current state of things is troubling; the window of time left to prepare for Phase 1 is shrinking. September is less than six short months away.

Not being ready has some potentially serious, but avoidable, consequences for FIs and their account holders. Here are a few of the risks:

  • The two same-day submittal windows, which narrows the time between payment submittal and settlement, added to Phase 1 offer potentially greater risk of funds being sent out fraudulently as a result of corporate account takeovers unless FIs put proper controls in place to mitigate this risk. The potential for harm may be somewhat diminished given the individual transaction cap of $25,000.
  • Since the identification method for same-day payments relies on the requested settlement date using the Effective Entry Date field, some FIs could end up being surprised to learn their credits have settled sooner than they intended. Originators that have not been careful in selecting the settlement date will experience this "surprise."
  • If corporate originators inadvertently send same-day payments, such a mistake could prove costly. This is because the 5.2 cent same-day interbank fee, paid by the originating bank to the receiving bank, will likely be passed along to the originator. A corporate originator mistakenly sending same-day credit payments to 10,000 employees could incur an additional $520 fee plus any other upcharge associated with sending same-day payments.
  • Taxpayers may expect that just-in-time payments or late payments to avoid additional penalties can be made using same-day ACH to the IRS. As my colleague noted in the post I mentioned above, such payments will not be supported in Phase 1. Therefore, it is critical that FIs educate their account holders about this limitation.
  • Unless controls are put in place by their processors, FIs may have difficulty stopping same-day service to corporate account holders they judge to be too risky for sending same-day payments, or when agreements have not been put in place allowing corporate participation.
  • Since next-day ACH is the earliest settlement generally available today, some processors preclude using today's date as a settlement date. Unless this restriction is removed, originators would not be able to send same-day payments when Phase 1 service becomes available.

The risks outlined above are just some of the reasons FIs and their processors will want to be sure they are prepared for the September 23 deadline. Failure to do so could damage account holder relationships. NACHA, the regional payments associations, and the ACH operators offer a wealth of information on same-day ACH that all parties need to avail themselves of.

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 4, 2016 in ACH | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 14, 2016


Same-Day ACH: An NFAQ

The NFAQ—meaning "non-frequently asked question"—will come just a bit further down in this post. First, I need to say the Forum's prediction that same-day ACH would not be a huge hit this year may have been misunderstood. The prediction wasn't meant to say that the service wouldn't gain steam over time; it was more a comment about the type of lift the initiative could experience at the start. But if usage of same-day ACH even somewhat mirrors the level of enthusiasm and participation that attendees lavished on sessions that revolved around the topic at Information Interchange, an annual regional payments association conference sponsored by EastPay and the Atlanta Fed, same-day ACH could become a big hit.

The aforementioned annual payment conference featured four sessions related to same-day ACH. Attendance at each session was standing room only. Topics focused on everything from understanding and preparing for the change to promoting usage and enhancing payment services for customers of all types.

It was really good stuff, I must say, and I managed to squeeze in all but one of the sessions. In the last session, the moderator opened by asking the audience questions to test their knowledge of the rule change and to help panelists focus on what information might be most useful for informing and instructing attendees. The audience didn't miss a single question, which included a trick question about the dollar threshold for "IATs" or international transactions. (IATs aren't eligible, so there is no applicable dollar threshold related to these payment types.)

Perhaps the most important question of the day, which takes me to the NFAQ in the title, didn't get asked in the open sessions. However, a gentleman leaned over and asked me if U.S Treasury transactions were eligible. I didn't think so and told him that, but he pushed back and suddenly we were both unsure. So after a short back and forth with my colleagues, I pointed him to a definitive answer in the same-day FAQs on frbservices.org. It reads as follows:

Q: Will the federal government be participating in Same Day ACH at any phase of implementation?

A: At this time, the federal government will not be participating in phase 1 of the Same Day ACH implementation. Therefore, any entry originated from, or received by, the federal government will not be eligible for same day settlement and will continue to settle on a future date. Information regarding the federal government's participation in later implementation phases will be forthcoming.

I felt compelled to share this "NFAQ" because after asking others about their understanding of the matter, I found general awareness and understanding mixed, but largely incorrect. The distinction between federal government payments and other types of government payments (state government agency payments will be eligible for same-day ACH in phase 1) may be important and may not be as widely known as it should be.

By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed

March 14, 2016 in ACH | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 2, 2015


Will NACHA's Same-Day ACH Rules Change Be an Exception-Only Service, At Least in the Short Term?

In May 2015, the 40-plus voting members of NACHA contingently approved mandating the acceptance of domestic same-day ACH payments by receiving banks. The voting members approved a three-phase development lasting 18 months. The first phase, starting in September 2016, is limited to credit pushes, followed one year later by debit pulls in the second phase. All payments are subject to a $25,000 maximum. By the final phase in March 2018, receiving banks will be required to make credit payments available to the receiving account holder by 5 p.m. local time to the receiving bank. Funds availability in the earlier phases is by the receiving bank's end-of-processing day. The service offers both a morning and afternoon processing window. A same-day return-only service is offered at the end of the business day. Lastly, originating banks are obligated to pay a 5.2 cent fee for every payment to recover costs to receiving banks.

Last month, the Federal Reserve Board of Governors removed the contingent part of the above approval by allowing the participation of FedACH, which serves as an ACH operator on behalf of the Reserve Banks. Approval followed a review of comments submitted by the public, of which a preponderance of the responses was favorable to FedACH participating in the service.

This was not the first time NACHA tried to mandate same-day ACH. Back in August 2012, a ballot initiative to mandate acceptance failed to receive a supermajority required for passage. Failure was due to a variety of reasons, and it was difficult to discern one overriding reason.

I think that most observers would agree that the earlier rollout of the Fed's proprietary opt-in, same-day service in August 2010 and April 2013 set the groundwork for mandating same-day.

As with any collaborative organization like NACHA, compromises were needed to garner sufficient votes for passage. The compromises included:

  • Same-day payment eligibility rules change due to a multi-phase development cycle requiring one-and-half years to complete from start to finish.
  • Providing certainty to the receiver that funds availability will be expedited on the day of settlement as part of the final phase, rather than earlier, which only requires posting by the receiving bank's end-of-processing day. The bank's end-of-processing day can be as late as the morning of the following business day.
  • Delaying a debit service by one year after the rollout of the phase one credit service will, to the potential surprise of the payment originator, delay settlement of debits one business day later than would occur for credits.
  • Any payment amount over $25,000 will settle one business day later than the payment originator may have expected if the payment originator is not aware of the payment cap.

Given these compromises, what do you think financial institutions can do to accelerate broader adoption of same-day?

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 2, 2015 in ACH, regulations, regulators | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 27, 2015


Not Seeing a Tree for the Forest

For this blog's title, I confess to having pineapple-upside-down-caked the common adage "missing the forest for the trees." The thing is, I want to point to a particularly nice tree in the same day ACH (automated clearinghouse) forest. By torturing the adage I hope to inspire folks to deviate from the basic, same day forest flyover and focus on one tree. It seems to me it has not gotten all the attention due.

Those advocating for same day ACH generally tout the increased functionality or the economic benefits of the latest proposal. Another oft-mentioned benefit of the proposed rule change is that it may provide a bridge from today's payments to those of the future. However, tucked into the lush same day ACH forest is a hard-to-find risk abatement species. Allow me to point out some of its features.

Settlement—By reducing the settlement window, same day ACH reduces credit risk associated with the network ecosystem—both in terms of the length of time counterparties are exposed to settlement risk and, potentially, the total amounts of settlement risk. For sure, financial institutions will have more flexibility to better manage these circumstances.

Operations—Same day ACH provides additional processing windows that result in risk reduction opportunities. Operations managers gain the means to load balance or smooth processing volumes and may also be able to ease the pressure on deadlines. The additional processing windows can be thought of as de facto contingency alternatives and seem likely to yield a corresponding increase in reliability and quality for the ACH.

Returns—Expedited settlement means expedited return handling. same day ACH would provide the opportunity for receiving banks to return same day payments on that same day. Moreover, because return requirements are tied to settlement, any same day payment that needs to be returned to an originating bank will be received one banking day earlier than would have occurred without same day settlement. NACHA points out that exceptions may be identified sooner and returned sooner, which means resolution for more problems may begin sooner. They have described this as "a 'win-win' for all parties." It's hard to argue the point.

If it passes, same day ACH will improve the risk posture of financial institutions, benefiting both ACH payers and payees. As spring continues to unfurl, perhaps some of you will get to stroll through the woods. If you come across a particularly handsome dogwood or perhaps an eastern redbud, be reminded that the same day ACH ballot will pop later this spring. I'm keeping my fingers crossed that the woodsmen don't get to clear cut the forest this time and we don't lose any of the nice trees.

Photo of Julius Weyman By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed


April 27, 2015 in ACH, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b7c7809190970b

Listed below are links to blogs that reference Not Seeing a Tree for the Forest:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 22, 2014


New ACH Return Rate Threshold on the Horizon

In a December 2013 post, we asked the question, Is it the right time for lower ACH return rate thresholds? We can now say that the answer is "Yes." The voting membership of NACHA-The Electronic Payments Association recently approved a NACHA Operating Rule amendment that will reduce the unauthorized debit return rate threshold.

The process of returning payment transactions is a pain point for the receiving financial institutions that incur the costs of exception processing, which includes handling customer service inquiries and the returns. Unauthorized transactions are also a pain point for customers who have experienced such postings to their accounts. For the financial institution originating transactions on behalf of businesses and third-party customers, ongoing and proactive monitoring of return rates can help them quickly identify potential problems and determine if those problems have been addressed.

The NACHA Operating Rule amendment will reduce the threshold for returns of unauthorized debit entries from 1 percent to 0.5 percent, effective September 18, 2015. An originating depository financial institution will be subject to possible reporting and fines if they have an originator or third-party sender whose return rate for unauthorized debits exceeds the current threshold.

As NACHA states in its information on the new rule, this 0.5 percent threshold is more than 16 times higher than the average network return rate of 0.03 percent for unauthorized debit entries in 2013. This new threshold will continue to emphasize the importance of institutions focusing on high return rates and working with their customers to bring any excessive rates down. The amendment also establishes a review process for when returns for "administrative" or "overall return" reasons exceed certain levels. For administrative returns, this will be 3 percent, and for overall returns, it will be 15 percent. Administrative returns include debits returned for reasons such as closed account, invalid account number structure, or the account number not corresponding to an existing account. Overall returns for ACH debits include unauthorized and administrative reasons, as well as others such as insufficient funds and stop payments.

Unlike the unauthorized return threshold, breaching return rate levels for administrative and overall return reasons will not result in an automatic requirement to reduce the return rate or undergo a rules enforcement proceeding. Instead, exceeding these return rates will lead to a process to determine if the origination practices of a given originator or third-party sender need to be modified to achieve lower exception levels.

The timeframe for implementing this rule allows originating financial institutions to look carefully at their current return monitoring processes and determine whether customers are near these return rates and to put into place practices that would address problem areas. Will this new rule affect your due diligence processes? Does your current monitoring already show that your customers' return rates are lower than the new thresholds?

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 22, 2014 in ACH, debit cards, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b7c6dede57970b

Listed below are links to blogs that reference New ACH Return Rate Threshold on the Horizon:

Comments

What is the current NACHA guideline "threshold of returns for insufficient funds", the percentage?

Posted by: Bob Lewis | March 11, 2015 at 01:58 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 16, 2013


Is It the Right Time for Lower ACH Return Rate Thresholds?

Monitoring return rates for automated clearing house (ACH) transactions is an important element of a bank’s risk mitigation program for its business and third-party clients. Recently, NACHA issued a request for comment (RFC) that addresses proposed changes to return rate thresholds included in the NACHA Operating Rules.

The NACHA Operating Rules currently identify a return rate threshold for unauthorized debit entries of 1 percent. The threshold is intended to reduce unauthorized entries transmitted over the ACH network. The NACHA Operating Rules hold an originating depository financial institution (ODFI) that has an originator or third-party sender with an unauthorized return rate over 1 percent subject to ODFI reporting and possible fines if the rate of returns is not reduced in a timely fashion.

According to the RFC, the unauthorized debit return rate declined due to several risk management efforts—including the 1 percent threshold, established in 2008—from 0.06 percent in 2005 to 0.03 percent in 2012. These reduced numbers demonstrate that the monitoring of return rates by banks and other network participants helps to identify issues and leads to fewer problematic transactions.

This RFC proposes three changes to how the NACHA Operating Rules currently address return rate thresholds.

  • A reduction in the return rate threshold for unauthorized debit entries from 1 percent to 0.5 percent.
  • Establishment of a return rate threshold for data quality debit entries (such as invalid account number) of 3 percent.
  • Implementation of an overall debit return rate threshold of 15 percent.

NACHA had issued an RFC in spring 2011 that proposed changes similar to the first two listed items, but ACH participants did not provide sufficient support then and the changes were not implemented. It seems that the time may now be right. The RFC indicates that the environment for this proposal appears to have changed, with ACH participants expressing interest in looking at new thresholds. And the proposal for an overall debit return threshold stresses the need for banks to focus on their overall return rates in addition to specific return reasons.

Regardless of which thresholds are included in the NACHA Operating Rules, banks should monitor for any increase in returns. They should also understand the underlying cause and remedies that their business or processor customers are implementing. A bank focus on return issues is one element of a robust risk management program that helps to ensure the bank’s origination of high-quality payment transactions.

With this proposal on return rate thresholds, is your institution rethinking its internal policies for return rate monitoring?

Photo of Deborah ShawBy Deborah Shaw, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


December 16, 2013 in ACH, banks and banking, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b0317a3ef970d

Listed below are links to blogs that reference Is It the Right Time for Lower ACH Return Rate Thresholds?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 26, 2013


Caution, Online Payday Lender Ahead

Payday lenders offer consumers short-term unsecured loans with high fees and interest rates. Payday loans—also referred to as deposit advance loans or payday advances—are a form of credit that some consumers may find appealing for a number of reasons, including an inability to qualify for other credit sources. The borrower usually pays the loan back on the next payday—hence the term "payday loan"—which means the underwriting process typically includes a history of payroll and related employment records.

A growing number of payday lenders operate their businesses virtually. Consumers can obtain loans and authorize repayment of the loans and fees during the same online session. In a typical online payday loan scenario, a borrower obtains a loan and provides authorization for the lender to send Automated Clearing House (ACH) debits to the consumer's account at a later date for repayment. The payday lender's bank can originate the debits through the ACH network. Wire transfer and remotely created checks may be other payment options.

Both state and federal regulators are currently focusing on the payday lending industry to protect consumers from illegal payday loans. Payday lending practices are usually regulated on the state level. Some states prohibit payday lending, while others require lenders to be licensed and to comply with maximum fees, loan amounts, and interest rate caps, among other restrictions. On the federal level, the Dodd-Frank Act has given the Consumer Financial Protection Bureau the authority to address deceptive and abusive practices by payday lenders.

Payday lenders' banks should consider all the risks involved with working with online payday lenders. And they should make sure to incorporate due diligence techniques and to become familiar with the available tools.

Reputation, reputation, reputation
First, there is reputational risk. A payday lender's bank should be aware that a business relationship—including ACH origination activity—with a company making illegal payday loans can damage the bank's image. Reputation can suffer even if the bank is not complicit in the illegal activities of its payday lender customer. But once a financial institution determines that facilitating payments on behalf of online payday lenders falls within its risk management model, it should ensure compliance with applicable laws and regulations. Providing periodic reports on ACH customers to the bank's board of directors is one way to facilitate review of whether these customers' activities remain within the bank's risk management model. It is critical that the bank protect its reputation, as that affects every part of its business.

The importance of know-your-customer practices
The payday lender's bank should also develop and follow adequate due diligence procedures. ACH rules require—and regulatory guidance advises—that banks perform "know your customer" (KYC) due diligence. KYC includes a variety of activities such as assessing the nature of the online payday lender's activities, setting appropriate restrictions on the types of entries and exposure limits for the lender, and monitoring origination and return activity.

Due diligence steps can include: 1) identifying the business's principal owners, 2) reviewing ratings for the business from the Better Business Bureau, consumer complaint sites, and credit service companies, and 3) determining if there have been recent legal actions against the business. A thoughtful review of the lender's website, including the terms of the consumer's authorization agreement as well as promotional materials, is advised. These due diligence practices during onboarding and on an ongoing basis for all merchants—including online payday lenders—help the bank with setting and enforcing appropriate restrictions for the customer and therefore mitigate the risk of the bank discovering a problem when it is too late.

Mitigating problems by being proactive
Banks can develop tools that flag potential problems in-house or obtain them from vendors, ACH operators, or NACHA. In addition, incorporating a process to monitor transactions and returns to identify anomalies can be very useful. An anomaly could, for example, be a sudden uptick in returns or an unusual increase in origination volume or average dollar amount. Detecting anomalies can be a trigger to conduct further research with a customer.

Other tools can be NACHA's originator watch list and vendor-terminated originator databases, which can help banks identify customers that may warrant additional scrutiny. Periodic audits can also be a useful tool to identify rules compliance issues.

For a bank, protecting its reputation is paramount when it is considering offering payment services to high-risk originators like online payday lenders. It should exercise caution, performing risk-based due diligence on new customers and then diligently monitoring current customers so it can identify problems early and address them proactively.

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 26, 2013 in ACH, consumer protection, online banking fraud, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01901f04d739970b

Listed below are links to blogs that reference Caution, Online Payday Lender Ahead:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 1, 2012


Summer Is Gone, but ACH Fraud Remains

As the official summer came to an end this past Saturday, there was a noticeable change in the Atlanta weather that this runner was thrilled to greet. The heat and humidity of the past three months was replaced by cool and much drier air. Much like weather that changes with the seasons, the payments industry is continually evolving. Looking back through payments news over the summer, the industry experienced some shifts, most notably around mobile payments and digital wallets. However, at least one constant in payments grabbed the headlines yet again—a payments scam that could eventually lead to payments fraud.

In late June and early July, news broke of a scam that claimed President Obama or the federal government would help consumers pay their bills. In exchange for providing the scammers with personal data, such as social security number and bank routing and account numbers, consumers were given routing and account numbers to use to pay their bills. Interestingly, this scam went viral not because of scammers' actions, but through social media outlets as consumers caught up in the scam spread the word about “free money.” The routing numbers used in the scam actually turned out to be legitimate routing numbers of financial institutions—but the account numbers were invalid.

Ultimately, this scam negatively affected all involved: consumers, billers, originating depository financial institutions (ODFIs), and receiving depository financial institutions (RDFIs). Consumers' bills went unpaid, and some were saddled with late fees by their billers who had not received payments on time. ODFIs and RDFIs were left with thousands of returned items. Deborah Shaw, a managing director with NACHA, recently shared with us at the forum several procedures and policies for both ODFIs and RDFIs to consider in light of this scam:

  • ODFIs should review files for unusual patterns such as a high number of repeated routing and account number combinations.
  • ODFIs need to educate their business customers on the importance of communicating to consumers that ACH debit payments can be returned.
  • RDFIs should not delay the processing of returns, especially when there is a high volume of them. For most ACH debits, NACHA has a two-day deadline for returning the item back to the ODFI if the RDFI wants to use the ACH system for the return.
  • RDFIs must implement a methodology of monitoring returns so they can detect developing patterns.
  • RDFIs should develop a contingency plan for return volumes that significantly exceed their normal return volumes.

In addition to Deborah's suggestion, we believe that RDFIs should evaluate their systems to ensure that they can handle larger-than-normal return volumes. A large number of RDFIs still rely on manually keying returns; we suggest that these institutions consider developing an automated return process in light of these emerging risks. Further, RDFIs need to ensure that they are well-capitalized or able to access funds should they face a large debit from high return volumes and are unable to quickly return the items.

The seasons will continue to change and blow in new weather, the payments industry will continue to progress, and fraud will without a doubt continue to find its way into the ACH system. And while this fraud will evolve alongside the evolving payments industry, financial institutions can take steps to mitigate the business and financial impact of fraud by proactively instituting policies and procedures to quickly identify and return fraudulent transactions.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 1, 2012 in ACH, consumer fraud, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c32410708970b

Listed below are links to blogs that reference Summer Is Gone, but ACH Fraud Remains:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


May 2016


Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Archives


Categories


Powered by TypePad