Overview of the Rule Change:

Currently, ACH Originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. This existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.

      Frequently Asked Questions:

• What is the effective date for the upcoming Rule change?
  1. The effective date for the upcoming change is March 19, 2021.

This rule is intended to help prevent fraud on the ACH Network and protect financial institutions from posting fraudulent or incorrect unauthorized payments. Merchants and billers (and their processing partners) are in the best position to detect and prevent fraud related to payments they are initiating.

 

• What does Nacha mean by “validating” an account?
  1. At a minimum, the Originator must use a commercially reasonable means to determine that the account number to be used for the WEB debit is for a valid account – that is, that the account to be used is a legitimate, open account to which ACH entries may be posted at the RDFI.

 

• Are there methods of account validation that Nacha recognizes as sufficient?
  1. Examples of methods to validate an account may include, but are not limited to, the use of  ACH micro-transaction verification, use of a commercially available validation service (for example Forte Validate - learn more here), and use of account validation capabilities or services enabled by APIs.

 

Other options not listed above may also provide a commercially reasonable means to test an account for ACH use. As an example, use of a third-party that provides scoring information on the account status might be determined by some Originators to be a commercially reasonable option. Similarly, for others, an account with a proven history of prior successful payments may prove a sufficient means for validation for use of the account with a new WEB authorization.

• Do previously debited accounts need to be validated by a compliant fraud detection system? 
  • This requirement does not require a validation of previously debited accounts. Validation is required of all net new bank accounts and bank account updates or changes on current customer accounts. 

 

Nacha does not consider a fraudulent transaction detection system that does not include an account validation component as sufficient. 

 

Nacha recognizes that the concept of commercial reasonableness is dependent on each customer’s particular situation and how it compares to similarly situated Originators. Each Originator, in consultation with its own attorneys, risk department, or other advisors, will need to determine which account validation method meets the commercially reasonable standard for its own facts and circumstances.

Forte is a Nacha Preferred Partners and has a solution, Forte Validate, that meets the commercially reasonable standard for originators of WEB debits. 

To learn more about Forte Validate Solutions please contact your sales rep or email our Support Team at customerservice@forte.net for more guidance. 

 

 

For more information on the new Nacha rule or to access a full list of FAQs visit Nacha.org , Account Validation Resources