Every business wants to increase profitability while reducing losses, and Automated Clearinghouse (ACH) payments processing promises to accomplish both those goals. Using the service requires an enhanced understanding of the underlying technology, however, so a little learning before implementation can prevent future challenges, or at least reduce their severity.
Complexity Causes Challenges with ACH Processing
As simple as they look, ACH systems are actually a network of originators and receivers connected by layers of banking and intermediaries. Transactions begin with the originator, who sends the activity to its bank. The bank then activates an operator to sort that transaction and thousands of others into the varying payment pathways that eventually direct the trade to the appropriate receiver, which records the activity in the cardholder’s account. Each element of the system requires a security portal, and it is at the point of these security portals that most challenges arise.
Three Cures for Security Challenges
First and foremost, preventing security challenges is the best way to become, and remain, profitable. These days, competition in every industry is as high as it’s ever been, and even a quickly resolved security glitch still sends signals of cyber threats on that site. Consequently, NACHA, the National Automated Clearinghouse Association, recommends that every merchant that accesses ACH payment processes adopt these best practices to avoid the sting of a transaction gone wrong:
Encrypt All Outgoing Data
Encryption hides information generated by the originator that only becomes discoverable by programming held by the assigned receiver. Simple encryption includes an algorithm to scramble the data and a key that unlocks the puzzle and reassembles the data into its original form. Encryption is required for most merchants because they don’t operate in an otherwise secure environment such as a data center. Merchants that don’t use encryption risk breaches and data thefts that could easily put them out of business.
Authenticate All Transaction Participants
Fraudulent use of credit and debit cards cause billions of dollars of losses around the world each year. In many cases, those losses were avoidable; authentication of the participants at the beginning and end of the transaction would have assured safe passage. The process of authentication involves verifying the identity of the receiver by ensuring that the name given as the receiver corresponds to an actual, real-world identity. Additionally, authentication includes confirmation of the identity of the person giving the receiver’s information; the process should reveal if or when that entity is an imposter.
In on-site transactions, photo identification documents provide authentication. In digital transactions, the best practice for the authentication process is to use a Complex Device Identification (CDI) system. The CDI system uses one-time cookies that match a variety of characteristics such as device IP addresses, configurations, and geo-location to confirm identities.
Get Appropriate Authorization
Even when a card is authentic, the person using it may not have that authority. Simple authorization confirmation may be looking at a photo ID. However, as fraudsters learn from both successful and unsuccessful theft attempts, multifactor authorizations are becoming more popular as a deterrent to fraudulent activities.
Multifactor authorization uses multiple methods to confirm the consumer’s identity. Common practices that combine well together include requiring both a password and the responses to a pre-established set of security questions. Newer technologies are adding voice or fingerprint data to confirm an identity.
The future of online purchasing appears to be even brighter than its past, as more methods become available to facilitate swift, accurate transactions at any time from anywhere. Merchants of all sizes who use or intend to use ACH payment methods will avoid the challenges presented by fraudulent or erroneous transactions by staying abreast of all ACH developments and best practices.