NACHA has updated its rules for protecting sensitive customer data for payments. Here’s how to stay on top of new regulations.

When it comes to handling sensitive customer data, security is very important. As a result, many regulators, such as the National Automated Clearinghouse Association, have specific guidelines on how to properly encrypt, access, and send customer data, according to Simple country.

NACHA itself, which manages ACH payments, recently updated its rules to help fight both bad actors and cybercriminals. These rules directly affect traders, who in turn will have to adjust their systems to meet the standards.

In order to better understand what these new rules entail and how merchants can follow them, ATM Marketplace interviewed Gary Barnett, CEO of PCI DSS compliance solutions provider Semafone Ltd.

Q. Why have the NACHA rules changed?

A. Over time, we have seen increasing efforts by bad actors and cybercriminals to commit fraud and steal financial information, especially in the past two years as digital payments have increased by 40% due to of their convenience in an increasingly online world. As more and more transactions are processed through digital channels, other guardrails must be put in place to maintain the integrity of these transactions.

This update of the guidelines is a major step in the right direction to better protect sensitive consumer data and minimize the risk of fraudulent activity.

Q. How will these rules affect customers / merchants during a transaction?

A. The rules will hold merchants more accountable for the accuracy and security of their customer data and personally identifiable information during a transaction. Additionally, merchants may need to revamp their fraud detection systems or implement technology to secure the entry of bank information to fully comply with the new ruling. As for customers, they may have additional verification steps in their buying process before they complete a transaction, but the majority of the impact will be on the merchant’s side.

Q. Why was it important to require customer account information to be validated prior to an ACH debit transaction?

A. According to NACHA, 6.8 billion payments were made on the Automated Clearing House Network during the third quarter of 2020, up 9% from the same period in 2019. Securing these payments is critical due to of their growing popularity with consumers. Additionally, Automated Clearing House (ACH) debit transactions (also known as electronic checks) are unique in that once customer authorization is given to the merchant, they can accept direct customer payment when due. . Because of this direct access to a checking account, it is essential that these types of transactions have more rigorous security controls such as account validation to minimize the risk of malicious activity. Bank details that have fallen into the wrong hands have devastating and often irreversible consequences. These new rules will improve the privacy of consumer data and help reduce fraud.

Q. How does this affect the payments industry?

A. Given the accelerated use of digital communication, this decision will be another stepping stone to ensure that transactions are both secure and convenient. Protecting customer data should be a top priority for all organizations that collect and store payment information, but not all organizations are equipped with the technology to meet these increasingly prevalent security mandates. Partnering with a payment solutions provider that supports these types of regulatory changes is the key to success. With these solutions, merchants can integrate technologies such as data masking that will not only help them comply by limiting exposure to sensitive data, but also protect the consumer in the process.

Q. What will be the impact of this decision on the customer experience?

A. When setting up an ACH transfer with a merchant, customers will likely face an additional step to validate their information, but will not take any further action after that. Overall, the customer will have an improved experience and the assurance that the merchants they work with are putting additional precautions and measures in place to ensure the security of ACH debit transactions. A recent Semafone survey of 1,000 U.S. consumers found that nearly half of consumers (47%) rate security and privacy as more important than ease of payment and the experience of making a purchase. . Only 14% of respondents felt that ease of payment and experience were more important. Security and privacy go hand in hand with the customer experience, and the decision will benefit all parties involved.

Q. How can this decision fight against digital payment fraud?

A. The ruling is yet another safeguard against payment fraud and as more transactions occur online, the demand for increased protection will continue to increase. It is likely that we will see more updates from NACHA targeting large financial institutions and merchants in the coming years, with more emphasis on personal privacy and security. However, merchants should not rely on NACHA or other regulatory changes to improve the security of their payments. Many technologies already exist to protect customer information for all types of digital payments. Merchants need to proactively adopt these solutions to protect their businesses and improve the customer experience.

Q.How does this new decision hold traders accountable?

A. Traders will be responsible for providing additional protection to their consumers. With the requirements to validate information before a transfer, merchants will need to adapt their current data collection practices to accommodate the added step. Many will also be forced to rethink their overall fraud detection systems to compensate for the additional security measures. Merchants who don’t have the technology in place to comply with the decision risk losing customers due to a lower experience than dealing with compliant retailers.

Q. You mention that more guide rails need to be added. What do you think they look like?

A. Requiring a customer’s account information to be validated prior to an ACH transfer is an important addition, but there is still a long way to go in this area to protect sensitive payment data and personal information. Particularly in call and contact centers, where many payments are made over the phone, agents need to be able to accurately validate a customer’s bank account information while remaining compliant with security protocols. This has proven to be a challenge with remote working models and new security gaps that have impacted the compliance and security landscape over the past year. These gaps must be filled with technology that reduces any chance that sensitive information will be captured other than what the customer intended. For example, using two-tone multi-frequency masking technology, customers can enter their banking information using their phone keypad. In addition to ensuring that an agent is safe from hearing or seeing sensitive customer information, the solution can automatically perform a verification process to confirm that the bank details provided are valid. Investing in these solutions for merchants and their contact centers far outweighs the risks of involving sensitive information.

Q.With this decision, what do you think about the future of the payments industry and what more needs to be done?

A.The future of payments is heading digital and there is no sign of this stopping. As part of this change, there are many different channels, such as phone calls, SMS / SMS, chat or social media, that allow customers to make payments. Switching between channels can create a disjointed journey for customers, which is why it is essential that merchants and payment centers pursue a consistent omnichannel strategy. This will allow them to serve customers in the channel of their choice and determine how they would like to pay for the products. This approach, coupled with continued efforts to strengthen security measures, will create a more positive customer experience and enable seamless digital interactions.

Source link

About The Author

Related Posts