return to blog page
skip to next post
What some companies don't realize, however, is that there is credit risk involved. Some people think ACH is similar to credit and debit transactions, where the transaction doesn't take place unless there is an "authorization" given by the debtor's bank. ACH transactions actually happen without such "authorization" thus creating risk. ACH credit risk is the risk that a party cannot provide the contracted funds necessary to settle the account. In other words, the originating bank is exposed to credit risk between the time it releases the ACH file to the Federal Reserve until the originator funds the account.
Because of this risk, most transactions are pre-funded, meaning that the funds from the debit are held for a set number of days, before the credits are released. Another means of risk mitigation is to hold a reserve at the bank or processing company. Many times, the company requesting ACH services is asked to provide financial information to ensure they have the financial capacity to cover the credit risk.
To give this a real-life example, let's take a look at direct deposit for a payroll. The funds for the entire payroll are debited from the employer and credited to the employee. The debit to the employer will take two (2) full business days to clear the employer's bank to ensure that the debit is not returned for NSF issues, account closed, or other issues. If the employer is debited on Thursday and the employees paid on Friday, the Originating Depository Financial Institution risks that the debit will be returned when the credits have already been released.
While the ACH network does carry risks, the advantages of the system are plentiful. With appropriate mitigation, both the sender and receiver of ACH transactions can reap the benefits from the secure, efficient and cost-effective system of the ACH network.
At minimum, PCI-DSS means that each merchant must complete a Self-Assessment Questionnaire, a series of questions about how the merchant stores, transmits and processes cardholder data. Depending on your merchant´s systems, you may also be required to have a Quarterly Network Scan. Both are designed to help identify gaps or deficiencies that could lead to a possible cardholder data breach. The last thing any merchant wants is their customer´s cardholder data stolen because they weren´t doing all they could to protect their customer´s information.
Did you know that the majority of card data theft cases occur at small retail locations, including land-line terminals? Improper storage of written credit card information, utilization of software that is not PCI compliant and use of unsecured voice over IP technology are just a few of the reasons that cardholder data is compromised.
Protecting cardholder data means not only protecting your customers but protecting your business. Cardholder data breaches result in heavy fines imposed to the merchant by all the payment brands involved. The merchant is also on the hook for paying for all the fraudulent transactions and losses suffered by their customers. For some businesses, these fines and increased charge-backs could mean going out of business. By taking the time to become PCI-DSS compliant the merchant can breathe a little easier, knowing they have taken measures to protect their customers and themselves while helping the customer feel confident that their data is safe at the merchant.
Merchants can´t run away from PCI-DSS compliance. No matter which processor the merchant chooses, PCI-DSS compliance is always there. Most processors, like InterceptEFT, provide a program to help their merchants become compliant and maintain that compliance. The goal is to help merchants safeguard data, help build customer trust and protect their business.
For more information about PCI-DSS compliance, visit these sites:
www.pcisecuritystandards.org
usa.visa.com/merchants/risk_management/cisp.html
What's risky about ACH?
by LeAnne Wilcox (Risk Analyst), June 28, 2010 No doubt, Direct Deposit and Direct Payment transactions via ACH make life much easier than doing business via check. It's convenient, safe and saves both money and time for both the sender and receiver.What some companies don't realize, however, is that there is credit risk involved. Some people think ACH is similar to credit and debit transactions, where the transaction doesn't take place unless there is an "authorization" given by the debtor's bank. ACH transactions actually happen without such "authorization" thus creating risk. ACH credit risk is the risk that a party cannot provide the contracted funds necessary to settle the account. In other words, the originating bank is exposed to credit risk between the time it releases the ACH file to the Federal Reserve until the originator funds the account.
Because of this risk, most transactions are pre-funded, meaning that the funds from the debit are held for a set number of days, before the credits are released. Another means of risk mitigation is to hold a reserve at the bank or processing company. Many times, the company requesting ACH services is asked to provide financial information to ensure they have the financial capacity to cover the credit risk.
To give this a real-life example, let's take a look at direct deposit for a payroll. The funds for the entire payroll are debited from the employer and credited to the employee. The debit to the employer will take two (2) full business days to clear the employer's bank to ensure that the debit is not returned for NSF issues, account closed, or other issues. If the employer is debited on Thursday and the employees paid on Friday, the Originating Depository Financial Institution risks that the debit will be returned when the credits have already been released.
While the ACH network does carry risks, the advantages of the system are plentiful. With appropriate mitigation, both the sender and receiver of ACH transactions can reap the benefits from the secure, efficient and cost-effective system of the ACH network.
Compliance is not a four-letter word.
by LeAnne Wilcox (Risk Analyst), Dec. 7, 2009 Compliance has a bad rap. You hear the word and everyone in the office shudders. Often it is seen as more work, more boxes to check, and more money out of our company pockets. Recently there has been a change in compliance requirements for all merchants that process, store or transmit cardholder data. The five payment brands (Visa, MasterCard, Discover, AMEX and JCB International) have now mandated that all merchants be compliant with Data Security Standards, otherwise known as PCI-DSS. Of course, it does mean a little more work and a little more money but the benefits are many, including customer confidence and protecting your business.At minimum, PCI-DSS means that each merchant must complete a Self-Assessment Questionnaire, a series of questions about how the merchant stores, transmits and processes cardholder data. Depending on your merchant´s systems, you may also be required to have a Quarterly Network Scan. Both are designed to help identify gaps or deficiencies that could lead to a possible cardholder data breach. The last thing any merchant wants is their customer´s cardholder data stolen because they weren´t doing all they could to protect their customer´s information.
Did you know that the majority of card data theft cases occur at small retail locations, including land-line terminals? Improper storage of written credit card information, utilization of software that is not PCI compliant and use of unsecured voice over IP technology are just a few of the reasons that cardholder data is compromised.
Protecting cardholder data means not only protecting your customers but protecting your business. Cardholder data breaches result in heavy fines imposed to the merchant by all the payment brands involved. The merchant is also on the hook for paying for all the fraudulent transactions and losses suffered by their customers. For some businesses, these fines and increased charge-backs could mean going out of business. By taking the time to become PCI-DSS compliant the merchant can breathe a little easier, knowing they have taken measures to protect their customers and themselves while helping the customer feel confident that their data is safe at the merchant.
Merchants can´t run away from PCI-DSS compliance. No matter which processor the merchant chooses, PCI-DSS compliance is always there. Most processors, like InterceptEFT, provide a program to help their merchants become compliant and maintain that compliance. The goal is to help merchants safeguard data, help build customer trust and protect their business.
For more information about PCI-DSS compliance, visit these sites:
www.pcisecuritystandards.org
usa.visa.com/merchants/risk_management/cisp.html