Validating account information is key to ensuring ACH payments continue to be safe and reliable.
In a recent PaymentsJournal podcast, Rob Unger, Associate Managing Director of ACH Network Development at Nacha, spoke with Elisa Tavilla, Director of Debit Payments at Javelin Strategy & Research, about payment innovations to help safeguard banks and consumers. They discussed how Phixius by Nacha helps financial institutions and fintechs verify bank information to mitigate risk, reduce costs and meet compliance requirements.
Collaboration Is the Key
As ACH payments grow in volume it is important to ensure these payments are accurate and safeguarded as well. As the bad actors come up with more sophisticated scams, it’s important for participants to stay ahead of these new risks to ensure optimal security for payments.
“Collaboration is the key,” said Unger. “By working together and sharing information, the entire industry could not only reduce risk but also create new risk mitigation tools to enhance security.”
“There is no standard way of validating accounts in the U.S.,” said Tavilla. “We have some folks using micro deposits, screen scraping and several other methods, which creates a clunky customer experience. Having something that’s more standard and consistent would make for an easier and more convenient way to pay.”
Phixius by Nacha
Created and operated by Nacha, Phixius uses standardized APIs so customers can validate accounts with validation sources. Phixius is a peer-to-peer network where participants can exchange and verify payment-related information quickly and securely.
Specifically, Phixius participants can verify routing and account numbers, as well as any associated names on the account, and will soon be able to evaluate the related ACH return history before executing payments. The goal is to simplify the spider web of connections that organizations must maintain.
“If you want to increase coverage, you have to go to multiple options and multiple providers, which entails multiple contracts, different API standards, and different API gateways,” said Unger. “We’re looking to simplify that friction and be that connective tissue.”
Phixius has successfully validated information for more than 4 million accounts since its debut in March 2021. Its first use case involved helping organizations comply with Nacha’s WEB Debit Account Validation Rule. Whenever a biller or other payment originator sees the authorization for an account number for the first time, the rule requires that entity to validate that the account has been opened.
While participants are welcome to share information, Phixius does not require connected banks and fintechs to provide information to access the Phixius services. However, a new, optional API will soon facilitate the sharing of information related to ACH returns, giving the entire community further insight into potential fraud or suspicious activity.
As organizations assess their need to validate accounts, the waterfall approach can be very valuable. “Phixius very much fits into that,” said Unger. “You can ping Phixius and get responses from multiple sources. But if it’s a very high-risk payment, you may need to consider other tactics to de-risk that payment.”
Who Can Benefit from Phixius?
Direct customers of Phixius are credentialed service providers, fintechs and banks providing services downstream, as well as their customers, businesses and consumers trying to be compliant with the Nacha web validation rule or that have other use cases around risk mitigation.
“These capabilities would also be helpful with the newer debit payment methods and technology that continued to evolve,” said Tavilla. “The account validation piece and a frictionless experience would be key in increasing adoption for these newer payment methods and achieving scale.”
As a one-stop shop, Phixius is particularly valuable for many smaller financial institutions that rely on third-party service providers because they might not have the in-house resources to conduct their own risk mitigation. Phixius’ partnership with Aliaswire is designed to serve businesses with smaller account verification needs.
“Every ACH originator has a wealth of information in the ACH return file,” said Unger.
“Every day as you send your payments out, you get returns that may include one of 70-some reasons why payments can’t be posted. That’s very valuable information. Our community said, ‘I’d like to be able to share that information.’ When an originator experiences some kind of fraud, they’ll certainly contact their bank and maybe law enforcement. But meanwhile, the community doesn’t know about this, and fraudsters are not just attacking one entity. That’s what this new API is designed to address.”