Automated Clearing House (ACH) fraud is on the rise among criminal networks, and the increasing use of ACH data for electronic transactions means that companies collecting that data and expose it and them to increased risk. Enter ProPay, a credit card processing and electronic payment services company, which this month added encryption and tokenization of ACH data to its suite of ProtectPay services.
According to the FDIC, bank fraud involving electronic funds transfers rose to more than $120 million in the third quarter of 2009. That number is likely to rise, as ACH data does not have a standard of protection like payment cards do with PCI DSS.
“We started seeing that ACH fraud was taking off like a rocket,” said Chris Mark, executive vice president at ProPay for data security and compliance.
“ProPay is excited to extend its leadership role in providing simple, safe and affordable payment solutions to its customers by adding the ability to encrypt and tokenize ACH data,” said Greg Pesci, ProPay’s chief operating officer. “ACH data is increasingly a target of the hacking community.”
While it is now common practice to encrypt and tokenize transaction data from credit card and debit card payments, that is not yet the case with ACH transactions. ACH uses bank account numbers and routing numbers to collect payments online.
Mark explained that ACH data is, in some ways, even more dangerous than credit card information in the hands of criminals, noting that a criminal with your account and routing number can clean out your bank account.
“The continuing increase in bank account takeovers is a serious concern for banks and their customers,” said Avivah Litan, a technology analyst at research firm Gartner. “Clearly, protecting ACH data is equally, if not more important than protecting credit card data because there are fewer protections for consumers in the event that banking information is compromised.”
ProPay’s first-to-market ACH encryption and tokenization solution removes the headache by keeping customers’ sensitive information out of a merchant’s system entirely.
“The priority is to remove the risk to the merchant,” Mark said. “You can still be compliant and be at risk. Get rid of the data and you remove the risk.”
ProPay’s ProtectPay service achieves this because it removes an organization’s need to store, transmit or process sensitive ACH payment data. When a customer presses the “pay” button on an ecommerce site leveraging ProtectPay, the consumer is connected directly to ProPay.
The data is encrypted from the point of input through secure data transport, eliminating the possibility of data thieves putting sniffers on the network to extract clear text information. The encrypted data is sent to ProPay, which then processes and authorizes the payment. The merchant receives a token from ProPay representing the transaction.
ProPay’s ACH encryption and tokenization services can be used to collect payments and disburse funds via the ACH network. Organizations can use ProPay’s online interface, batch file processing or application programming interface (API). With the API, customers can easily integrate the service with their existing platform or Web site.
“We’ve had companies receive the API and within a couple days they’re testing,” said Scott Nelson, ProPay vice president of marketing.
Thor Olavsrud is a freelance writer and a former senior editor of InternetNews.com. He has covered operating systems, standards, telecom and security, among other technologies.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|