The Fraud Blog with Tracy Kitten

Payments Without Card Numbers

NACHA Launches an ACH Payments Alternative
Payments Without Card Numbers

Payments security comes up quite a bit these days. From mobile payments to the U.S. EMV chip migration to tokenization and end-to-end encryption, the payments space is evolving. In many ways, the United States is working to catch up with Europe, and facilitate a more open and global payments infrastructure.

I had some interesting payments conversations earlier this month that followed that vein of thinking. A conversation with NACHA - The Electronic Payments Association, in particular, stands out. During the Mobile Financial Services Forum (@Twitter #MobileForum) in Arlington, Va., I caught up with George Throckmorton, the managing director of NACHA's Advanced Payments Solutions. During one of the forum's networking events, Throckmorton started telling me about a new payments service NACHA has been piloting -- a service that relies on the rails of the Automated Clearing House for one-time payments.

What makes the service so intriguing? It takes debit and credit out of the equation.

Called Secure Vault Payments, the service works like a one-time credit a consumer might make over the Internet to his or her financial institution. The difference: With Secure Vault, the consumer makes a one-time payment to an online merchant. It's a direct payment, facilitated through the financial institution. And since credit and debit are taken out of the equation, so, too, is interchange, as well as the need for the consumer to provide the merchant with personal financial information.

"For one-time payments over the Internet, typically, debit and credit cards are used," Throckmorton says. "But some consumers felt unsafe, so some billers have made a decision to offer an alternative way for consumers to pay."

So, the online merchant signs up for Secure Vault Payments, which NACHA is powering through eWise, a payments and online financial solutions provider. In order for the consumer to make a purchase via Secure Vault, his or her banking institution also would have to be on the Secure Vault platform. Assuming all parties are onboard, when the consumer initiates an online purchase, rather than entering credit or debit card information at the checkout, he selects the name of his financial institution from a drop-down Secure Vault Payments provider menu. The payments switch, which the bank or credit union is directly linked to by way of Secure Vault, creates a token and then sends an XML message, asking the institution to validate the token.

The transaction is not directly linked to the online bank account; the banking institution just has to approve the transaction and send the money to the merchant. Thus, the merchant has no need to collect any financial information, and that's OK. The merchant knows it will get paid, because the transaction is not batched. It's a guaranteed payment.

"We believe that the ACH network is strong enough to provide these types of payments," Throckmorton says. "The ACH network could expand. And our role at NACHA is not going to change."

That makes sense. But there has to be something in it for the bank and NACHA, right? On each Secure Vault transaction, a flat 1.35 percent is paid by the merchant to the bank. "We call that an authorization fee," Throckmorton says. EWise collects a flat-rate fee that cannot exceed 6 cents per transaction, and NACHA gets a penny.

Throckmorton is quick to point out that NACHA is not trying to undermine or replace credit-card or debit transactions. The association is merely offering an alternative to fill a niche, Throckmorton says. The 18-month Secure Vault Payments pilot is wrapping up, and NACHA expects to fully launch the platform Dec. 1. EWise has been charged with selling Secure Vault Platform services to banks and merchants.

It's very interesting, and I think it has some worth. Everybody wins, and it is secure. Unlike PayPal, which requires users to provide debit information, Secure Vault requires no financial information from the consumer. All of that consumer financial information is retained and managed by the bank. The bank integrates everything, making the transaction more secure for the user and the merchant. Risk is not part of the equation.

I think this could be the start of some very cool transaction options for ACH, opening doors for money-remittances and other peer-to-peer payments. About six years ago, some innovators were talking about using ACH to facilitate cross-border money transfers. That idea did not take off, but I have to wonder if Secure Vault might have been the missing link. Only time will tell.



About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.