General Questions | Technical Questions | Security Questions

Does this payment method increase the risk of online fraud?
No. Secure Vault Payments would require FIs to be compliant with the 2005 FFIEC Guidance to greatly reduce the risk of online fraud related to ACH credit payments. ACH credit payments also reduce risk because they do not require the consumer to divulge or the business or technology provider to store sensitive personal or account information, either from the business or consumer.

How does the redirection process work?
The consumer is redirected from the business' website to his or her FI's previously registered URL via the Internet using Secure Sockets Layer. Registration in the participant database provides a mechanism for mutual authentication between the business and the consumer's FI. No sensitive information about the transaction is sent over an unsecured electronic channel, and instead all transaction information is exchanged between the business and the consumer's FI over a secure connection.

Why is the redirection process secure?
The redirection process is secure because the consumer is redirected to a fully qualified, recognizable domain name over an SSL connection. Furthermore, even if a fraudster was successful in the attempt to redirect the consumer to a nefarious site, all attempts at obtaining the consumer's online banking credentials or account information would likely be prevented by compliance with the FFIEC 2005 guidance.

How does the ACH credit payment protect against phishing, pharming, spoofing and other related malicious attacks?
An ACH credit payment would require FIs to be compliant with the 2005 FFIEC guidance to minimize the risk for phishing, pharming, spoofing, and other related malicious attacks as they are conducted today. The fraudster would be unable to obtain all of the factors of authentication or penetrate multiple layers of security, which would be required in order to access and compromise the consumer's online banking or account information.