American hospital loses $3,1M from fraud. Fraudsters hacked into its system to switch the ACH payment details for their supplier with their own. Because they didn’t do an ACH prenote, the company sent funds to hackers instead of paying their suppliers. Keep reading to learn how ACH prenote works, and why it’s not enough to protect your company from fraud.
If you want to be 100% protected, use Trustpair! Our software does ongoing and thorough account validation before executing any payments, completely eradicating the risk of fraud. Request a demo to learn more!
ACH prenote: how does it work?
ACH prenote (also called prenotification) is a way to verify the account of your customers, vendors, or even employees before executing “real” payments. Its goal is to check the bank account numbers you have on file are correct before transferring funds.
For example, a company can use it to check their consumer’s accounts before charging them monthly through direct deposits.
What does it look like? The initiating bank sends a notification or pre-authorization of $0 to the receiving one to check the account’s validity. It’s similar to the penny-drop, but a prenote test transaction doesn’t use real money.
The prenote file format is composed of 94 characters in a specific order, which the receiving financial institution checks against its records.
Here’s how it works concretely:
- Your recipient gives you their account information.
- You (through your initiating bank) transfer a $0 payment or authorization to your recipient.
From there, you have two possible scenarios:
- You don’t receive an ACH return or Notification of Change, meaning the prenote is successful. You can start sending or taking direct debit transactions.
- If it’s unsuccessful, it means that there was an error or incongruency in the credentials sent. You need to update the account information with the information from the return code (or NOC code) or by contacting your recipient.
A prenote processing time is about three business days. After this, you’ll be able to send live entries to your recipient.
That means if you transfer a zero-dollar payment on Tuesday (before the ACH cut-off), you’ll be initiating payment transactions on Friday — providing the prenote was successful. If not, you’ll need to change the information and initiate another pre-note.
The concept of prenote is widely used throughout the world, but ACH prenote only happens in the US, where this type of payment is used.
ACH prenote: why is it important?
ACH notifications are useful for one main purpose: reducing the risk of failed ACH debit or credit transactions because of incorrect account information. It’s helpful for financial institutions and businesses alike who therefore gain in efficiency.
ACH account validation
It’s one of the many methods you can adopt to stay compliant with Nacha’s account validation rule. The National Automated Clearing House is the organization in charge of the ACH network, which includes credits and debits, as well as FedNow, their new instant payment system.
ACH prenote account verification can be used alone, or in conjunction with:
- Manual verification,
- Micro-deposits,
- Instant verification through third-party apps (like Trustpair).
The benefits of using prenote
Using prenotes to validate the account of your third party’s credentials does have some benefits:
- It doesn’t require any action from your recipient.
- It’s more efficient than manual checks.
- There is no need for your beneficiary to reveal sensitive information like their banking logins.
It also provides added security (and trust) to your consumers, vendors, or the parties receiving the funds. But while it’s certainly useful, using this method isn’t enough to effectively protect your company from fraud.
What are the disadvantages of ACH prenote
There are two main drawbacks to using prenote as a way to do your ACH verification:
- It creates friction in your payment processing,
- It doesn’t completely secure your payments.
Creating payment delay
It takes 3 business days to process an ACH prenote and for you to start transferring the payment. That’s if:
- You initiate your prenote early enough in the day: ACH credits and debits transactions are only processed in batches three times a day, with the last transmission deadline at 4:45 PM ET
- The prenote is successful on your first try.
Even if all goes smoothly, using prenote means adding an extra step to your payment process — which irremediably adds some delay and potential friction to your overall process.
If you tend to pay your bills last minute, this could easily tip you over the deadline and you could have to pay late payment fees.
It also requires your organization (or financial institution) to have the infrastructure and resources required to send that zero dollar transaction consumer.
ACH prenote: why is it not enough against fraud?
Last but not least, this type of pre-note isn’t sufficient to protect your organization against third-party fraud. Indeed, when you send a prenote file, the bank only checks:
- The format of the bank account is correct (routing number, account number) and
- The account exists.
In other words, the Receiving Depository Financial Institution (RDFI) is only in charge of verifying the validity of the account — but not its ownership!
In Section 3.5 of the Nacha account validation rules and guidelines, it’s clearly stated that the receiving bank isn’t in charge of verifying the ownership of the account. With prenotes, you will not know who owns the account you want to send funds to (or take direct deposits from).
That leaves a huge security breach for a fraudster, who:
- Impersonates someone else (through spoofing for instance),
- Manually changes the account number in your system.
So, what’s the alternative to protect yourself against fraud? Trustpair!
Our fraud detection software checks the validity of your recipient’s account, but also who it belongs to. We have access to otherwise hard-to-reach information that helps confirm the identity of your beneficiaries, including overseas.
All of this is done automatically, so your team will be able to dedicate their time to other higher-value tasks. It’s done in real-time, which means there is no added delay to your payment process.
ACH account validation through Trustpair is ongoing and done before any transaction is sent to your vendors.
We use AI and pattern recognition to detect any fraudulent attempts and raise the alert when we spot any suspicious activity. Using Trustpair means you will always know who you’re transferring money to — whether you’re using ACH, wire transfers, or other payment methods.
Key Takeaways:
- Bank account prenote is a zero-dollar transaction sent as a test to check the validity of your recipient’s bank account, before your real payment is sent.
- Using prenotes creates delays in your payment processes, and isn’t completely secure. Trustpair does your third-party checks in real time and also verifies their identities.