5 Tips to Help Banks Implement E-Payments Security
2. Authentication for High-Risk Transactions
The FFIEC says banks should never rely on any single control for authorizing high-risk transactions. The higher the risk with a given transaction, the more controls that should be put in place. In general, customer transactions are less risky than commercial ones, the FFIEC notes.
According to NACHA, banks should monitor consumer and commercial accounts on a daily, weekly, monthly and quarterly basis for unusual activity, while also ensuring that security procedures and tools are kept up to date. Procedures should be in place for how to handle transactions that seem out of the ordinary. Banks should also be tracking failed attempts to log on to an account, NACHA says. For commercial accounts, the association also recommends establishing file and exposure limits, as well as processing schedules, for originating customers.