Log In ► Wire Services  |  ACH Services  |  Trust Reporter  |  MemberView®  |   Search

Solutions > September 2010 > Product News > Access to ACH system being enhanced

Access to ACH system being enhanced at the end of October

Change includes select employee group ACH processors

Over the last two years, there has been a rise in ACH fraud attempts against credit unions. Some of these attempts have resulted in credit union losses while others have been “close calls;” and both have served as sobering reminders to our industry that we must remain vigilant in our risk mitigation efforts surrounding our ACH systems. Corporate One has taken such efforts seriously, working with our members to ensure our ACH offering upholds best practices for security and risk mitigation. And, will soon take another step forward in enhancing the security around our ACH system with the implementation of a Virtual Private Network (VPN).

 

SEG Access

These changes also impact SEGs/companies that independently process their own ACH items. If your credit union has SEGs/companies that process ACH transactions, you will want to communicate these changes to them as well, including equipping them with a security token, which Corporate One will provide to you upon receipt of the token request form (found in MemberView). We will send the requested SEG tokens to your credit union along with the appropriate instructions for you to pass along to your SEG members. Just like with Corporate One users, SEG users will need to authenticate themselves with the token prior to accessing the ACH system. As mentioned above, all users, including SEGs, need to be ready to access the ACH system via this manner beginning October 30.

 

Through this VPN, which is nothing more than a secure, dedicated pipeline, we are going to funnel all ACH users — including select employee groups (SEGs) that independently process their own items — to the ACH system. So, instead of the ACH system accepting Corporate One ACH users from a vast array of IP addresses, it will only accept those that access the system via this new path. The key security feature to the VPN is that it requires an added layer of multi-factor authentication. To authenticate ACH users to the VPN, we will use the same security token currently used to access MemberView®, our member account management system.

We recently sent letters to all ACH users informing them that this change to ACH access will take will place on October 30, 2010. Ultimately, accessing the ACH system in this new manner amounts to a slight change on the user-end, but it provides for a huge security enhancement on the back-end. We have developed a step-by-step user guide that can be found on our Web portal (mvportal.corporateone.coop) under “User Guides.” This is the Web page that is launched when users plug in their security tokens. All users will want to review this guide.

We understand that making a change such as this, while simple in nature, requires time and effort on the part of our ACH users, and we greatly appreciate their collaboration. It is important that all ACH users know of this change, are prepared for it and have their calendars marked appropriately to remind them of the switch-over date. Until October 30, ACH transactions can be processed as usual.

If you are an ACH user and you have not yet heard from Corporate One about this change, please contact Member Services at 866/MyCorp1 at your earliest convenience.