Routing numbers have been a fixture for identification purposes since the American Bankers Association (ABA) introduced them in 1910. The ABA Routing Number was originally created to identify financial institutions for check processing, but its use has expanded with the growth of electronic banking practices. The routing number continues to be used to identify participants in automated clearinghouses, for electronic funds transfers, and in online banking.
While verifying routing numbers is rather straightforward, maintaining the security of the account data is a vital concern. An account can be accessed with the information contained on a check, which creates a heightened security risk for both financial businesses and their clients.
Routing Numbers
Every financial institution in the United States has a routing number. Routing numbers are assigned by the Registrar of Routing Numbers for the ABA. Only a federal or state-chartered financial institution that is eligible to maintain an account at a Federal Reserve Bank is able to obtain a routing number.
The routing number is made up of nine digits that describe the physical location of the financial institution — city, state and sometimes the branch. Other identifying features may also be embedded in the numerals, such as whether it’s an account for the United States government. Large institutions often have several routing numbers, and each branch may have a different number. Each client’s routing number should be verified that it’s attached to their account.
Routing Number Verification
NACHA — the non-profit association that regulates ACH operations — requires businesses to take “commercially reasonable” steps to ensure the validity of the routing numbers that are used for a transaction in the ACH network.
The number can be validated manually by calling the bank listed on the check, checked against a database of valid routing numbers – like iBankRegistry, or verified using a simple algorithm that confirms it’s a valid number. Businesses typically install software for electronic validation.
Identity Verification
All the information needed to process an ACH transaction is printed on a check — name, address, routing number and account number. The layer of security attached to other types of payment, such as the CVV2 code of a credit card and a database of stolen cards, isn’t attached to checks.
Because of the elevated exposure to the risk presented by checks, NACHA also requires that “commercially reasonable” measures are established to verify the client’s identity. It suggests collecting documents such as drivers’ licenses and social security numbers, using third-party verification services, or depositing a test entry in the account. Authentication with a password or PIN, a user ID, and an IP address are also acceptable.
Software should be checked for identity verification functions; it may be necessary to conduct verification separately when the function isn’t incorporated in the software, as a transaction could be enabled without requiring verification.
Best Practices for Implementing Routing Number Verification
Implementing a routing number verification processes should be done in conjunction with measures that protect the information of the client and fortify the business from fraudulent access. Building a secure environment for transactions is necessary for compliance; it also maintains consumer confidence in the system and that’s an essential component for the continuing health of the industry.
- establish a robust and documented “Know Your Customer” process for identity verification.
- Store electronic versions of routing numbers, bank account number and sensitive personal identity information in encrypted files.
- Store paper documents securely in a locked drawer or safe, and dispose of them via paper shredder.