Instant Pull Payments, including Account Funding Transactions (AFTs), pull real-time funding into accounts using card credentials. Funded accounts may be quickly converted to cash (e.g., ATM withdrawal, P2P transfer, Western Union money order), therefore these transactions carry elevated fraud and compliance risk.

These guidelines outline the risk controls and operational practices expected when implementing an AFT program.

Why AFT Requires Enhanced Controls

An AFT to an account that can be rapidly liquidated presents unique risks:

Stolen card credentials can be converted to cash within minutes.
It may be difficult to prove that the legitimate cardholder authorized and participated in the funding transaction.
Chargeback exposure may be higher than traditional purchase transactions.

Risk Management - General Considerations

Before setting up an Account Funding origination or Pull program, TabaPay Clients should carry out a comprehensive risk assessment covering their business policies and practices, fraud prevention and detection techniques, anti-money laundering program, and other risk controls.

In addition to the recommended fraud prevention tools, TabaPay Clients should ensure adequate practices are in place to minimize fraud losses and excessive customer service inquiries.

📘
AFT Technical Certification
TabaPay requires that all AFT programs implement and complete technical certification to use AVS and Duplicate Card Check (both enabled by TabaPay).

Pre-Launch Risk Assessment

Before launching an AFT program, clients should conduct a comprehensive risk assessment covering:

Business policies and customer onboarding practices
Network rules, and local regulations
Fraud prevention and detection controls
Anti-money laundering (AML) program
KYC and sanctions compliance
Dispute and chargeback handling procedures

Identifying Suspicious Activity

Merchants should be able to identify indicators of suspicious activity that may point to potential fraud; this includes but is not limited to:

Large volumes of AFTs
Significant activity on an account reactivated from inactive or dormant status
Increasing volume of AFTs or significant fluctuations in type or volume of AFTs that are inconsistent with patterns identified in a customer’s profile
Change in account credentials followed by out-of-pattern AFT activity

AFT with Debit or Credit Card?

Account Funding Transactions (AFT) works regardless of the card type – debit or credit, and all the card types will be supported. To start accepting Credit as well (let’s say as a fallback mechanism), a few things you need to be aware of:

Most Credit Card issuers treat an AFT as quasi-cash and they may incur Cash Advance fees
Cash Advance fees, when applied, could be a flat fee or percentage
Cardholders need to check their credit card agreement to check if there is a fee and how much.
In order to cover the above fees as well as to avoid chargebacks, you will need to apply appropriate messaging to and educate your consumers before they place the transaction.

In addition, standard credit card acceptance fee will apply.

Risk Management

To monitor transaction activity and manage risk and fraud, Merchants should implement manual or automated anomaly detection mechanisms that focus on individual account holder or peer group behavior by establishing a model of expected behavior for each account holder.

Key Risk Indicators

Examine key risk indicators including the following:

Account Activity & Velocity
Account Controls & Total Threshold Management

Account Authentication & Validation
Governance

Account Activity & Velocity Monitoring

Analyze activity patterns of AFTs (e.g. frequency, amount, and count of AFTs).
Identify increasing volume of AFTs or significant fluctuations inconsistent with patterns identified in a customer’s profile.
Recognize significant activity on an account reactivated from inactive or dormant status.
Detect changes in account credentials followed by out of pattern AFT activity.
Monitor accounts that may have historical suspicious activity with enhanced due diligence.

Account Controls & Total Threshold Management

Establish thresholds for new or dormant accounts to monitor for large or multiple AFTs.
Segregate new accounts from existing accounts and incorporating tighter controls for new accounts.
Factor key differentiators to monitor for suspicious activity and establish transaction limits based on parameters such as:
- Geographies (transaction origin and destination)
- Customer base
- Risk appetite

Account Authentication & Validation

Implement multi-factor authentication before account credentials can be changed or new beneficiaries are established.
Apply enhanced controls over changes to account profiles initiated online or via customer service representatives.
Use common cardholder and payment authentication and validation processes in approvals of AFTs:
- Payment account address validation (AVS)
- CVV/CVV2
- EMV 3-D Secure (3DS)
- Account Name Inquiry

Governance

If third party vendors and technology solutions are engaged to monitor accounts for suspicious activity, dedicate internal resources to monitor vendor performance and develop risk assessment standards for vendor engagement, such as incorporating independent code reviews and Payment Application Data Security Standard.
Ensure that technology solutions are updated with latest patches.
Establish distinct first, second and third lines of defense as customary with standard risk management practices to monitor and test design and operating effectiveness of policies, procedures and monitoring mechanisms.

Post Transaction Risk-Management

Track chargebacks, reversals and declines to identify patterns.
Suspend or terminate accounts when fraud is detected.

Third Party Risk & Identity Solutions

Third-party services (identity verification, bank account verification, and fraud scoring).

Ekata
Idology
Plaid
Socure
Yodlee

TabaPay Payment Features

Real Time Monitoring & Blocking

Help detect and block fraud in real time as an easy, no-code solution.

Merchant Initiated Transactions

Charge your customer’s card without their activate participation.

Partial Authorization Service

Avoid insufficient balance declines, and approve for a portion of the original amount requested.

3D Secure

Authenticate your customers’ card info when processing online purchases.

Account Name Inquiry

Check a cardholder’s name against their Issuing bank records.

Address Verification

Verify if the card issuer recognizes the address provided by a cardholder.

CVV2 Verification

verify if the cardholder has possession of the physical card.

TabaPay Tokens

Manage payment card and bank accounts saved securely for you in the TabaPay Vault.

Apple Pay Tokens

Use Apple Pay tokenization for your payemnts

Google Pay Tokens

Use Google Pay tokenization for your payemnts

Duplicate Account Check

Check if a card is already associated with another account when using Create Account API

TabaPay Account Updater

Update your cards automatically with the issuer

Chargeback Management

Compelling Evidence

Dispute a chargeback with relevant documentation.

Network Monitoring Programs

Card Network Chargeback Programs.

Discover Chargeback Reason Codes

Discover's chargeback codes.

Mastercard Chargeback Reason Codes

Mastercard's chargeback codes.

Pulse Chargeback Reason Codes

Pulse network Chargeback Codes.

Star Chargeback Reason Codes

Star network Chargeback Codes.

Visa Chargeback Reason Codes

Visa network Chargeback Codes.

TabaPay Support

Contact Support.

More Resources

Overview of TabaPay Shield: build a platform with fraud protection for your business and customers.
Bulletins: Learn more about new updates and requirements from card networks.
Transaction Integrity - Network Fees: Follow best practices to avoid network fees.