Financial Institution Overview
Thank you for visiting Trustly, Inc., a Delaware corporation with a principal place of business in the Silicon Valley at 555 El Camino Real, Suite 200, San Carlos, CA 94070. The purpose of this page is to give you an overview of what we do so that we may work together to eliminate ACH fraud.
What is Trustly?
Trustly’s mission is to eliminate fraud and NSF from ACH to make ACH a mainstream e-commerce payment option. With the familiar user experience of signing into online banking, our technology verifies an end-user’s identity, bank account number, balance and history in real-time—all without leaving the merchant’s website.
Taking ACH to a new level
As a NACHA Preferred Company, we are part of a select group of innovators contributing to Nacha’s strategic efforts in support of the ACH payments ecosystem by removing friction, increasing ease, improving cash flow accessibility and efficiency, as well as supporting sound risk management and security for ACH payments. Main supported fields: Account validation – database or online banking login; Account tokenization – as authority between merchants and their ODFIs; and Payment guarantee – in real time, eliminating ACH returns/chargebacks.
What steps do we take to prevent ACH fraud?
Authentication is the strongest weapon against fraud. We bring real-time payer/payee authentication to ACH payments by leveraging online banking authentication, without ever storing or sharing consumer credentials. Additional steps we take against fraud include:
- Presenting financial institutions’ login steps precisely;
- Triggering a financial institution’s second-factor authentication process flow if our systems detect potential fraudulent activity targeted at that financial institution;
- Flagging suspicious transactions for review based on recency, frequency and monetary criteria including velocity, IP address and fingerprint; and
- Blacklisting IP addresses and fingerprints from identified sources of fraud.
To help your IT and Risk departments identify our traffic, all requests from Trustly to your website can be modified to include easily identifiable metadata:
- URL of this page within the origin HTTP header; and
- X-Forwarded-For with the IP address of the consumer using Trustly so that you may enforce your fraud detection rules based on consumers’, not Trustly's, IP addresses.
We welcome your recommendations on additional steps we should take to prevent fraud.
How does Trustly protect consumer data?
We do not save or share consumers’ online banking passwords. On behalf of consumers who have authorized us to access their bank accounts, we retrieve information that enables us to verify their identities and initiate authorized ACH transactions. A consumer may choose to “remember my username” in our user interface, but we never store or share passwords nor answers to security questions.