William, Thanks very much for this information about the banking world... as unsettling as it is. It may turn out that other CPP information about payors and providers will have to be semi-restricted as well. I noticed, for example, that some Claredi customers have chosen to restrict public access to some of their directory fields, even though the information looks pretty harmless to me. Of course, the whole point of our CPP record is to make it widely available... but to one's potential partners... not necessarily to one's "competition"... and maybe not very much of it in one query, no matter who you are.
I would expect payments in most low-volume or CPP-initiated trading relationships to continue to be paper checks for the next few years... mailed to the address in the CPP record. In the hi-volume relationships, it will probably be necessary to send a voided paper check, sign a few forms, etc. in order to set up a direct-deposit, electronic payment arrangement anyway. So all we may need in the CPP record now is a place to indicate preferences/abilities with respect to electronic payments. -Chris At 02:26 PM 5/21/02 -0400, William J. Kammerer wrote: >As I said in my posting last Saturday with regard to making public >providers' bank account and ABA routing numbers, some "liaisoning" with >X12F Finance and NACHA might be in order. > >So I did just that: some "liaisoning." I corresponded with both Richard >Bort, a certified cash manager and financial consultant specializing in >treasury management and electronic commerce, and the author of the >classic reference "Corporate Cash Management Handbook;" and Priscilla >Holland, Senior Director, International & Corporate Payments, at NACHA. >I just love "liaisoning" and name-dropping - it beats real work any day. > >Both Bort and Holland agree that it would be none too wise to post >account information (like the routing number and bank account number) in >a public registry with no controls to limit access. They've graciously >allowed me to share their remarks. > >Dick writes: > > As for the issue at hand, it highlights a conflict between > reason and emotion, with a large dollop of fraud thrown in. > > Of course everyone to whom we write checks can know our bank > transit routing number and account number. By the same token, > we wouldn't plaster those numbers on a billboard alongside > the highway (or in a publicly-accessible directory on the Web), > though, for fear that some miscreant would misuse that > information. I know what you're thinking: "In Europe they print > their bank IDs and account numbers on their invoices to > facilitate remittances, so why don't we do it?" > > The largest source of bank fraud in the U.S. is check fraud, > most of which involves the creation of totally bogus checks > using a PC and a laser printer. If I know the bank and account > numbers of a deep-pocketed firm, like a hospital, I could make > up a check (or, preferably, a series of modest size checks) > purportedly drawn against that bank account and probably get > away with it. The banking industry has created some effective > defenses against this (e.g., "Positive Pay" service) but losses > continue to be heavy. Therefore, it's just not wise to > advertise one's bank account number to anyone who may be > interested. (BTW, the bogus check need not have the MICR line > printed in magnetic ink. The banks, "los brilliantes" that they > are, will kindly repair unreadable MICR numbers with a readable > strip pasted to the bottom of a check.) > > In the healthcare business, there are relatively few payers > (hundreds, or maybe a thousand or so, but not an entire > boatload). I see no reason why there could not be some central > registry to which legitimate payers could gain controlled > access. That registry could/should contain more than just the > depository bank account numbers. It probably should also > include a profile of the provider, such as preferred way to > receive remittances (e.g., EFT/EDI, together or separated, check > in the mail, etc. etc., and a contact person and phone number > and e-mail address). > > There are just too many bad guys around who would really mess > things up if we were to publicy post bank account numbers. It's > that simple. I hope this is helpful. > >Priscilla adds: > > As far as publishing your account number - the biggest issue > is fraud. NACHA has historically published information on all > conference brochures on how to make an electronic payment for > the conference registration and have published the routing & > transit number and account number for our primary checking > account (not a good idea). Last year we had 17 unauthorized > debits to that account. It seems that the criminals are > learning about the capabilities of ACH fraudulent debits. If > you want to publish an account on the web - I would suggest > that it be set with a debit block - that will prevent > unauthorized debits - and the account be monitored very > closely. [The Columbus Dispatch article] talks about finding > additional funds as a windfall - finding that your account has > no money because of unauthorized debits would be somewhat more > likely. If you want to publish your account information - it > would probably be better to have a separate account for this > purpose and then transfer the funds into the general account. > >I think this settles the matter, though it's disappointing that banking >account "security" relies on keeping these identifiers semi-secret. > >Perhaps we can accommodate protection of the financial account >information in the directory some technical way to ensure it is revealed >only to legitimate payers (insurance companies) - by restricting it to >only those folks who possess a directory entry themselves or somesuch >nonsense. Or the 837 claim could be changed to send the provider's >routing and account numbers for EFT payments directly to the payer (I >was surprised it wasn't there already), bypassing the Healthcare CPP >directory altogether. > >William J. Kammerer >Novannet, LLC. >Columbus, US-OH 43221-3859 >+1 (614) 487-0320 Christopher J. Feahr, OD http://visiondatastandard.org [EMAIL PROTECTED] Cell/Pager: 707-529-2268
