|Note: The price of ACH bank donations is going up on October 31, 2022 from $0.25 to $0.30 per transaction. There is still no transaction % fee. To learn more about this aspect of this change, see $0.05 ACH Fee Increase.|
Quick and easy bank verification makes ACH bank transfer donations possible for all our customers in the US. Stripe Financial Connections is a new bank verification service provided by Stripe, our payment processor, and it has now replaced our old verification system completely.
We want to dive deeper into why we think Stripe Financial Connections is a better fit for us, a better fit for you, and why we think it’s worth the price bump.
It’s Released and Performing Well
We rolled out Stripe Financial Connections on Church Center (web and the mobile apps on iOS and Android) slowly over the month of September for tens of thousands of customers and all their donors. It was smooth, quiet, and generated zero support tickets—just the way we like it!
It’s performing just as we planned—churches are experiencing faster transfers, more bank verifications, and faster time to verification since switching to Stripe Financial Connections. At the same time, abandoned verification rates, manual bank verifications, failed verifications, and fraud activity is down.
Here’s an example of what Stripe Financial Connections looks like on the web:
Manual v. Instant Verification
Manual bank verification: This is the traditional method you’re likely familiar with. Here, the donor must verify the amount of two “micro deposits” totaling less than $1 each. The downside with this method is that it’s slow. For some banks, it can take 2-3 business for the mico deposits to show up.
Instant bank verification: In the past few years, verification providers have been trying to speed up the process of bank verification by skipping micro deposits using the bank’s online banking portal to complete the verification process. Broadly speaking, there are two approaches:
- Credential Brokering: In this setup, the system asks for the donor’s online banking username and password. The verification system takes those credentials, goes to the bank’s website, and attempts to log in on behalf of the donor. If the credentials are successful and the bank account can be accessed, the bank is considered verified for the purposes of ACH.
The problem here is obvious. No one wants to give their online banking credentials to anyone. In fact, it’s the one thing our banks have told us over and over again not to do.
Open Authentication (OAuth): OAuth is a widely used protocol for connecting two software systems together. Here, the verification system initiates a login window that is provided by the donor’s actual bank. Once logged into their own bank the bank notifies the donor that the verification system is trying to connect to their bank. The donor can typically decide which accounts the verification system should have access to and what kind of account information it’s allowed to see. At the end of this process, the two systems are connected. At any time, the donor can disconnect the verification from their bank if they want to.
This puts the donor in control of what info is shared. It all happens without the need to give your banking credentials to a 3rd party.
Four Reasons We Like Stripe Financial Connections
Reason #1: More Secure Defaults
Stripe Financial Connections uses OAuth as their primary instant verification method. Most of your donors bank at institutions that are able to use Stripe’s OAuth-based instant verification method. For smaller banks and credit unions, credential brokering is used as a fallback method when OAuth isn’t available.
Reason #2: Smarter Fraud Protection
Bank authentication systems are a magnet for fraud. In particular there are two types of scams.
First, “micro-deposit harvesting” is where scammers connect their bank, initiate the verification process and try to run off with those teeny deposits (example: $0.32 and $0.18). Second, is known as “credential testing.” Here, scammers take compromised username and password combinations and test them on various banks. If they get a successful login, these compromised banking credentials suddenly become very valuable for other kinds of scams and fraud.
Stripe Financial Connections is designed to combat both of these types of scams.
Stripe combats micro-deposit harvesting by forgoing the two micro-deposits and sending a single $0.01 micro-deposit with a unique, 6-digit code appended to the church’s name. Donors verify the code instead of the micro-deposit amounts.
Stripe combats credential testing by employing Stripe Radar – a fraud prevention system that uses machine learning and billions of data points collected from Stripe’s entire payment network. It’s a juggernaut of a fraud prevention system that Giving already relies on every single day.
Reason #3: More Privacy Controls
One of the creepy things about a verification system is that it potentially has access to all kinds of juicy financial data (your spending habits, your student loans, your charitable giving, etc). Church Center, of course, doesn’t need any of that just to verify a bank account for ACH!
Stripe Financial Connections allows Planning Center to set the rules about what kind of information is accessed when a donor connects their bank.
We limit the connection to the least amount of permissions possible: account number, routing number, account type, and the account nickname.
Reason #4: Stripe’s Reputation
On top of offering a faster and more secure bank verification process, and their worldwide reputation as a leader in the financial services industry, this transition was a no-brainer for us.
Not only do we know Stripe, so do donors and banks. Some donors may have interacted with Stripe or at least recognize it, and most larger banks have a direct relationship with Stripe as the world’s largest payment processor.