Changing dynamics of ACH fraud

Same Day ACH went into effect on Sept. 23, and offers a progressive step toward faster payments. This new movement towards expediting ACH payments offers banking customers new conveniences and better customer service. And, it’s already seen great success, with NACHA reporting that in the first month of implementation, nearly four million transactions occurred via Same Day ACH totaling nearly $5 billion.

While this new faster payment initiative offers added conveniences, it also adds additional processing windows, and with that, the potential for new types of fraud for financial institutions to guard against. As adoption continues to rise, fraud detection solution need to adapt to meet the operation demands introduced by Same Day ACH.

Putting fraud in perspective

Historically speaking, ACH has not been fraudsters’ first choice to transfer or steal money. This is mostly because processing of ACH funds typically takes one to two business days for the settlement to be completed, giving the financial institutions or originators time to notice any anomalies and easily stop, cancel, or revert the transaction. In other words, the ACH network, pre-Same Day ACH, offered a protective cushion.

Fraudsters are well versed in banking processes. They know that time is the most crucial element. That’s why most fraudsters prefer wire versus ACH, to steal funds, as wire is faster, irrevocable, and money is transferred within minutes. With the onset of Same Day ACH, however, wire now has a friendly “competitor.”

It’s true that even with the introduction of Same Day ACH, ACH transfers will not be as fast as wire. However, the ACH network carries extremely high volume, and with Same Day ACH now available, there is a guarantee for transition completion within the same day. Based on the high volume network and cut-off time intervals, fraudsters can take advantage of these new time-sensitive windows by slipping in fraudulent ACH transfers.

Early picture on fraud

Fraud trends tend to vary. Below are three recent ACH fraud trends that have seen an increase among our data:

1. Payee Edit (PE) Fraud

In this scenario, fraudsters do not create a new batch or transaction but rather modify the recipient account number of an existing batch, one that is already scheduled to go out in the near future or periodically.

It is extremely difficult for the sender/originator to detect such cases, as they do not see a new or unscheduled batch being initiated or a new transaction item being added to an existing batch/template.

From the sender/originator’s standpoint, everything looks normal. They have a scheduled ACH batch for a specific day (i.e. employee payroll) with only a few new transaction items to add, such as new employees, which they have already carefully verified. The likelihood of re-verifying the recipient account for all would be extremely time consuming.

The batch is submitted, without anyone knowing that one or more account numbers of recipients in the batch have changed.

Payee edit fraud is usually caught by delay when the true recipient does not receive the expected money and then contacts the sender. At this point in time, the fraudster has most likely already accessed the money is focused on his next victim.

2. Small Transaction Fraud

Small transaction fraud is also rising. In the past, it was more common for fraudsters to target relatively large transaction amounts. However, with more verifications in place, and fraud analysts learning to outsmart criminals, fraudsters have started to decrease the transaction amounts, but increase the number of transactions.

In a recent fraud case, we observed an ACH batch with 10-20 transactions, each with dollar amounts ranging in the thousands, and all had fraudulent recipient accounts. With this strategy, fraudsters have modified their approach to moves that seem more in line with a typical, legitimate user.

3. Business Email Compromise (BEC) Fraud

With the introduction of Same Day ACH, we do expect to see BEC and social engineering related frauds to find their way into ACH world. Within the wire world, BEC frauds have mainly targeted CEOs, CFO, or executives with certain authorities.

The market should be mindful and prepared to hear stories of HR departments being the next target, as fraudsters fake being a legitimate employee with an email request to change account information for payroll deposits.

Beware of brinksmanship

As Same Day ACH continues to increase adoption, we recommend financial institutions use caution with suspicious transactions that come in closer to cut off times.

Fraudsters will learn—if they don’t know already—the specific cut-off times and will use that knowledge to their advantage to send requests, leaving less time to verify and investigate the request. Better tools for faster and more effective investigations will be a necessity within the Same Day ACH world.

About the author

Massy Najafi is vice-president, analytics, at Guardian Analytics.