According to recent transaction data from NACHA, same-day ACH is growing rapidly. During the second quarter of 2018, there were nearly 42 million same-day ACH transactions – an increase of 243 percent compared to the second quarter of 2017. As a result of this growth, NACHA announced three new rules, which will expand the same-day ACH processing window by two hours and increase the per-transaction limit to $100,000.
With new rules and expanded capabilities, businesses and consumers alike will increasingly realize the advantages and convenience of same-day ACH, however, fraudsters also stand to benefit. Cybercriminals now have the ability to access and move funds faster than ever before. At the same time, financial institutions have less time to process and ensure the validity of transactions.
In response, financial institutions must be prepared to address attempts by fraudsters to exploit the system, but to do so, they must first understand the tactics used.
- Business Email Compromise
A commonly used tactic is Business Email Compromise (BEC), where a fraudster creates a fake email to trick an employee in the organization who is tasked with wire transfer and ACH responsibility into unknowingly transferring money to a money mule account.
These scams are directed toward employees with the ability to perform financial transactions on behalf of their company. Fraudsters gather extensive information to then pose as a CEO or CFO of the company or a vendor partner, to trick an unsuspecting employee with an urgent request to transfer funds or make a payment. The criminals will often use information available online and on social media sites to research an individual before sending an email asking the employee to send funds.
According to the FBI’s reports earlier this year, BEC is becoming even more prominent, with worldwide losses hitting $12.5 billion over the last five years. These losses could have been avoided if CEOs and CFOs were alerted of outgoing wire or ACH transfers, giving them the visibility to help unsuspecting employees identify such fraud.
- Account Takeover Scams
A second tactic is account takeover scams, where fraudsters directly target bank accounts, especially corporate bank accounts, to gain access to larger balances that are often tied to automated lines of credit. Fraudsters are then able to transfer large sums of money. Once the fraudster gains access, they add recipients to payroll files or change account information for existing recipients to redirect payments to a money mule account.
These changes are already difficult to notice today and will be even harder to detect. In response, financial institutions must check the destination and value of ACH transactions as they are received and before the transactions are released to the payment network. If the account and routing numbers do not match those included on the pre-approved list, the transaction is suspended and the customer is notified, who can then securely review and deny or verify the transaction.
- Large Volumes at Cutoff Time
A third tactic is when fraudsters take advantage of same-day ACH’s submission deadlines. By submitting a large volume of payments right before the cut-off time, financial institutions are forced to speed through the evaluation process without adequately reviewing all transactions. Additionally, fraudsters may also submit payments that are just below a bank’s review threshold. In these instances, fraudulent transactions may slip by undetected
To mitigate the risk of fraud associated with same-day ACH, financial institutions must also understand that conventional approaches to fraud prevention are no longer sufficient for same-day ACH. Manual reviews and call back procedures are labor-intensive and time-consuming. Instead, banks must make customers aware of the prevalence of potential scams and create methods that are not only effective, but convenient for the customer
Financial institutions that take on the role of detecting fraudulent transactions and communicating the issue to the customer will realize that this process does not work for same-day ACH, as it will require hiring additional fraud analysts, resulting in costly and inefficient practices. Financial institutions must approach fraud prevention with a strategic focus and recognize the benefits of enlisting customers in the process.
Moreover, modern technology has made it possible for financial institutions to mitigate fraud risks without additional operations costs. With biometric technology and communication advancements like SMS text, financial institutions can monitor the movement of funds with greater ease, as well as automatically alert customers of a suspicious transaction. This method has the ability to stop fraud before it even happens.
Actionable alerts are also critical, as they stop authorized transactions. Customers can quickly determine whether a transaction is legitimate or fraudulent better than bank employees; therefore, institutions must empower customers with greater control over their account. This provides for a more proactive approach, thus, reducing the risk of fraud.
By understanding the common tactics used by fraudsters, taking a strategic approach to fraud prevention and recognizing the value of involving the customer, financial institutions will reduce fraud, reduce operational costs and differentiate their organization from competitors, all while creating value for customers to improve the experience.
For more information on fraud prevention, download our white paper, "Transform Treasury Management With Actionable Fraud Prevention Solutions."
