According to AFP’s 2019 survey, payments fraud has become the “new normal” for many organizations today. Reaching a new record last year, 82 percent of financial professionals reported that their organizations were targets of fraud – up four percentage points higher than the previous record-breaking year.
Historically, checks and wire transfers are the top two payment methods most subject to fraud, however, it is worth noting that the survey reported a decrease in fraud across both of these channels. While the slight decrease in fraud via checks and wire transfers may be worth celebrating – down four and three points, respectively – it is unfortunately accompanied by a noticeable increase in fraudulent activity impacting both ACH credits and ACH debits.
Why ACH transactions?
As the payment industry evolves to better suit the banking needs of customers and businesses, scammers have also adapted to the changes. AFP’s findings show that fraudsters are shifting their preferred methods of attack from traditional channels, like checks and wire transfers, to more advanced forms of payment, including ACH transactions.
When it comes to moving money, ACH transactions are known to be a more secure option and much more rigorous for fraudsters to compromise, however, this increase in ACH fraud indicates a more complex, thought-out approach of attack. To avoid detection, fraudsters are rethinking their scams and taking chances on the belief that attacks on ACH transactions might fly under the radar.
How are ACH transactions compromised?
While technology advances to make ACH transactions possible, it is the same developments that are propelling fraudsters to attack these payment methods. Often fraudsters are taking advantage of the operations leading up to payment initiation, rather than the actual payment methods.
This can be achieved by initiating phishing attacks or implementing malicious software to steal sensitive information and ultimately, compromise the internal systems. Some common tactics used by fraudsters include Business Email Compromise, account takeover scams and initiating large volumes of payments right before ACH’s submission deadlines. Once the scammer has gained access to the internal system, they are free to generate ACH files and wipe accounts.
Next steps for FIs?
With ACH fraud occurring at an increasing rate, financial institutions should ensure that they are offering services that help consumers and businesses fight back against the fraudsters. One easy way to take a stand against ACH fraud is through ACH positive pay.
ACH positive pay prevents fraud by sending an actionable alert when an ACH transaction hits a customer’s account. Either online or via a mobile device, customers can accept or reject unauthorized ACH entries immediately. With visibility into the real-time ACH approval process, account holders can easily identify trusted trading partners and automatically populate an ACH filter for future transactions, eliminating the need to maintain ACH blocks and legacy, labor- intensive ACH filters.
With an automated ACH positive pay solution in place, financial institutions would no longer need to store paper dispute forms in warehouses, but instead, could charge account holders a small fee for the automated service. Additionally, institutions could cut down on the manual methods requiring the bank to set up filters for the customer and manually enter returns and offsets to customer accounts.
Modern technology has made it possible for financial institutions to monitor the movement of funds with greater ease with tools like ACH positive pay to automatically alert customers of a suspicious transaction and stopping fraud before it even happens. Financial institutions that invest in an automated ACH positive pay solution will be able to mitigate fraud, drive down costs, generate revenue, and most importantly, protect account holders against unauthorized transactions, leading to an improved customer experience and increased profitability for financial institutions.