Dec 03, 2020 MicroBilt News
As mobile technology continues to grow increasingly omnipresent, businesses and consumers are embracing the convenience of new digital payment services. This shift away from paper-based transactions (like cash and checks) has created a pressing need for secure electronic processing systems, the most advanced of which still come with a great deal of risk.
Organizations of all types - and within every sector - are constantly on the lookout for fraudulent activity within their financial networks, as even a single incident could lead to serious financial repercussions for businesses and their customers.
The worldwide coronavirus pandemic of 2020 has done no favors to the efforts to prevent fraud. In fact, the FBI has released statements related to rising instances of fraud amidst coronavirus and how businesses and families must be especially vigilant during these disruptive and uncertain times.
In 1974, the National Automated Clearing House Association (NACHA) was established to help mitigate the fraud risks of online transaction systems by creating a uniform set of rules and standards. The goal of the organization is to provide a secure method of transferring payments between financial institutions that are part of the ACH Network, which is currently responsible for moving around $43 trillion each year. This collaborative nexus has championed a range of anti-fraud initiatives, but the procedure is not entirely infallible.
How the ACH Works
According to the Consumer Financial Protection Bureau, an ACH is "an electronic fund transfer made between banks and credit unions across what is called the Automated Clearing House network." This system is used for a variety of credit and debit transactions, including:
- Payroll direct deposits
- Social security benefits
- Tax refunds
- Loan payments
- Mortgage remittance
- Utility bills
Some online retailers and payment services allow customers to pay via ACH, most often through a user's checking account and bank routing numbers. Once an electronic transaction is initiated, the information is sent through the ACH Network to be reviewed, edited, and sorted to ensure no fraudulent activities are taking place.
What is ACH fraud?
Fraud comes in many forms, yet the goal is always the same: To knowingly deceive an individual or business entity in an effort to access monetary funds or personal benefits that don't belong to a fraudster. A study from Javelin Strategy & Research found there were 16.7 million victims of identity fraud in 2017 alone, an increase of 8 percent over the previous year.
Unfortunately, COVID-19 has created unique opportunities for cybercriminals eager to take advantage of the chaos created by multi-state shutdowns, worldwide lockdowns, and greater volumes of people working from home to commit fraudulent activities of many kinds, including ACH fraud.
ACH fraud refers to the theft of funds passing through the Automated Clearing House payment network, whether via a direct attack on the computer system or an indirect compromising of its processes or procedures. Cybercriminals target the ACH transaction network because it serves as a central hub for the national banking system, opening up opportunities for improper payments, money laundering, and even terrorist financing. Some of the common infiltration methods include:
- Compromising email security
- Account takeovers
- Social engineering (phishing)
- Vendor impersonation
By exploiting vulnerabilities in the system, fraudsters are able to gain access to critical financial information and payment histories, which can easily lead to identity theft if the breach goes unnoticed. While there are protections in place to address possible incidents of fraud, most come with a strict time-table. ACH transactions typically take about 3 to 5 days to process, which gives individuals and businesses a small window to stop payments before the funds leave their account. If processed, there is no guarantee the funds will still be in the ACH payment network by the time a reversal is submitted.
ACH fraud detection tools can keep organizations one step ahead of online fraudsters. In 2019, the ACH network was responsible for more than 24 million transactions. That was in a world before COVID-19, stay-at-home orders, and nationwide coin shortages sent most Americans reaching for debit and credit cards for even minimal transactions.
However, the year 2021 will see changes for merchants that utilize the ACH network. One of the biggest changes is the mandate that merchants use specifically approved account validation systems to screen for fraud. This new rule goes into place on March 19, 2021. Later in the year, on June 30, 2021, phase one of the two-part Rule on Supplementing Data Security Requirements Initiative goes into effect (the second phase will go into effect on June 30, 2022).
During Phase One, non-financial institutions with greater than six million entries of ACH origination volume in the calendar year 2019 and third-party senders or providers with transmission volumes exceeding six million must be compliant. Phase Two, on the other hand, goes into effect the following June and reduces the required threshold to two million entries in each situation.
With big changes like these in the works, businesses of all shapes and sizes should consider Risk Verification Database (RVD) to determine the degree of risk these transactions represent for your business and how you might wish to proceed.
4 ways to protect against ACH fraud
A proactive approach is the best way to prevent electronic transaction fraud, both for consumers and businesses. Cybercriminals often take advantage of inactivity, as it allows them a few days' lead time before an organization has even noticed an incident has occurred. That's why ACH fraud detection starts with recognizing the risks and formulating an aggressive action plan. To that end, here are 4 ways to protect against ACH fraud:
- Understand how ACH scams work: The first step to insulating an organization from the risk of electronic fraud is to understand what vulnerabilities exist and how they are commonly exploited. More often than not, a compromised computer terminal or inattentive employee will serve as a fraudster's access point. Always be on the lookout for phishing scams and signs of malware, as these more technical methods of intrusion can get around even the most secure networks.
- Track your account activity: Keeping a close eye on your online accounts is a great way to catch ACH fraud before a payment is fully processed. In addition to checking your balances often, the FBI recommends using strong passwords that are frequently changed to minimize the chances of an account takeover. Also, make sure to restrict access to any computer used for submitting ACH transactions and keep anti-virus software updated at all times.
- Use credit monitoring services: Fraudulent activity has a noticeable impact on credit score, which makes it an important metric to watch when monitoring for suspicious activity. Organizations that frequently check their credit histories are more prepared to spot irregular behavior, which should be reported to the appropriate banking institution or credit bureau as soon as possible. Most credit score monitoring tools offer alert features that can keep businesses updated about any substantial changes with their accounts.
- Integrate digital alert tools: Online retailers need rigorous fraud detection tools to accurately assess the risks of consumer and vendor transactions. Signing up for email or text alert services can keep retailers notified when suspicious behavior occurs, such as unusually high account payouts or unexpected low balances. Digital risk assessment tools utilize high-performance analytics and machine learning, offering predictive capabilities that allow businesses to quickly adapt to threats and take decisive action.
For almost 40 years, Microbilt has worked with business owners, lenders, and consumers to manage their financial risks and promote economic security. Products and service offerings like the Adverse Action Notification and Risk Verification Database will keep you up-to-date with suspicious activity and able to quickly respond when incidents of ACH fraud occur.