Oct 26, 2016 Philip Burgess
Given that the Automated Clearing House processes approximately $40 trillion in electronic payments and money transfers per year, according to the National Automated Clearing House Association, it's not surprising hackers continue to target the network.
Using dedicated ACH payment computers, verifying customer bank accounts and other tactics enable businesses to prevent hackers from successfully executing ACH fraud, but to develop comprehensive ACH fraud prevention strategies, organizations must assess all the tactics criminals employ.
How cybercriminals commit ACH fraud
In general, ACH fraud occurs when a criminal steals customer financial data to sanction unauthorized money transfers or payment requests. ACI Worldwide noted that, if the scheme proves successful, the perpetrator will usually launder the stolen funds to another account that isn't associated with the customer.
This scenario may change depending on a cybercriminal's skills, preferences and resources. For instance, one criminal may pose as a legitimate company to a bank account customer and trick the latter into providing his account login information. Then, the hacker could change the account holder's contact information to his own. By doing this, he can thwart bank representatives' attempts to confirm the legitimacy of payments, because he'll respond to any inquiries they may receive.
ACH fraud defense tactics
A survey of financial institutions by NICE Actimize found 70 percent of respondents manually review their accounts to detect ACH fraud. However, ACI Worldwide noted most companies only reconcile their accounts about once a month, indicating organizations are struggling to allocate resources toward fraud prevention measures.
"Risk Verification Database Plus currently contains more than 1 billion ACH records."
The heart of ACH fraud prevention involves detecting anomalies, so human analysis is almost always mandatory. However, given the limited human capital at organizations' disposal, many should consider implementing fraud detection solutions with machine learning capabilities.
In order to operate effectively, machine learning solutions need a lot of data. One solution, Risk Verification Database Plus, currently contains more than 1 billion ACH transaction records, and organizations continue to contribute their data to the service. The information within this database can provide machine learning tools with the context they need to detect anomalous behavior.
As machine learning systems may not be immediately accessible, there are a few ACH fraud defense tactics companies can take:
- Implement repetitive ACH payment templates that prevent criminals from changing account information fields.
- Provide customers with physical cards with a grid of numbers and letters, a combination of which they'll have to enter every time they login to their accounts.
How common is ACH fraud?
A study from the Association for Financial Professionals noted 25 percent of organizations experienced fraud involving ACH debit transactions. Large companies are particularly vulnerable to ACH fraud - the AFP found companies with more than 100 payment accounts are six times more likely to experience this type of financial crime than organizations with fewer accounts.
NACHA's impending roll out of Same Day ACH, which promises to process ACT transactions they day they're submitted, may present additional risks. The majority of respondents to NICE Actimize's survey (93 percent) said cybercriminals will use new tactics to take advantage of Same Day ACH. Companies may have to turn to automated, intelligent software to keep up with NACHA's new system.