Fraud on Automated Clearing House (ACH) payments has gone through an evolution. It started out with fraudsters getting involved as originators of fraudulent ACH transactions. They would create fictitious transactions, either by not getting consumer consent or over-charging consumers on transactions. A heightened awareness of on-boarding originating businesses and escalated punishments of financial institutions that sign up these fraudsters have helped to reduce this problem.
Next, ACH check conversion came along. An ACH check conversion is the ability to take the information written on a deposited check and create an ACH transaction that takes its place. Often a returned check is converted to an ACH transaction, Returned Deposited Item (RDI), and sent back through for funds. There was and still is a need to have better reconcilement of check items with ACH converted check items to keep track of checks going through conversion multiple times.
With all of the phishing and man-in-the-middle/man-in-the-browser attacks we’ve witnessed recently, the consumer accounts being taken over are resulting in additional fraudulent ACH transactions. Criminals have now moved to commercial accounts, where they can initiate ACH transactions for much higher dollar amounts or modify the destination accounts in ACH files. Then there is the money muling issue, a form of money laundering where a customer of a banking institution moves money in and out of their own bank accounts—knowingly or unknowingly—aiding criminals.
So what's being done about ACH/wire fraud? There is a focus on in-band and out-of-band authentication technologies to identify that accounts are taken over; there are more consumer and business awareness campaigns; and there are more rules and reviews taking place.
Ultimately, it comes down to a layered security approach. That involves using technologies to authenticate the user, using analytics to understand customer and criminal behavior, and leveraging out-of-band technologies where appropriate or based on the level of risk the transaction presents.
In addition, a single view of the customer (something I've long advocated on this blog!) enables financial institutions to understand the short-term behavior changes across the transaction channels they use, and the macro customer transaction behavior changes of new technologies like mobile banking.