The Automated Clearing House (ACH) payment rail has seen significant growth, with the NACHA network processing 30 billion payments valued at $76.7 trillion in 2022, up 3% and 5.6% respectively over 2021. This growth has gained unwanted attention from fraudsters, leading to regulatory change and compelling the financial industry to work together.
As payments fraud continues to grow, reaching hundreds of billions in 2023, the way forward in protecting ACH transactions and other payments will require institutions to embrace a consortium analytics approach to prevention.
How Criminals Exploit ACH for Profit
Criminals have taken note of the prevalence of ACH payments, exploiting the channel to defraud victims. To facilitate ACH fraud, criminals typically need to gain control of a bank account to manipulate payments from, or debits against, the account. Criminals will do this in a number of ways, including opening a new account with stolen information to perform fraudulent transfers or executing online account takeover.
Using Authorized Push Payments (APP) Fraud for ACH
Increasingly, fraudsters targeting ACH are shifting their approach from stealing account credentials and committing fraud directly, to social engineering — manipulating your customers into initiating the fraud themselves with APP scams. With these scams, the customer authorizes the fraudulent payment, rendering most password and token controls ineffective, and obfuscating the nature of the activity for investigators.
From investment and romance scams to Business Email Compromise (BEC), the threat of APP scams is substantial. With BEC alone causing $6.7B in losses in 2023, NACHA has responded to this evolving threat.
NACHA Strengthens Their ACH Network
In October 2024, NACHA introduced new rules designed to protect against credit-push fraud scenarios, such as APP fraud. These rules change the responsibilities of all institutions involved in sending and receiving ACH payments and emphasize a whole-of-transaction approach to fraud prevention.
They include:
- RDFI Monitoring: Receiving Depository Financial Institutions (RDFIs) need to monitor their inbound ACH transactions for fraud and assist in reversing the payment in cases where a transfer is suspicious or identified.
- ODFI Requests: The rules empower Originating Depository Financial Institutions (ODFIs) to request the return of an ACH payment for any reason when fraud is detected.
- Delay of Funds Availability: RDFIs can delay funds availability for closer scrutiny of the payment.
- Proactive Returns: RDFIs can proactively return a suspicious transaction without a request or a customer claim.
These rules aim to enhance the security and integrity of the ACH Network by enabling better detection and response to fraudulent activities.
Consortium Analytics: Collaboration Against ACH Fraud
From the intricacies of APP scams that target your customers, to the lure of increased convenience of ACH channels, payments fraud has changed the way institutions need to approach risk. Consortium analytics are the key to helping financial institutions stay ahead of evolving ACH fraud and adapt to NACHA’s new rules. Without sharing Personally Identifiable Information (PII), consortium analytics provide holistic insight into payor and payee risk. This whole-of-transaction approach allows financial institutions to truly understand the nature of a payment, reduce false positives and strengthen fraud detection. This also allows for profiling the payee and payor to determine if essential details, such as the names on the transactions, are not consistent – an indication of potential fraud.
This enhanced fraud detection becomes more powerful when executed across multiple payment rails, providing deeper insights into transactions. An example of these enhanced capabilities is when considering a customer who primarily interacts with a payee using ACH, who then sends a wire transfer to the same payee.
The Way Forward in Preventing ACH Fraud
Financial institutions are being compelled toward a consortium analytics solution through regulatory pressure from NACHA rules that emphasize a whole-of-transaction approach to fraud detection, and increasingly common ACH fraud scams. Through a collaborative consortium network that enables a deeper view into risk across transactions, the industry will collectively benefit from stronger payments fraud prevention to help reign in a global epidemic of fraud.
Read our whitepaper, Payments Fraud: Collaborating to Combat an Industry Challenge, to learn more.