Fraudsters Eyeing ACH before Launch of Same Day
July 27th, 2016
Fraudsters are good planners.
Late last month, a tier-one U.S. bank fraud executive told me his organization has already seen an uptick in fraud attacks – many months before the launch of Same Day ACH scheduled for this September.
Why the early attacks? Fraudsters are hitting the ACH system now to learn how it works so they’re prepared.
Until now ACH threats have been relatively low compared to other forms of fraud, mostly because FIs have 48 hours or more to process payments in traditional ACH, leaving time to flag fraud.
All of that changes in a Same Day ACH environment where fraudsters can get money out quickly. Yet that’s especially daunting considering many FIs don’t even have appropriate fraud coverage for traditional ACH due to low threats.
Survey: Is Current Fraud Coverage Insufficient?
In a recent industry survey of 60 FI fraud professionals conducted by NICE Actimize, 94% of respondents said Same Day ACH will result in an upswing of fraud attacks – and more than half acknowledged they don’t have sufficient fraud coverage.
According to the survey, about 60% have sufficient coverage for originated credits; 46% are covered for originated debits. Then the numbers dip significantly: 36% and 25% have coverage for received credits and debits respectively.
Those numbers are unsettling considering all FIs will be required to receive Same Day ACH transactions beginning in September of 2016, and our survey shows that about half will choose to originate services.
Rethinking Fraud Strategies for Same Day ACH
Preparing for Same Day ACH will require FIs to reconsider their current ACH fraud detection strategies.
According to our survey, FIs are likely to consider the following changes in preparation:
- The End of Manual Fraud Processes: The number of FIs willing to use manual processes to manage ACH fraud will drop to 55% from 70%.
- A move to Risk-Based Authentication: 70% of survey respondents said they’ll use risk-based authentication to prevent fraud in Same Day ACH – a sharp increase from the 48% who use rely on the technology for traditional ACH.
The rise of behavior analytics: More than 50% of survey respondents said they’ll move to transaction monitoring with behavior analytics at the channel or back end – a 20% jump from respondents who rely on these means for traditional ACH coverage.
Preparing for other Faster Payments
Even for FIs that have little interest in Same Day ACH, it will be nearly impossible to avoid preparing for faster and instant payments.
FIs now have many faster payment choices — instant P2P on clearXchange, the emergence of Clearing House instant payments in Q1 2017, and a promise from the Fed of ubiquitous real-time payments by 2020. They may also find themselves relying on Mastercard Send, which is sure to expand with the acquisition of Vocalink.
The bottom line? FIs will offer at least one, if not many, forms of real-time payments, and they’ll need layered, real-time fraud and authentication strategies that protect their environments.
The best bet is not to wait for attacks from well-planned fraudsters– but rather to get authentication and fraud controls in place before faster payment products go live.
For more, read the full results of our Same Day ACH Fraud Concerns Survey.