During our recent User Group meeting here in New York, we put together an esteemed panel of banking experts for an active and engaged conversation on
Same Day ACH. This is a topic that continues to heat up in fraud and risk circles to ensure that gaps are filled, and that programs are put in place to ensure that faster payments on the ACH payment rails are run in a safe and secure fraud risk environment.
On the housekeeping side, here are some of the industry changes that the panel observed would be enacted first. Same Day ACH will now have two new settlement windows – morning and afternoon, the morning in by 10:28 a.m.; out by 1:00 p.m. and afternoon in by 3:00 p.m. out by 5:00 p.m. There won’t be weekend or holiday ACH. The fee goes from originating FI to receiving FI, and it will be mandatory to receive and optional to offer it as a service. There will be three phases. Sept 2016 – originated credits, Sept 2017 – originated debits and final phases in March 2018. Now on to the core themes!
NACHA Same Day ACH Overview
NACHA Same Day ACH Overview
Credit: American Bankers Association
What were the 3 key takeaways the panel addressed for our user audience?
1. Financial Institutions will go from little or no fraud to clear increased risk quickly.
Most financial institutions have actually seen very little ACH fraud up until now – it’s only been recently that some early ACH fraud was sighted. However, experts in the fraud field predict that the problem will be that most FIs won’t be ready to address this type of fraud because they have not built out proper controls to manage the issues that may come with Same Day ACH. “We have become lax on ACH,” one financial institution commented from the panel. That needs to change. Using Same Day ACH is not mandatory, but the receiving FI’s must receive the payment. Financial institutions can decline the transaction, hold or delay the payment longer for any specific fraud risk reason. The payment issue could evolve to be customer experience oriented, or an issue related to returning any fees collected. The panel assessed that ensuring the interdiction or actions taken on a risky transaction requires good customer lifecycle planning. Certainly, customers who are expecting their payment immediately should understand what to do next if their payment is delayed for a particular risk reason.
Financial Institutions must receive incoming funds, application fraud and money mules will increase.
The financial institutions on the panel also said they expect to see a lot more application fraud that will be used to create “money mule” accounts – fraudsters, certainly, need ways to get money out of the bank but they also need a place to park it when they do. A receiving bank would be required to accept the transaction, and fraudsters happily intercept and pull the funds from newly-created mule accounts. FI’s also know that the money would move out of the money mule account very quickly, so FI’s should consider putting detection and interdiction controls even on the “money-in” transactions. Some FI’s indicated that the creation of a consortium of money mule account numbers would be useful, combined with the ability to see ACH batches and entries to the same account across customers. Money mule account detection will be critical as we move closer to the implementation of Same Day ACH. Based on the UK experience, expect to see origination at the last minute, which was a key point mentioned by our panel of experts. The fraudsters generally know an institution’s clearing cycles and time and submit their transactions around those cycles. The ability to delay, decline or approve the payment or event will be a clear requirement to a good fraud detection strategy with the right predictive payment analytics in place to solve these problems in real time. Fraud attempt rates will increase, account takeover will increase, and cyber threat attack rates are a few of the new landscape when money moves faster.
3. Financial Institution fraud risk teams need to understand what products their business is taking to market leveraging Same Day ACH.
The panel agreed that it is important that financial institutions focus on the products they are going to market with in the new faster payments environment, and noted that they should begin to prepare specific fraud prevention and detection strategies around them with respect to Same Day ACH. For example, is your business considering Same Day P2P, Same Day Bulk Payment, Same Day Bill Pay, Same Day Interbank Transfer, or Same Day Check Clearing? All of these products have specific and sometimes different fraud strategy considerations. Also, more generally, the panel agreed that in order to assist in the fraud detection process fields should be added to the NACHA format if it is Same Day and which window it is targeting. This will also be important for operational considerations.
Our panel agreed that heading to a faster fraud environment with Same Day ACH is going to make a lot of businesses and consumers happy. But clearly, to keep the customer experience at a high level and to protect banks as well, we need to develop new strategies around Faster Fraud and certainly around ACH specifically – learning from our past experiences and, from the fact that fraudsters are always moving just as fast as innovation. That’s something you can count on.