More criminals are targeting your firm’s bank accounts via ACH credit schemes, intercepting payments you’re already making from these accounts.
Credit schemes can be harder to target because the payments are often authorized to fraudulent accounts unknowingly by well-meaning Finance pros. And once the money’s gone, it can be a huge hassle to get it back.
Nacha’s currently rallying banks to help decrease the likelihood that your business will become a victim of one of these schemes. The organization recently released a risk management framework identifying the top fraud schemes targeting ACH credits right now – and some strategies banks and companies can take to avoid them.
Popular ACH credit fraud schemes
Currently, some of the most common fraud schemes targeting ACH credit payments are:
- Business email compromise schemes. In these schemes, a criminal either steals an employee’s email account or makes a spoofed email address. Then, the crook reaches out to a Finance staffer to request the transfer of company funds into a fake account.
- Vendor impersonation fraud. Here, A/P receives a request from what looks like a valid supplier or contractor to update their account information, so when the actual vendor is paid, the funds go to the fraudster’s account.
- Payroll impersonation fraud. Fraudsters will reach out to Payroll, saying they’re an employee who needs to update their bank account info for direct deposit. They’ll either steal a valid employee’s credentials or create a fake email address to make the request. Then, the employee’s pay will go straight to the fraudster’s account on payday.
- Account takeover fraud. In this type of fraud, a criminal gains access to an employer’s bank account with valid login credentials (either through theft or misuse) and initiates several fraudulent credits from the account to a separate account they’ve set up. Account takeover fraud can be devastating, since the crook has full access to the employer’s account and can wipe it clean in minutes.
Stopping fraud schemes
To prevent these schemes, Nacha’s risk management framework has three goals:
- Increase awareness of fraud schemes involving credit payments
- Reduce the incidence of successful fraud attempts, and
- Improve the recovery of money after fraud has occurred.
As a start to achieving these goals, Nacha’s calling on the banking industry to define the role of the account-holding institution, particularly for those institutions that receive credit payments so they can be more active participants in fraud prevention by identifying and freezing transactions that look suspicious or questionable.
Nacha’s also asking financial institutions to get better at sharing information with each other – not only about the latest fraud schemes, but about fraud patterns and specific instances where fraud occurred. This data can be used to better identify potential fraud before it negatively impacts companies.
Lastly, Nacha would like financial institutions to work closer with employers to educate them on what they’ve learned about fraud prevention, encouraging companies to implement security controls and use tools proven to fight fraud.
Next steps: Nacha will work toward the goals in its risk management framework by partnering with institutions in the payments community that use the ACH Network to create new standards for payments (and potential changes to Nacha’s operating rules) that take fraud prevention into account. We’ll keep you posted.