Thursday, March 28, 2024
While the new rules don't shift liability for fraudulent ACH payments, they do include a defined role for financial institutions receiving ACH payments to monitor those transactions for possible fraud. This is the first time receiving FIs have been brought explicitly into the fraud fight, Nacha noted.
"All participants in the ACH network have a part to play in reducing the incidence of fraud, and recovering when fraud has occurred," said Jane Larimer, Nacha president and CEO. In a recent blog post, Larimer wrote, "These new rules bring new things to think about and, for many organizations, new ways of approaching fraud detection." She added that Nacha is preparing educational resources and implementation guidance to go along with the new rules.
Nacha, in a press release, stated, "While the new rules apply to ACH payments, their principles and techniques are more broadly applicable to all types of credit push payments." Credit push refers to a payment scenario where a payers authorizes their FI to "push" (originate) a payment to a destination account. Direct deposit is a typical credit push payment.
The number of business reporting ACH fraud has increased 6 percent since 2021, the Association for Financial Professionals stated, adding that more than half of organizations with less than $1billion in revenues reported they were unable to recover funds lost to ACH fraud attacks.
The ACH was used to move just shy of 14 billion credits last year valued at $52.7 trillion, according to Nacha.
Unfortunately, ACH fraud is easy to commit, since all that is needed is an FI's routing number and the customer's (victim's) account number. While historically Nacha rules have focused on ACH debit fraud, Larimer mentioned in her blog post that credit fraud is picking up steam, leading Nacha to create a framework for managing credit risk fraud.
Business email compromise (BEC), vendor impersonation and payroll impersonation are examples of frauds that result in money being "pushed" from a payer's account to an account controlled by a fraudster.
The FBI said it fielded 21,489 BEC complaints totaling $2.9 billion in losses last year, making it one of the costliest types of cybercrimes. The AFP reported that BECs are "highly prevalent and are the root cause of payments fraud at a majority of organizations."
The new rules follow the flow of an ACH credit to promote fraud detection from the point of origination through the point of receipt at an account at a financial institution, Nacha explained in press release.
When fraud is detected any number of remedial actions can be taken. The originating FI can request the return of a payment for any reason. Receiving FIs can return any suspicious transactions on their own. Receiving FIs also are allowed to delay posting of funds to a customer's account (within the confines of funds availability regulations).
Also, a provision in the new rules supports transaction monitoring for ACH credits used for payroll transactions. 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
