The US automated clearing house system is enjoying booming
volume growth, spurred by migration to electronic payments and a
growing number of users accessing its network. But with volume
growth has come a heightened fraud risk, requiring banks to adopt
robust risk monitoring and control measures.
Volumes processed by the US automated clearing house (ACH)
system have soared, increasing from 3.9 billion in 1996 to nearly
16 billion in 2006; transaction values almost tripled to $33.7
trillion during the same period. “Annual ACH payment volume
continues to double every five years, and growth is occurring
across all transaction categories,” proclaimed Elliott C McEntee,
president and CEO of the National Automated Clearing House
Association (NACHA), in his 2007 review. NACHA predicts a volume of
25 billion transactions valued at $50 trillion by 2010.
Go deeper with GlobalData
ACH volume growth is being propelled not only by increasing use
of electronic payments in general, but also by aggressive
promotional efforts driven by NACHA to attract more users. Notable
growth has been achieved in markets such as pre-authorised consumer
bill payments, business-to-business payments and internet-initiated
ACH payments, of which NACHA estimates 85 percent are to pay bills
via online billing services’ or company websites.
Another major growth area for the ACH system is the conversion
of paper cheques to electronic format. In 2007 SVPCO Image Payments
Network, the electronic cheque and cheque image exchange unit of
ACH The Clearing House Payments Company, reported that cheque image
volume grew in 2007 to 747 million, up 376 percent on 2006 volume.
The total value of cheques converted to electronic format in 2007
was $5.3 trillion.
Overall, increasing ACH volumes have produced considerable
economies of scale. Notably, NACHA predicts that ACH clearing and
settlement costs per transaction will decline from 1 cent in 2006
to 0.7 cents in 2010. ACH costs per transaction were 3.5 cents in
1995 and 1.5 cents in 2001.
However, the huge increase in volumes and ongoing success in
tapping into new markets has altered the ACH system from being a
relatively closed system with trusted participants and negligible
fraud to one that has become increasingly vulnerable to fraud.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“We know from history that fraudsters tend to migrate to the
least resistant path or product,” said Tim Brady, senior
vice-president for loss management at US bank Wachovia. “As banks
and consumers move toward ACH as a channel of choice for payments,
fraudsters will make it their channel of choice unless fraud
prevention practices and tools block their way.”
Underscoring Brady’s view, Avivah Litan, an analyst with IT
research and advisory company Gartner, said: “With broad changes
under way in the payments system, all indications are that the ACH
channel will become an increasingly attractive target for
fraud.”
A gauntlet of risk
Risks faced by the ACH systems are spelled out by Memento, a
developer of risk, fraud and compliance solutions to the financial
services industry. The risks include:
• increased credit, reputation and transaction risk resulting
from increasing non-recurring ACH transactions and growth of
third-party payment processors, a situation that gives banks less
visibility into the legitimacy of ACH transactions;
• new transaction types such as back-office conversion of
cheques into electronic format, internet and telephone ACH
transactions give fraudsters increased access to the ACH channel
and customer accounts;
• new ACH network participants in the form of third-party
service providers originating electronic billpay transactions and
merchants originating cheque conversion transactions result in
minimal and inconsistent monitoring of new originations; and
• one-day settlement times for ACH transactions leave little
room for error and more opportunities for fraud.
“The multitude of new payment types coupled with the explosive
growth of electronic payments has opened up the ACH channel to
numerous risks that banks must take control of or they will lose
more than just customers and credibility,” said Memento’s CEO, BC
Krishna.
Memento has launched a new product, Memento Security,
specifically designed to enable banks and credit unions to monitor
key applications such as general ledger activity or customer call
centre records where, according to Memento, evidence of fraud and
inappropriate activity first appears.
Potential fraudulent activities monitored by Memento Security
include identity fraud, insider fraud and counterfeiting. Other
more subtle forms of fraud are also monitored, including reverse
phishing. In a warning to ACH users, NACHA explained that reverse
phishing differs from normal phishing attacks in which criminals
send e-mails attempting to fraudulently obtain a company’s bank
account details. Instead, in reverse phishing a company could, for
example, receive e-mails purporting to be from a trading partner
asking for changes to be made to bank and account numbers used to
receive ACH payments for invoices. Believing the requests to be
legitimate, the company does as requested, the result being ACH
credits originated by the company being directed into the bank
account of the fraudster/s.
New twist on old fraud
Another fraud long associated with paper cheques – kiting – is also
finding its way into the ACH system. One of the most prominent
cases of ACH kiting resulted in the conviction of Samuel Brevdeh,
the president of now-defunct New York billpay service provider
CashPoint in late 2005. According to court documents, Brevdeh and
others initiated numerous bogus ACH debits of accounts, in many
instances accounts of CashPoint agents that had been closed or
accounts of agents Brevdeh knew were not backed by sufficient
funds. Brevdeh knew that these debits would be returned unpaid but
exploited the time interval before the debits bounced to
fraudulently gain access to funds and use those funds for
CashPoint’s operations. When bogus debits bounced, other bogus
debits were initiated to cover the funds shortfall.
Illustrating difficulties in dealing with ACH kiting, Memento
quotes the head of security at a bank as lamenting: “Our kiting
detection system is geared toward paper-based schemes, but recently
we found a kiting scheme that was being perpetrated through ACH
transactions via accomplices in two other banks. It’s a new twist
on an old problem, one that could cost our bank millions, but we’re
just not prepared for this.”
