By John L. Guerra
Editor, GRC & Fraud Software Journal
Laurent Pacalin, Guardian’s new CEO
September will be a revolutionary month for financial institutions – and a great opportunity for fraudsters who target financial institutions and automated clearinghouse transactions.
On Friday, Sept. 23, a new rule from the National Accredited Clearing House Association (NACHA) went into effect that allows same day processing, including hourly payroll, person-to-person (P2P) payments and same-day bill pay.
It is the first of three phase-ins that in the next couple of years will make money from most debit and credit transactions available to customers by 5 p.m. the same day.
The rule change by NACHA, which moves $40 trillion a year through 22 billion transactions for 13,000 financial institutions, will provide same-day transaction processing — while attracting fraudsters to the revenue stream.
Before the change, electronic debit and credit transactions took one to two days to process. The accelerated, same-day system will let financial institutions attract new customers, establish a competitive fee strategy and win new business.
Not only that, but banks can collect a small fee per transaction: Receiving banks will receive 5.2 cents for each ACH transaction processed same day, a new revenue stream that will build quickly as the public adopts Same Day ACH.
Fraud opportunity grows
That 5.2 cents per transaction revenue could be lost in drainage to fraudsters who take advantage of the faster electronic transactions, said Guardian Analytics CEO Laurent Pacalin.
He agreed to sit down with GRC & Fraud Software Journal to discuss how financial institutions can battle fraud once same day ACH comes on line.
With the present 1-2 day transaction timeframe, if the financial institutions or originators notice any anomaly, they can easily stop, cancel, or revert the transaction.
In other words, the slower ACH network provided a time cushion for FI’s to catch suspicious transactions. With same day transaction settlement, that window for discovering fraud shrinks, Pacalin said.
“Just as wire transfers have been popular with fraudsters because of the speed with which they can access the funds and move them out of reach,” Laurent says. “Same day ACH will now provide criminals with this same benefit.”
More ACH files needing to be posted and cleared in a time frame that is being reduced from 2 days to 2 hours will place tremendous pressure on operational processes and staffing.
“The processing times are much shorter with two settlement times each day,” Pacalin said. “The same number of staff have to go through more transactions in a shorter amount of time. There’s a much higher chance of missing fraud.”
ACH fraud typically involves the theft of a customer’s data via malware to facilitate the creation of unauthorized transfers or payment requests.
Most of these payments are then subsequently laundered through “mule accounts” or established accounts that have been created by the criminal.
How fraudsters do it
Fraud experts at Guardian Analytics and elsewhere say criminals take advantage of financial institutions several ways.
- Submit large volume of payments just before the cut-off time, forcing financial institutions to rush through the review process. That lets some payments get through undetected
- Submit payments that are just under the FI’s review threshold so they’re missed by the bank
- Target other channels or payment types, knowing that FIs may pull resources from those departments to meet ACH deadlines.
- Employ social engineering techniques against account holders, resulting in payments that look legitimate because they’re coming from the actual account holder.
- Add recipients to payroll files or change account information for existing recipients within a payroll file, which will be much harder to detect under Same Day ACH time constraints.
- Compromise third-party senders and submit fraudulent payments into which ODFIs cannot see.
Guardian Analytics: Battling the bad guys
Guardian Analytics “leverages machine learning and advanced big data analytics methodologies to assist financial institutions to identify and fight financial transaction crime, with a single technology platform across all channels,” Pacalin said.
The company just released what it says is the industry’s first real-time solution to protect against fraud risk created by Same Day ACH.
Based on the experience of more than 140 Guardian Analytics’ ACH customers, the company designed the ACH Real-time product to meet the demands of Same Day ACH and future faster payments initiatives.
The software-as-a-service solutions – ACH-ODFI Real-time and ACH-RDFI Real-time – intervene by automatically holding high-risk batches for further review, and expediting low-risk batches for further processing.
To view a webinar on the software, go here.
U.S. will see rise in payments fraud
“Same Day ACH will greatly reduce the amount of time in which financial institutions can assess transaction risk,” said Julie Conroy, research director at Aite Group.
“We’ve seen that fraudsters are quick to capitalize on the exposure this creates in other countries that have moved to faster payment processes, and the U.S. will be no exception.”
Guardian Analytics, best known for its behavioral analytics, uses a proprietary algorithm to spot account takeover and other banking fraud based on the behavior associated with a specific account.
The SaaS solution is designed for Chief Risk Officers, Chief Information Security Officers, fraud managers, and payments professionals trying to prepare quickly for the advent of Same Day ACH, Pacalin said.
With Guardian Analytics’ ACH Real-time solutions, banks now have the ability to prioritize their investigations by focusing on the high-risk batches, while automatically releasing the low-risk batches.
That way, the investigations occur in the background, ensuring an uninterrupted of transactions and a positive experience for consumers.