ACH and Wire Fraud Prevention: A Quick Guide for Safeguarding

Wire and ACH are a channel of fraudulent activity for bad actors. And the target? Banks and credit unions. 

 

Fraudsters look for weaknesses in authentication processes to obtain secure information, often taking place as phishing attacks. Then the bad actor has real, secure data to make a fraudulent entry and transfer money to themselves via a wire or ACH request. 

 

As phishing attacks become cleverer and more sophisticated, ACH and wire fraud attempts will continue. Know the red and green flags of these types of attacks so your institution can reduce vulnerabilities, and respond accordingly, should an attack be suspected. 

 

Red Flags: warning signs to detect the fraud

    • International wire requests: International wire transfers are often large dollar amounts. If fraudulent, they can result in millions of rerouted, stolen dollars.
    • Back-to-back requests: Loan transfer requests on an account shortly before a wire transfer can be an early warning sign for wire fraud.
    • Zero wait time: Granting immediate credit on loan payments increases the risk for ACH fraud. 
      Sharing wire transfer policies on your website: Giving fraudsters easy access to this information can help them to uncover a weak link in your defenses.
    • Few authentication requirements: If a phishing attack occurred, the bad actor likely has all the basic information to pass through surface level authentication.
    • Breaking or bending policies to simplify tasks: Employees may not be aware of how their shortcuts with policies or work devices expose your institution to risk.
    • Employees are not trained: Negligent employees are often the root cause of undetected fraud. Employee oversights and mistakes can cost an organization $7.2 million annually!1
    • Lack of transaction limits: Limitless dollar amounts for daily transactions and singular transaction amounts give criminals access to an endless supply of stolen funds.
    • Ignore third party ACH payment processors’ policies: Vendors with weak internal controls can open up your institution to additional liability risks.  

 

These red flags indicate weak policies and controls, exposing your institutions (and accountholders) to potential losses. 

 

Green Flags: positive practices that reduce losses 
Instead of warning signs, these green flags are positive practices or signs that indicate strong internal controls to prevent fraudulent transactions. If a financial institution is practicing these they are greatly reducing their risk exposure for ACH and wire fraud. 

 

  • Establish dual controls: Separating the authorization and verification duties of payments creates a necessary layer of security and method of protection.
  • Designate a go-to ACH expert: This individual (or team) can uncover the source of an attack. Some helpful resources include the FFIEC’s Information Technology Handbook on ACH processing, the NACHA Operation Guidelines, and the NCUA’s guidance on third party providers.
  • Continuous employee training: Employees can be a front-line defense for detecting wire and ACH fraud - if they know the signs to look for. Make sure your employees are well trained on early warning signs, response policies, and appropriate regulations.
  • Implement daily dollar limits: These limits should vary based on the payment channel (i.e. debit card versus wire transfer.) They provide a stopgap for high dollar losses. Pay close attention to international wire requests that are well above the standard dollar limit.
  • Encryption and biometrics authentication tools: Biometrics are nearly impossible to fake, especially with advanced AI.
  • MFA and multi-level security requirements: This can also look like requiring a unique PIN for account access or specific types of transactions. This should contain information that isn’t likely to be compromised in a data breach or phishing scheme.
  • Address suspected fraud concerns in less than 30 days: On average, it takes 86 days to uncover and address an internal incident.1 Ideally, the shorter the response time, the less the losses.
  • Regularly work with ACH processors: Review the daily returns on settlement accounts and evaluate daily, weekly and monthly reports – i.e. credit card kiting reports, over credit card limit reports, excessive activity reports, and cash advance reports. Working closely with your processors could help you to better understand these transactions and find early warning signs for fraud. 


For more fraud fighting strategies, sign up for Allied Solutions’ Let’s Talk Fraud webinar.

 

1https://www.dtexsystems.com/resource/conversations-from-the-inside-ep-3-slashing-the-16-2m-cost-of-insider-risk/ 

You Might Enjoy Reading

January 04, 2023 | Allied Insights
Round Up: Hot Topics Every FI Should Know
Read More
October 18, 2022 | Allied Insights
Is Crypto a Bust with Zero Trust?
Read More
April 04, 2023 | Allied Insights
Piecing Together the Digital Evolution Puzzle
Read More