Skip to Main Content
PCBB Banc Investment Daily September 18, 2017
Banc Investment Daily
September 18, 2017

Stay Engaged with ACH Risks

Being a workaholic is bad, right? Well, a new study recently reported by the Wall Street Journal finds the problem is not necessarily working long hours, but working a lot and not being engaged. Researchers presume that workaholics who enjoy their work reach out for support when needed, which helps mitigate health risks such as high blood pressure. This is a good thing since bankers may find themselves working longer hours due to ACH and wire fraud.
Schemes to perpetrate ACH or wire transfer fraud, including corporate account takeover, are a big concern because they tend to have a greater impact in terms of loss per incident. Since ACH and wire transfer payments are executed quickly, victims have a much smaller window to discover the crime, report it, or reverse a transaction. Increasingly sophisticated cyber-criminals are using business email compromise scams frequently because they are cheap, easy and effective. Recall this is where thieves send an email to the finance group pretending to be a top executive and demanding immediate wire transfer of funds.
Last year alone, wire fraud outpaced online fraud, check fraud and credit card fraud. It accounted for more than $50B in annual losses, according to FBI estimates, industry reports and fraud executive interviews conducted by a fraud industry consultant. The top 10 fraud types combined accounted for about $181B in annual losses.
Enhanced fraud practices like phishing and email scams are becoming convincing enough to sway even the savviest business customers of your bank. In fact, scam artists can usually extract a higher payday from businesses. Indeed, given the growing focus on business attacks and the increased sophistication, wire fraud losses are about $63k per occurrence, but can cost as much as $1mm. Worse yet, you can expect this number to increase.
Similarly, fraud cases are growing in ACH, as these electronic payments have become one of the primary means of noncash payment in recent years. According to the 2016 Federal Reserve Payments Study, ACH payments have been growing at 8.8% per year. Now that same-day ACH credits are available and same-day ACH debits are becoming available this month, it is widely expected that more cyber-criminals will flock there for a fast, high-value, non-reversible payday.
Given the growing demand for ever-increasing speed of payment, despite the potential for risk, community banks are in a difficult spot. Your customers may want you to provide and support these services, while also helping them mitigate the potential risks. To limit the success and impact of such attacks, community banks might consider revisiting some tried and true proactive steps:
Implement solid authentication technologies & protocols. Multi-factor authentication helps validate that all parties in a transaction are who they say they are. While hardware tokens and multi-step identity validation might be overkill for smaller consumer payments, it makes more sense for larger transactions.
Take a 2nd look at the transaction's risk. Of course, taking a risk-based approach is what you do in all areas of your business already. So, making sure this is applied rigorously here is not a stretch and filling any gaps in this process could prevent big problems in the future.
Monitor transactions & behavior over time. New behavioral analytics and transaction monitoring tools are becoming more accessible and available to community banks. You may want to consider embracing these technologies to get a better, data-driven read on what is typical for each customer's account activity, and to more easily take action when needed. No doubt, with all of this on your plate, you will be sure to stay engaged.