In the recently released annual AFP Fraud and Control Survey, the uptick in ACH fraud continues from the prior two reports, indicating some changing patterns as fraudsters continuously seek new channels of mischief to feed their income expectations. This reference article appearing in CFO provides a high-level summary
‘In 2018, 33% of organizations were subject to ACH debit fraud and 20% were subject to ACH credit fraud, each up several percentage points from 2017, according to the Association for Financial Professionals’ Payments Fraud and Control Survey, released on Tuesday. What’s more, ACH was the only payment method that experienced a year-over-year increase in the percentage of companies that experienced instances of fraud.’
The author references AFP survey findings that ties to not only the initiation of payments but the scams leading up to them, which can involve elaborate social engineering, and can also be tied to data breaches months before. We have covered these extensively, most recently in a report titled Fighting Payments Fraud: No Rest for the Weary. The effort falls most directly on banks, where the need for risk management effectiveness are a fundamental core of the industry. However, the scams most typically target the corporate sector prior to the payment request.
‘Business email compromise (BEC) schemes that target individuals responsible for payments through social engineering and other methods were the method by which 33% of respondents said fraudsters accessed ACH credits (a direct payment pushing funds into an account) in 2018, up from 12% in 2017….What measures are companies taking to combat such fraud? Reconciling accounts daily to identify and return unauthorized ACH debits (a direct payment that pulls funds from an account) is the most commonly used, by 65% of respondents. About 63% block all ACH debits except on a single account set up with ACH debit filter/ACH positive pay, and 37% block ACH debits on all accounts.’
The fact that this issue of payments fraud requires ongoing vigilance is really not news, however, companies across the landscape have varying degrees of investment and expertise in combating these scenarios. They should be working collaboratively with industry partners (including FIs) to remain diligent, otherwise may find themselves on the wrong side of very large financial and reputational consequences.
‘Overall, more than three-fourths (82%) of companies surveyed were targets of payments fraud last year, according to AFP. However, losses were limited. More than half (57%) of financial professionals reported that their organizations did not incur a direct financial loss as a result of fraudulent activity, and 19% reported a financial loss of less than $25,000.’
Overview by Steve Murphy, Director, Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group