PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

How to Stop the Scourge of Credit-Push Fraud

PaymentsJournal by PaymentsJournal
October 25, 2022
in Credit, Debit, Featured Content, Fraud, The PaymentsJournal Podcast
0
How to Stop the Scourge of Credit-Push Fraud
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
https://media.blubrry.com/paymentsjournal/paymentsjournal.com/wp-content/uploads/2022/10/Nacha-005-003-Final-Draft.mp3

Podcast: Play in new window | Download

Frauds that use credit-push are on the rise. Every participant in the payments ecosystem needs to be aware of how to identify and help stop this crime.

Credit-push fraud differs from traditional debit fraud, wherein a bank account makes unauthorized payments. In credit-push fraud, the criminal uses social engineering or phishing attacks. They use these to try and convince someone to send a payment to an account that the criminal controls. One example of this type of attack is business email compromise (BEC). This is where a fraudster poses as a CEO or other executive of a company. They send an email to employees in finance, asking to transfer money to a new or different account. A fraudster could also send emails to accounts payable departments with fake contractor invoices or changes to the destination account.

Another method to promulgate credit-push fraud is payroll impersonation. This is where a fraudster sends emails to the payroll department. They claim to be an employee and say they want to switch the bank account their direct deposit goes to. They have the ultimate goal of rerouting that employee’s direct deposit to the fraudster account.

Credit-push fraud is on the rise, and to learn more, PaymentsJournal sat with Michael Herd, Senior Vice President of ACH Administration at Nacha and Sarah Grotta, Director of Debit Advisory Service at Mercator Advisory Group.

PaymentsJournal
How to Stop the Scourge of Credit-Push Fraud
PaymentsJournal How to Stop the Scourge of Credit-Push Fraud
PaymentsJournal

Industry Education Needed

 Nacha last month published a risk management framework for dealing with this issue. This fraud is broader than just ACH payments — encompassing wire payments, push-to-card payments, and payment apps. Nacha wanted to start an industry-wide conversation on the issue, said Herd.

“We thought there needed to be a comprehensive plan at the industry level to address this,” he added. “We wanted to call attention to this so industry professionals can identify and stop this fraud.”

Herd described the framework as merely a first step. It outlines the general problem and offers broad guidelines. It calls for more information sharing between financial institutions. And it calls for the receiving institution to take more of an active role in identifying potential fraud.

“Improved information sharing can counter fraud by improving awareness and understanding of fraud scenarios, enabling communication and recovery between parties regarding specific instances of fraud, and providing qualitative and quantitative data for organizations to use in benchmarking, pattern identification, and anomaly detection,” a portion of the framework reads.

Grotta noted that the release of the framework is timely. There are more digital transactions happening than ever, and thus, more fraud as well.

“This is an industry call to action, and I like the idea that the industry can come together and coalesce around best practices and create a thoughtful approach to stopping this fraud,” she said.

Difficult to Detect

This type of fraud can be difficult to detect. Often the payment is authorized by someone who has legitimate access to the sending account after they have been duped.

“The nature of this fraud, you have to remember, means they were authorized by a legitimate user,” said Grotta. “They were duped by criminals.”

Herd noted that the receiving institution, which is normally passive in these types of account-based transactions, can take on a much more active role in spotting fraud.

“The receiving institution may be in the best position to identify something irregular or suspicious,” Herd said.

Indeed, new risk management guidance for receiving institutions can address inbound transaction monitoring standards, and sound business practices for controls on funds availability for potentially fraudulent transactions and accounts, including early access to funds, Herd said.

Another issue is the often-siloed nature of financial institutions. Since many different units within an institution often act separately and don’t interact with one another, a person can overlook a potentially suspicious sign, or not share a key piece of information.

“Different payment types are also handled by different departments,” Herd continued. “There needs to be a cultural change around sharing information.”

The Importance of Being Proactive

Herd urged financial institutions to take proactive measures in upgrading how they identify and stop fraud rather than waiting until after they’ve become the victims of an attack. A key aspect of this for financial institutions is educating customers on how to spot these phishing attacks that target their employees.

“Make sure for your corporate customers you have a thorough and proactive customer fraud education program,” Herd said. “The AFP [Association for Financial Professionals] has come out and identified BEC as the single greatest threat to businesses in the payments space.”

Financial institutions, third parties, and other stakeholders can implement new and innovative customer education programs and provide fraud controls and prevention tools and services on an opt-out basis.

“Take action to avail yourselves of the fraud prevention tools that are out there,” Herd said of corporate payment system users. “Don’t wait until you are a victim; you can take action today.”

Doing so also means financial institutions can avoid having uncomfortable conversations with business clients after the fact. They have to inform the customer that a fraudster tricked them into making a fraudulent payment.

“That’s not the kind of conversation you want to have with a customer,” Grotta said.


Download the NACHA report – A New Risk Management Framework for the Era of Credit-Push Fraud

Tags: CreditDebitfraudNACHAPayroll
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    cashless payments mobile

    The Synergy Between Cashless Payments and Seamless Mobile Coverage

    September 22, 2023
    The Power of AI and How its Transforming the Financial Landscape

    The Power of AI and How It’s Transforming the Financial Landscape

    September 21, 2023
    “You’re a Fintech, I’m a Legacy Bank – How Can We Collaborate?”

    Investing in Fintech: Opportunities and Challenges in the Payments Industry

    September 20, 2023
    real-time payments across the globe

    In 2023, Real-Time Payments Expanding Across the Globe

    September 19, 2023
    AI

    AI in EBPP: Small Changes, Huge Impacts

    September 18, 2023
    Amazon

    How Tech Is Changing the Checkout Process

    September 15, 2023
    fraud risk models

    Consortium Approach Dramatically Improves Fraud Risk Models

    September 14, 2023
    Disrupting the Disruption: Where Banking Is Heading Next

    Disrupting the Disruption: Where Banking Is Heading Next

    September 13, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result