The financial industry is trying to crack down on fraudsters who use high-tech payment systems, such as remotely created checks, to steal money from consumers.
The Federal Reserve banks warned last week that they will hold banks liable if they accept deposits of remotely created checks that are found to be fraudulent. And Nacha, the electronic payments association, has formed a working group to see if its risk management system could be used to identify people who generate such fraudulent checks.
Executives of Nacha and the Fed banks said criminals are using electronic systems to create payments that clear through the check settlement system in response to efforts to curb fraud on the automated clearing house system.
Richard R. Oliver, an executive vice president at the Federal Reserve Bank of Atlanta and the manager of the Federal Reserve Board's Retail Payments Office, announced the policy change last week in a memorandum to bankers. The new rule, officially a change to the Fed's Operating Circular 3, takes effect July 15.
Jim McKee, a senior vice president in the Retail Payments Office, said that remotely created checks, produced from an electronic template based on payment instructions such as Nacha's WEB and TEL category codes, do not meet the requirements of the Check Clearing for the 21st Century Act.
"In this case, there was never a check to start with," Mr. McKee said Friday. The new policy puts the bank of first deposit on notice, he said. "We're going to push that loss back to you, if there is one."
Elliott C. McEntee, Nacha's chief executive, said this new fraud trend requires an industry response.
"We're trying to warn banks, you've got to be careful when you allow customers to deposit these remotely created checks," he said.
In his memo, Mr. Oliver noted that not all remotely created checks are inherently fraudulent or illegal.
Indeed, as Mr. McEntee pointed out, such checks are commonly used by the "pay anyone" feature of online bill-payment services, debiting a customer's account and producing the check to pay a recipient with which the service does not have a direct connection.
But the Fed and Nacha learned at a risk conference in January that use of the relatively unsupervised check clearing system to pilfer from consumer accounts is testing law enforcement agencies.
One such case involves a company known as Pharmacycards.com.
In 2004 the Federal Trade Commission sued 3rd Union Card Services Inc., a Delaware corporation, and Helmcrest Ltd., a company incorporated under the laws of Cyprus, saying they used the ACH system to improperly debit consumers' accounts on behalf of Pharmacycards.com.
The FTC charged that the companies assembled lists of customer accounts and charged them $139 each for a purported pharmacy benefit service, even though the consumers had not enrolled in the service and were notified of the charge only after the fact, if at all. The alleged scam raised $9.9 million, the FTC said.
The agency won a restraining order against Pharmacycards.com, and the high number of ACH complaints, for unauthorized debits, raised flags in the risk management system that Nacha had put in place in late 2002.
So the fraudsters shifted gears. The FTC sued Pharmacycards.com again in January 2007, this time charging that it was using remotely created checks, also known as demand drafts, to draw funds from consumers' accounts.
This approach enabled Pharmacycards.com to skirt the previous order, prohibiting its use of ACH debits, the FTC said. Mr. Oliver said the strategy also has the effect of helping fraud artists avoid detection through the ACH risk management system.
"There is no reasonable way to track returns by reason code and no central processing entity in a position to do the tracking even if it were feasible," Mr. Oliver wrote in his memo last week.
The Fed takes the position that these remotely created checks, produced from electronic templates, do not meet the definition of a check under the Check Clearing for the 21st Century Act, because these payments do not have an original paper document.
"As is the case with ACH and other payments relationships, it is imperative that you truly 'know the customer' involved," Mr. Oliver wrote.
Nacha is working on a strategy that would extend its ACH monitoring service to the check world, Mr. McEntee said. "Third parties are avoiding using the ACH network because of the risk monitoring that we have."
As outlined in a discussion paper in May, Nacha has proposed allowing paying banks to originate an ACH debit entry to make a claim on an unauthorized demand draft transaction, enabling the association to count these transactions and to identify originators based on the routing numbers of the banks of first deposit contained in the ACH payments.
Such a system could work its way through the Nacha rulemaking process in six months to a year, and could help identify bad actors, Mr. McEntee said. "These crooks move from bank to bank to bank, so you have to focus on the originator."
