The tighter processing deadlines of same-day ACH mean that conventional fraud prevention measures will no longer be adequate or effective.
Labor-intensive processes like manually communicating a suspicious transaction to the customer through phone calls and recorded messages are incredibly time-consuming and costly, requiring additional back-office employees to manage fraud.
Instead, financial institutions should realize the value in making fraud prevention a collaborative effort with the customer as it is the account holder who can undoubtedly determine whether a transaction is authorized or not. This strategic approach to fraud prevention will help ensure that financial institutions and their customers, not fraudsters, enjoy the benefits of same-day ACH.
The path to same-day ACH began more than a year ago, in May of 2015, Nacha members approved same-day ACH to support same-day capabilities for virtually any ACH transaction, creating opportunities for businesses, governments and consumers who want to move funds faster.
After months of awaiting these changes, we have finally arrived at the first implementation date of same-day ACH. The industry has simultaneously anticipated the benefits and convenience of same-day’s expedited payment processing and settlement times while also voicing concerns about the rule’s impact on fraud, as cybercriminals will be able to move funds more rapidly and financial institutions will have less time to review the validity of transactions.
Not lost in these discussions are references to the U.K.’s £29.9 million surge in online banking fraud since 2008 after initiating its Faster Payments Service. To prevent a similar situation here in the U.S., financial institutions must understand the tactics fraudsters will likely employ to exploit the benefits of same-day ACH.
Since the new rule will be enforced in phases, financial institutions can leverage the staggered implementation process to prepare and shift their approach to preventing fraud accordingly.
The first phase begins September 23rd and will only involve credit transactions.This means that financial institutions and their customers should be wary of account takeover fraud, which occurs when cybercriminals redirect money transfers for legitimate payments to their own accounts by altering the account and routing number of intended payees.
Financial institutions can effectively prevent this by systematically monitoring outbound credits and if a new account and routing number is introduced, the transaction can be automatically suspended. Then, using an out-of-band alert, the customer would be notified of the suspicious transaction and would have the chance to verify or deny said transaction in real time. This eliminates the need for manual reviews and call-back procedures, which allows bank and credit union employees to focus their efforts elsewhere.
Debit transactions will become eligible in September of 2017 and the final phase, effective March of 2018, will require that funds are made available by 5 p.m. local time, rather than at the end of the Receiving Depository Financial Institution’s processing day. Once these phases are enforced, financial institutions must also be able to prevent unauthorized debit transactions in real time. Actionable alerts that prompt immediate guidance from the customer will be crucial in stopping fraudulent transactions in a same-day environment.
Deborah Peace is CEO of ACH Alert.
