Fraud and Risk in the ACH Network

Fraud in the ACH network can occur through various channels, but there are steps financial institutions and businesses can take to help mitigate the risk of fraudulent activity, said Jane Larimer, executive vice president of ACH network administration and general counsel for NACHA, the Electronics Payments Association. Larimer, who also serves on the advisory group for the Atlanta Fed's Retail Payments Risk Forum, discusses some of those steps in a recent Payments Spotlight podcast.

Corporate account takeovers, a type of fraud that occurs when an organization's banking credentials are stolen and used to make unauthorized ACH transactions and wire transfers, have been a big issue over the past year, affecting a number of businesses, municipalities, and school districts. Among other things, Larimer advised businesses and financial institutions to institute best practices to help mitigate the risk of fraud. The number one thing businesses can do is employ the somewhat old-school habit of reconciling their accounts daily, she added.

NACHA, which is responsible for implementing the risk-management framework for the ACH network, recently began requiring financial institutions to register their direct-access relationships with originators or third parties. Doing so helps the industry measure such relationships and gauge the additional risks they might pose to the ACH network, explained Larimer.

Rules recently implemented by NACHA, such as network enforcement rules and company name rules, are bearing fruit, according to Larimer. Combined with more effective risk-management processes, the new rules have contributed to the steady decline in the return rates in unauthorized debits, a common measure of risk in the ACH network. As recently as the first quarter of 2010, the absolute volume of unauthorized debits was down 16.2 percent from the same period in 2009, noted Larimer. Further, the decline in the volume of unauthorized returns is part of a broader trend in which overall return rates—including closed account and valid account NSF returns—are declining.

Despite recent gains over the past couple of years, Larimer cautioned that "high-risk activity hasn't gone away completely, and so as an industryâ?¦,¦we need to all be safeguarding against payments risk in whatever channel it shows up in." She stressed that industry participants must stay on top of risk-management practices and continue monitoring for risk in the system.

For more information on risk and fraud in the ACH network, be sure to listen to the podcast or read a recap of Larimer's interview on Portals and Rails, a blog produced by the Retail Payments Risk Forum.