Most banks and fraud experts agree that Automated Clearing House fraud (ACH fraud) results in large part due to the customer’s failure to protect their data and then appropriately monitor and reconcile their account activity. Certainly, the customer can, and should do more to protect themselves against ACH fraud. Many of the steps needed to reduce a company’s exposure to ACH fraud are not all that complex. For example, ensuring that employee passwords are changed frequently, as well as reconciling accounts (ideally on a daily basis) can go a long way to reducing ACH fraud risk.
Given the state of the economy, most companies are focused on survival, not building in layers of security for a fraud that may, or may not happen. Just like many types of fraud, until the probability of fraud losses resulting is sufficiently high enough, companies will continue to “avoid the bullet” that may be coming their way.
If customers are not feeling a sense of urgency, or are unable or unwilling to increase their defenses around ACH fraud, are banks filling the void? Well, the answer is “it depends”. I recently visited ten job boards (monster, hotjobs, etc) and entered “check fraud” in the search terms. The list of results was often 3 to 4 pages long. I did the same for “ach fraud” as well as “wire fraud”. The results were far less impressive and typically did not exceed 1 page, and included less than 5 jobs. Does this mean that ACH fraud is not a priority for banks? I am not sure, but the lack of jobs with ACH fraud as a component is certainly interesting. It could be that banks roll ACH fraud under check fraud and choose not to detail in a job description. Maybe, but that also infers that ACH is not “top of mind”…
From my experience, “big banks” are well aware of the threat and have staff dedicated to ACH fraud detection. Mid sized banks are hit or miss. Some recognize the threat and have dedicated resources to combating ACH fraud. Others don’t really know how to approach the problem and seem caught in a “no man’s land” – the losses are large enough to justify concern, but not large enough relative to other loss types to justify action.
In either case, ACH fraud is a hot topic these days and one that Bank Fraud Forum has devoted significant coverage to. Below are some additional articles that I encourage you to read for more information if you are interested.
Does your bank have investigators dedicated to investigating ACH fraud? Are they tasked with both ACH and wire fraud? If the volume of ACH fraud continues to climb, can you easily re-task those investigators from check fraud? What tools do you use to detect ACH fraud? Is ACH fraud even on your bank’s radar?
Peer Comments
Golfwidow says:
Your point about banks being ‘unable or unwilling’ to deal with fraud is well taken. In the stringent financial situation currently being experienced by banks across the board, there must be reluctance to tackle what is an invisible crime. Banks must be asking themselves, ‘When does it become less expensive to set up a salaried employee (or employees?) with all the costs that entails than to let a fraud go and write it off as running costs?’
As an outsider, can I ask this question? Is there not an argument for having a kind of ‘flying squad’, financed by a number of banks working together to spread the cost, which can come in and do a review of systems to combat fraud? There are national, legal systems to deal with fraud already in place but a regular ‘fitness test’ by a approved intervention process could keep the bank healthy and decrease the flaws lying waiting for exploitation by a fraudster. We call in decontamination specialists to deal with dirt. Why not call the experts on fraud?
posted Fri Feb 26, 2010 at 04:49 pm
Paul McCormack says:
Great questions. I’ll do my best to answer…
Reluctance to tackle fraud losses varies by bank, but when in survival mode most banks, and most companies for that matter will often accept fraud as the “cost of doing business approach”. I note in quotations marks as fraud professionals hear that refrain often - too often in fact. It is code for accepting the status quo.
Regarding your idea to create a “flying squad” - Bank regulators expend considerable time and effort to ensure that banks take both internal and external fraud seriously. They can and do become involved in the tactics of how a bank detects fraud, but their primary role is to critic what is in place rather than share best practices across banks in the collaborative manner you suggest. As we have seen from the recent economic turmoil as well as notable frauds (Madoff anyone?), regulators are hard pressed to deal with the increasing complexity of the US banking system.
There are consulting firms that help banks perfect their approach to fraud, share best practice etc. They can, and do provide valuable assistance, but at some point, the consulting engagement will end and the bank will be left to its own devices to combat fraud.
Where does this leave us?
I would suggest that bank fraud professionals should speed time networking with their peers at other banks. Your peers will be able to share best practices in so many areas including how they use technology to detect and prevent fraud. This blog and others like it, is a great way to establish connections with fraud professionals from around the world.
Thanks for your comments. You asked some very interesting questions.
posted Mon Mar 8, 2010 at 05:28 pm