AUSTIN, Texas – ACH fraud is growing, as crooks discover a new way to trigger sham charges and hustle off with the money. That warning comes from Gregg Bennett, owner of Pivotal Financial Resources. As part of a series of Web-based training sessions, Bennett is alerting credit unions to the risk. “What the ACH system has done is give the criminal element a means to initiate charges to people’s checking and savings accounts. Whether they do it with Web forms or telephone, they’re using all these new transaction formats – we call them standard entity classes – that have arisen over the last five years,” Bennett says. “The criminals have figured out if they can create a fictitious account at a financial institution willing to allow them to have origination abilities, they have the means to go ahead and do their fraud.” The bad guys know they have to act quickly, he continues, and get the money out before victims start to challenge the transactions. The risk expands for the increasing number of credit unions who offer business accounts. While a consumer has 60 days to question a transaction, businesses don’t have that protection, and Bennett points out perhaps 70% of members don’t balance their account regularly. The crooks follow several steps. Find an institution willing to give them origination capability. Open an account. Quickly throw money into that account from fraudulent transactions. Take the money out and leave, perhaps netting $10,000 or $15,000 within a couple days. Opening a fictitious business account is relatively easy, Bennett says. All the crook has to do is come up with a Doing Business As document. They may even present a valid DBA from the county along with a fake ID and business name. On their wish list is a list of routing and account numbers, plus an institution they can easily dupe into opening up a bogus checking account with approval to originate ACH. The challenge is access to the ACH system, which should not be granted without due diligence by the financial institution. “However, many financial institutions have no clue as to how to review whether someone is creditworthy or not. As more and more institutions add ACH to online banking services and also have ACH origination, there’s some risk there,” Bennett says. All this may be beyond the typical teenage hacker, but doesn’t require someone who has been legitimately inside the system. “I’m not trying to profile, but I’ll go ahead and be politically incorrect,” Bennett says. “You have the Nigerians, who historically have perpetrated Internet fraud. They understand how it works and the controls, or lack of controls, in the financial system. “It may be someone who had an Internet gambling or pornography site that did the billings using ACH. They found out, `Well, this is another opportunity!’” Unfortunately, he continues, when most financial institutions receive an ACH payment they simply assume the payment is okay. They do little or no review. Bennett suggests a more proactive approach, similar to that used by credit card companies when a transaction differs sharply from the cardholder’s typical pattern. [email protected]
Sign In
Sign In
Copyright © 2024 ALM Global, LLC. All Rights Reserved.