Friday , December 13, 2024

New Nacha Rules Take Aim At Credit Push Fraud, Handing a Clearer Role to Receivers

Nacha, the governing body for the automated clearing house network, has approved a new set of rules aimed at curbing the growing threat of credit-push fraud.

Credit-push fraud uses social engineering and email phishing attacks to deceive someone into sending funds to a criminal-controlled account. Common examples of credit-push fraud include business email compromise, vendor impersonation, and payroll impersonation. Of these scams, business email compromise is the root cause of payments fraud at a majority of organizations, according to the Association for Financial Professionals.

The FBI’s Internet Crime Complaint Center’s 2023 annual report found there were 21,489 BEC complaints in 2023 totaling $2.9 billion in reported losses, making it the second-costliest type of cyber-crime.
“These schemes largely rely on social engineering to induce action by the account owner to initiate a payment. AFP concluded 71% of companies were victims of payments fraud via email in 2022,” Michael Herd, executive vice president of ACH network administration at Nacha, says by email. “These payments are often knowingly sent and are therefore an authorized payment.”

The new rules establish a base-level of payments monitoring of all parties in the ACH network, with the exception of consumers, and for the first time give receiving financial institutions a defined role in monitoring the ACH payments they receive. Receiving financial institutions are often in the best position to identify credit-push fraud, Herd says. The new rules do not shift the liability for fraud.

The new rules will enable fraud detection to begin with the origination process go through to the point of receipt. When fraud is detected during the originating process, an originating depository financial institution can request the payment be returned for any reason. On the back end, a receiving financial institution can request the transaction be delayed so it can be more closely examined or so it can return a suspicious transaction on its own initiative, without waiting for a request, a reversal, or a customer claim.

“Originators and originating depository financial institutions will still play a critical role, and for the first time, receiving depository financial institutions will have a defined role in the monitoring of ACH payments,” Herd says.

Check Also

Slope Taps Marqeta for a B2B BNPL Card; Equipifi Partners With Synergent on BNPL

Slope, a provider of buy now, pay later solutions for business-to-business transactions, announced early Thursday …

Digital Transactions