ACH Fraud: Catching Incidents Sooner

ABA's Johnson Says Better Detection Has Decreased Losses

By , September 1, 2011.
ACH Fraud: Catching Incidents Sooner

Doug Johnson of the ABA and FS-ISAC says banks and commercial customers are improving efforts to catch and thwart incidents of corporate account takeover, a sign that the industry is moving in a positive payments direction.Detecting fraudulent ACH and wire requests before they lead to big financial losses is a heartening sign, says Johnson, vice president of risk management policy for the American Bankers Association and a member of the Financial Services Information Sharing and Analysis Center. [See ACH Fraud: The Impact on Banks.]

According to a March survey of 77 U.S. financial institutions, losses associated with ACH and wire fraud dropped from 2009 to 2010, despite a marked increase in the number of fraudulent transfer attempts.

"Only 27 percent had losses for the first six months of 2010, and 63 percent had losses in 2009," Johnson says. "It shows that when you put together an approach that tries to address the threat, not only at the bank level, but also at the customer level, you can have an impact on the environment and diminish the fraud."

The customer plays a central role when it comes to minimizing losses associated with corporate account takeover.

"You can't manage what you can't measure; so if we can set some benchmarks for where account takeover is currently, with the amount of losses and see what direction it's going, then we can take steps to tackle it," Johnson says. "Are we doing better at detecting and deterring these takeovers? ... We have to have that benchmark data to determine if the steps we are taking are effective."

And when reviewing recent steps institutions have taken to curb ACH-related fraud losses, it's clear that customer and member education are making a difference. Many institutions have found educational symposiums and seminars to be "very effective," Johnson adds.

That customer education piece also conforms to updated online authentication guidance issued by the Federal Financial Institutions Examination Council's in June. [See FFIEC Authentication Guidance.] Customer and member education have been identified by regulators as being one of the tenets of online security.

During this interview, Johnson discusses:

  • Why, despite industry efforts to mitigate losses, corporate account takeover attacks are expected to continue;
  • The role evolving risk management and benchmarks will play in steps institutions and commercial customers take to curb fraud losses;
  • Why collaboration between banking institutions and commercial accountholders must continually improve.

Johnson currently leads the ABA's enterprise risk, physical and cyber security, business continuity and resiliency policy and fraud deterrence efforts. He has assisted in the ABA's release of a series of resources to deter bank robberies, assess information technology risk, deter phishing, safeguard customer information and buttress emergency preparedness. He also represents the ABA on the Financial Services Sector Coordinating Council, which advises the federal bank regulatory agencies on homeland security and critical infrastructure protection issues, and serves on the BITS/Financial Services Roundtable Security Steering Committee, in addition to his involvement with FS-ISAC.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Top 10 Influencers in Banking InfoSec

BankInfoSecurity and CUInfoSecurity announce their third annual list of Influencers, recognizing...

Latest Tweets and Mentions

ARTICLE Top 10 Influencers in Banking InfoSec

BankInfoSecurity and CUInfoSecurity announce their third annual list of Influencers, recognizing...

The ISMG Network