ACH Fraud: The Impact on Banks

Survey Shows More Accounts Hit, Dollar Losses Down
ACH Fraud: The Impact on Banks
Incidents of corporate account takeover are increasing, but banking institutions are doing a better job of preventing financial losses. That's the word from the Financial Services Information Sharing and Analysis Center, better known as FS-ISAC, whose Account Take Over Task Force has completed a first-time survey about ACH- and wire-related fraud.

According to the survey of 77 U.S. financial institutions, 21 suffered from account take-over attempts sometime in 2009 and the first half of 2010. Among those 21 institutions, 108 takeovers were reported during the first 6 months of 2010. In 2009, only 86 takeovers were reported, though FS-ISAC did not say how many institutions were affected.

The majority of survey respondents, 86 percent, were banks, with 60 percent falling under the small-bank category, meaning they have less than $1 billion in assets. About 5 percent fell into the savings-and-loan and/or credit union category, and the remaining 9 percent spanned other sectors, such as insurance.

"The results were not really surprising," says Denise Anderson, FS-ISAC spokeswoman. "Corporate account takeover went quiet for a while, but it's picked up again, and we're seeing more of it."

ACH-Related Fraud Growing

Corporate account takeover incidents related to ACH and wire fraud are a growing concern for regulators. In fact, they've been the catalyst for the Federal Financial Institutions Examination Council's June issuance of updated guidance for online authentication practices banks and credit unions should implement for commercial accounts. [See FFIEC Authentication Guidance.]

For its part, FS-ISAC has not pinpointed a reason for the 2010 uptick or surge in ACH-related fraud, Anderson says. "It's probably just that criminals are being more persistent, and they see a way to get in."

But the survey results do reveal some good news, says Errol Weiss, head of the FS-ISAC task force. The bright spot is that 36 percent of the takeover incidents reported in 2010 were stopped before fraudulent funds transfers were approved. That's an improvement from 2009, when only 20 percent of reported takeover incidents were thwarted before funds left the institution.

"Banks and customers are recognizing the situation sooner and are getting into response mode quicker, and so they're able to retrieve the funds before the transactions are irreversible," Weiss says.

According to FS-ISAC's study, in 2010, completed transactions occurred only 27 percent of the time after a takeover incident. In 2009, fraudulent transactions were completed 63 percent of the time.

But financial exposure associated with incidents of ACH-related fraud is up, and so are the overall losses. For the first half of 2010, financial exposure totaled $10.4 million and the average financial loss per commercial customer was $26.51. Comparatively, in 2009, exposure totaled $15.8 million and the average loss per customer was $19.23.

The results only account for the first six months of 2010, compared with the entire 12 months of 2009. But Weiss says dollar losses per incident are down. "While the rate might be increasing, the dollar loss amount seemed to be smaller," year over year, he says. "And we did take this was only six months worth of data into consideration."

FS-ISAC is collecting full-year results for 2010 and expects to issue an update in October. "In March, several institutions did not have all of the data for 2010," Weiss says. "But we should have all data within the next couple of days."

The survey is a deliverable from the Account Take Over Task Force. For more information, visit the FS-ISAC website.


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.