“ACH fraud” is the theft of funds through the Automated Clearing House financial transaction network. The ACH network acts as the central clearing facility for all Electronic Fund Transfer (EFT) transactions in the United States, representing a crucial link in the national banking system. Same day ACH brings with it a multitude of potential new risks. The quick turnaround times and increase in volume of transactions within a given day mean that manual investigation alone is no longer sufficient. A real-time, intelligent solution is now an urgent requirement to prevent ACH fraud.
As it stands today, ACH fraud is an easy type of financial fraud to commit. All the fraudster needs is an account number and a bank routing number to execute the fraud. In the simplest form, the fraudster uses this information to initiate payments to make purchases or pay off debts.
Today, with the financial services industry embracing AI/ML to a high degree in so many areas, one would think AI/ML would be used to detect and prevent ACH fraud, but this is not generally the case. Even the largest banking institutions seem to wash their hands with regards to ACH fraud, leaving their customers to absorb the losses. ACH fraud on businesses has increased by 15% YOY since 2019.
ACH fraud is also a scheme used in money laundering. Fraudsters move funds from one illegitimate source to another (known as “layering”) to make it difficult for institutions and authorities to track the original source of the illicit funds.
The same day ACH limit was increased from $100,000 to $1 million effective March 18, 2022, so the potential risk is much more serious today. Companies will need to be extremely vigilant when monitoring their bank accounts for any transactions that appear to be out of the norm or unexpected. The window of opportunity to detecting ACH fraud for consumers is typically 60 days, but for businesses it’s just one day.
Major Banks View of ACH Fraud
ACH fraud may be on the rise, but banks and other financial institutions tend to look the other way instead of stopping ACH fraud in its tracks and keeping account holders safe.
Detection is really the key with ACH fraud, especially around business accounts. Under NACHA (an organization that governs the U.S. ACH Network) rules, “consumers” need to alert their institution within 60 days in order to recover funds. For some reason, “businesses” only have one business day to report the fraudulent transaction. Therefore, monitoring becomes critical. Daily review of the credits and debits of the business is essential in detecting fraudulent activity. In addition, there are some services that businesses should look at from their banks such as “ACH Blocks” or “ACH Filters” and positive pay type services. Unfortunately, these services are not always available.
As for my business bank, Bank of America, a quick Google of “ACH fraud Bank of America” turns up many histories of the bank shrugging its shoulders when confronted by a customer who experienced missing money from their account. Instead of investing in technology to protect their customers, their remedy is to close the account and create a new one (I was given this advice, see my personal case study below). Obviously, this process is time consuming, inconvenient and would simply kick the can down the road until the fraud occurred with the new account. My bank does not offer ACH blocking services; no reason given.
Not all banks are sitting on their hands with ACH fraud. Capital One for instance, has embraced AI and ML on their customer’s behalf.
How AI/ML Can Help
ACH fraud continues to grow and evolve in sophistication. Relying on conventional approaches and inefficient processes results in ineffective fraud programs. Fraud detection and prevention is mired in the limitations of data from a single financial institution. Without early protection from emerging fraud threats, deeper insights into customer interactions, or the labeled data necessary for effective machine learning — the customers of financial institutions face greater risk of fraud loss. Financial institutions that embrace innovative, technology-driven approaches can overcome these limitations, ultimately reducing customer friction, preventing losses, and strengthening their overall fraud program.
One of the biggest advantages of AI/ML for financial institutions is the use of these technologies for detecting and avoiding fraud. Of course, this is a benefit to customers, not directly to the banks themselves. If they wash their hands of any responsibility for the fraud, then it is the customers left holding the bag. A more forward thinking strategy would be to invest in AI/ML technologies in support of addressing the growing fraud problem. Cyber criminals are growing more sophisticated and broadening the attack surface. Fortunately, many tech companies are rising to the challenge, see below video from Guardian Analytics.
Being proactive with ACH fraud would be a matter of monitoring all ACH transactions that come into a bank’s systems and classify each transaction as “fraud” or “not fraud.” Each transaction has a multitude of feature variables that describe what’s going on so a binary classifier should be able to determine with good reliability when fraud is happening in real-time. A bank might discover a seemingly innocuous type of transaction that systematically appears prior to fraudulent activity. With the accelerated pace of ACH fraud, it should be possible to obtain a reasonably large training set with which to train the machine learning algorithm.
Sure, there are big volumes of ACH transactions that must be analyzed on a real-time basis. It’s a matter of making the effort in support of customers by investing in technology. And it may need significant compute processing power. I’d think that an NVIDIA DGX A100 GPU server should do the trick!
Much work in the AI/ML industry has taken place to institute strategies to guard against cybercrime.
“The initial use for AI/ML components is to rapidly identify aberrations in behavior for the individual, the corridor, the beneficiary using a host of other variables (e.g., time of initiation of transaction, originating channel, value and frequency),” commented Robert Benyo Global Risk & Compliance Services & Solutions Industry Solutions Leader, BFS, Cognizant. “Thereafter, AI/ML components are used to make decisions on the course of action – block further origination at the individual/account level, customer level and channel. The third most common use case is to aid/assist the human operators to progress through their workloads to understand what represents fraud.”
AI/ML Solutions for Banks to Prevent ACH Fraud
A number of companies from the big data ecosystem offer AI/ML solutions for Banking and Financial Services (BFS) which address ACH fraud challenges. The platforms in many financial organizations that support ACH capabilities are decades old and the challenge is integrating contemporary solutions with legacy architectures and digital front-ends which have been constructed with more modern platforms. Frequently, the offerings are tailored and designed around each bank but leverage pre-built components that work to accelerate integration and deployment.
“ACH volumes continue to see growth with the number of transactions nearly a magnitude larger than at the turn of the century,” continued Cognizant’s Benyo. “This growth is compounded with the increased sophistication of fraudsters and means that the ACH channel represents billions in fraud losses for the overall banking and financial services community. This has driven demand by financial services firms. What has accelerated adoption by banks is the maturing AI/ML capabilities that can handle the volumes of transactions with the requisite speed and without burdening banks with computing costs that make the fraud reduction untenable. The arrival of Fedwire has also served as an impetus for firms to rethink their overall fraud responses, as it will over time replace ACH offerings from the Fed and other Central Banks.”
Here is a short list of vendors offering ACH fraud solutions that could lend a hand with stopping this growing problem:
A Personal Case Study
I happen to know a little about how easily ACH fraud is perpetrated because I personally fell victim to it earlier this year. My March checking account statement showed an unusual ACH debit of $150.01 by a company simply listed as “BANK CARD.” I had never heard of this very generic sounding company, and certainly did not authorize them to directly debit my account. Upon calling Bank of America’s customer service line I was advised to call “BANK CARD,” which turns out to be itself a financial services firm, to get an explanation. When asked about the debit, they pawned it off on another company … “This is just a company like Venmo that is using our gateway.” I’ve never used Venmo either so in my opinion, the buck stopped with my bank that allowed the fraud to occur in the first place.
After much wrangling with Bank of America, as well as reporting the fraud to the FBI, Consumer Financial Protection Bureau (CFPB), and FDIC, I finally got a reinstatement of funds just over 6 months after the fraudulent ACH transaction occurred. I think I was just lucky to get resolution, and my success may have been due in part to a public Twitter thread with the bank, and maybe even the bank catching wind of my preparation of this article. In any case, I’m grateful, but no thanks to technology that should have prevented the fraud in the first place.
In this exploratory article, I’ve taken a brief tour of a growing type of cyber fraud that affects individuals and businesses alike. As a data scientist, my first inclination is to seek out a data solution based on AI/ML. Vendors are sensing the opportunity in the marketplace for leading-edge solutions that attempt to address this problem. But in the case of ACH fraud, we’re seeing that adoption of these solutions has been slow when compared to other types of fraud prevention as result of adoption challenges. There are two parts to the story: the volume of transactions, and the emphasis to minimize transaction costs. With most transactions not being fraudulent, the application of AI/ML to the full contingent of all transactions creates a cost that is applied across the board. This demands that the AI/ML’s efficacy level is high, as well as cost effective. These two demands have only recently been achievable with the maturing AI/ML technologies, along with the people who can develop the solutions. Use cases where values (or losses) were more substantial went first. In short, the AI/ML capabilities are now “trickling down” to ACH.
In my own “use case” things worked out in the end, but likely only because I took a proactive approach toward getting resolution. My concern is with all the other affected businesses that didn’t bother, an approach that undoubtedly emboldens the cyber criminals.
Contributed by Daniel D. Gutierrez, Editor-in-Chief and Resident Data Scientist for insideBIGDATA. In addition to being a tech journalist, Daniel also is a consultant in data scientist, author, educator and sits on a number of advisory boards for various start-up companies.
Sign up for the free insideBIGDATA newsletter.
Join us on Twitter: https://twitter.com/InsideBigData1
Join us on LinkedIn: https://www.linkedin.com/company/insidebigdata/
Join us on Facebook: https://www.facebook.com/insideBIGDATANOW