ACH Payments - Banking Fraud
The trillions of dollars moving through the ACH banking channel is attracting the attention of fraudsters. Learn how cyber criminals insert new ACH batches and modify existing files to complete fraudulent payments. Also, learn how financial institutions can use originator and recipient behavior to quickly detect fraudulent ACH payments without tedious, manual reviews of long ACH reports.
<ul><li> 1. Using Anomaly Detection to Prevent ACHPayments FraudTiffany Riley Vice President, MarketingEric LaBadie Vice President Sales and Customer Success </li> <li> 2. Guardian Analytics: The Leader in Fraud Prevention Minimum expectations for layered security include the ability to detect and respond to anomalous activity FraudMAP allowed us to shift from being reactive to proactive giving us confidence to expand our online and mobile offerings "Guardian Analyticshas a proven and effective fraud detection risk-scoring engine." </li> <li> 3. Criminals Turning Focus to ACH It seems that from some of the data, the criminals are shifting from wires in many respects to ACH to exfiltrate funds Bill Nelson, FS-ISAC (July 2012) </li> <li> 4. Two Recent Examples In the second week of July, I spoke with three different small companies that had just been hit by cyberheists. - Brian Krebs, Krebs on Security (Aug 12) Example 1: Business: Georgia fuel supplier Bank: $123M Community bank Story: Criminals attempted to transfer $1.67 million out of the companys accounts. When that failed, they put through a fraudulent payroll batch totaling $317,000, which the victims bank allowed. Example 2: Business: Tennessee contracting firm Bank: $270M community bank Story: Trojan stole controllers login info and one-time password and redirected user to site down webpage. Meanwhile, the attackers used that browser session to put through a batch of fraudulent payroll payments for $328,000 to at least 50 money mules. </li> <li> 5. Criminals Better At Defeating Authentication Fraudster machine Proxy/RDP through victim Spear phishing machine Change personal info Vishing Leprechaun Call/phone forwarding Access ValidateHuman Steal Set Up Transfer Online TransactionsAutomated Credentials Fraud Money Banking ACH, Wire, Bill Pay, Twishing Zeus Check Fraud Operation High Roller Zitmo Phishing SpyEye attacks Ice IX Ice IX Spitmo Gameover Gameover Citadel Shylock </li> <li> 6. Customers and Profits Are At Risk Fraudster takes ove Criminals Effort to find fraud with traditional corporate account Progressive levels of fraud infiltration Progressive levels of fraud infiltration rules-based monitoring and reports fraud Effort to find Business 1 FRAUDULENT FILE Fraudster submits a new completely fraudulent ACH batch file May or may not exceed caps/limits ROGUE RECIPIENTS 2 Existing batch file New fraudulent payments Changes volume of transactions and batch amount May or many not exceed caps/limits BALANCED BATCHES 3 Existing batch file Criminal adds new credit transactions In 73% of Criminal balances file amount by adding debits corporate Likely not to exceed caps/limits or violate rules account takeovers, TAMPERED TRANSACTIONS money was Existing batch file 4 successfully Edits portions of transactions only (account transferred. Increasing effectiveness number, routing number) Transactions and amount typically the same at defeating caps. rules, Likely not to exceed caps/limits or violate rules limits </li> <li> 7. Customers and Profits Are At Risk Fraudster takes ove Criminals Effort to find fraud with traditional corporate account Progressive levels of fraud infiltration Progressive levels of fraud infiltration rules-based monitoring and reports fraud Effort to find Business 1 FRAUDULENT FILE Fraudster submits a new completely fraudulent ACH batch file May or may not exceed caps/limits Lose confidence after 1 ROGUE RECIPIENTS fraud attack 2 Existing batch file New fraudulent payments Changes volume of transactions and batch amount May or many not exceed caps/limits Took their business elsewhere BALANCED BATCHES 3 Existing batch file following Criminal adds new credit transactions a fraud In 73% of Criminal balances file amount by adding debits In 73% of attack. corporate Likely not to exceed caps/limits or violate rules corporate account account Banks takeovers, TAMPERED TRANSACTIONS takeovers, sharing money was Existing batch file money was losses with 4 successfully Edits portions of transactions only (account successfully their transferred. number, routing number) transferred. customers Transactions and amount typically the same Likely not to exceed caps/limits or violate rules </li> <li> 8. Courts Favoring Businesses Comerica Experi Metal Bank Did Not Act in Good Faith Ocean Bank Patco Bank Did Not Have Reasonable Security Bancorp South Choice Escrow Contract Not Valid "Long story short, the court ruled that UCC 4A pre-empted the indemnification clauses being used by the bank in their counterclaim, The ruling suggests that a banks contract with a customer that contradicts the spirit of the UCC could be nullified by the courts when legal disputes over fraud arise. </li> <li> 9. Investments in Addressing This Problem Behavioral analytics is a big area of spending were seeing, both to ward off the threats as well as to comply with the FFIEC (Federal Financial Institutions Examination Council) guidance. Julie McNelley, Aite Group 58% of FIs implemented anomaly detection and cited it as effective in reducing Account Takeover Fraud. FS-ISAC ABA 201 Account Takeover Survey </li> <li> 10. FFIEC Guidance, RMAG Sound Business Practices </li> <li> 11. Behavior-based Fraud Prevention Solutions Proven Approach Individual behavioral analytics Maximum detection, minimum alerts Retail Business Most complete protection Instant, 100% coverage, no adoption issues Stops widest array of fraud attacks Not threat specific Dynamic Account ModelingTM TM Easy to deploy and manage SaaS Offering Fast time to security with no customer impact No IT maintenance No rules to write/maintain </li> <li> 12. Introducing FraudMAP ACH Best protection against sophisticated criminal attacks Automatically analyzes ACH origination files for suspicious activity FRAUDMAP ACH Dynamic Account Modeling determines risk RISKAPPLICATION based on individual originator behavior Eliminate manual file review and streamline investigation Prioritize highest risk batches and transactions FRAUDMAP ACH RISKENGINE Risk reasons inform investigations Rich behavioral history provides context Fast time to security, low ongoing maintenance Rapid implementation No rules required </li> <li> 13. Behavior-Based Anomaly Detection for ACH Files File Batch Transaction Customer Account Company Name Transaction Code File date Effective Entry Date Amount File time Batch/credit amount Destination Account File ID modifier Standard Entry Class Receiver name Code FRAUDMAP RISKENGINE Are the customers ACH actions normal? For this tim...</li></ul>