Tangled wires

ACH and wire-transfer fraud

By Stephanie Davis, CFE; Jack Armitage, Ph.D., CFE, CPA

Automated Clearing House and wire transfers are increasing but so is fraud in these transactions. All a fraudster needs is an account number and a bank-routing number. Here are ways to prevent and fight these lucrative crimes.

Lori was a specialist in the Automated Clearing House (ACH) and wire transfer department at a mid-size bank. One day, she spotted a glitch in the web-based system the bank used to send and receive wire transfers, so she immediately logged off and notified her supervisor. However, it was too late; $3 million in aggregate wires had been sent from one of the bank's top-tier customer's accounts to an account at another financial institution.

In this actual case, the supervisor and Lori (not her real name) called the system provider together and verified that the funds had been sent. They quickly switched to their older wire system that wasn't web-based, notified the customer, credited the account and began to investigate.

The bank eventually determined that an employee's computer had been infected with malicious software, which allowed the fraudster to initiate the attack from an external site and send the wires.

ACH transfers increased nearly 11 percent per year from 2000 to 2010. (See the 2011 Report to the Congress on the Use of the Automated Clearinghouse System for Remittance Transfers to Foreign Countries, from the Board of Governors of the Federal Reserve System.) ACH and wire transfers were once considered low-risk, but fraud is increasing at an alarming rate because of greater accessibility, popularity, relative anonymity and poor economic conditions, according to Detecting and Deterring ACH and Wire Transfer Fraud, in the Industry Insights blog by Christine Meyers, Sept. 30, 2011, Bank Info Security.

Individuals, businesses and banks of all sizes in all geographical areas are at risk. However, the primary targets include small- to medium-size banks, businesses, schools and similar organizations. They often have less security infrastructure or rely on traditional security systems and legacy applications, which make them "soft targets," according to Meyers in her Bank Info Security blog.

Some of the most common ways to commit this fraud are through phishing, account hijacking, ACH kiting and social engineering. We'll examine all of these areas plus how to prevent this fraud through IT, bank customer best practices, and improved bank policies and procedures.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.