As more businesses and individuals adopt faster payment rails, the use of Automated Clearing House (ACH) transactions continues to rise. With increasing adoption of ACH comes an increasing risk of ACH fraud. Customers expect a fast, frictionless, and safe experience when conducting ACH transactions, and it’s up to the institutions that provide ACH as a payment channel to protect both themselves and their customers from harm.
This blog will delve into the landscape of ACH payments, the problems and complexity associated with these transactions, and solutions to help combat ACH fraud in an increasingly faster payments world.
Landscape of ACH Payments
ACH transactions came on the scene in the 1970s as an alternative to paper payments. Although adoption was initially slow, ACH has grown significantly in recent years. The fast clearing and low processing costs make it a desirable solution for businesses. In the early years, ACH was primarily used for payroll and consumer bills. However, the addition of peer-to-peer (P2P) payments, internet-based transactions, and same-day settlement has contributed to adopting ACH more broadly.
In fact, since Nacha began tracking in 2014, the volume of ACH payments has increased by 71.9%. Not to mention, since 2016, there has been a 41.2% YoY growth in the value of payments for same-day ACH transactions.
With a broad range of applciations covering everything from bill payments to direct deposit, ACH transactions are used more frequently and expected to be faster than ever. Speed and variety of transactions each have unique risk profiles and associated customer behaviors, complicating the detection of suspicious activities that could lead to unauthorized returns, insufficient fund returns, etc.
Organizations today need a solution that can proactively prevent unexpected and unauthorized ACH returns, stay ahead of fraudsters with real-time monitoring and predictive analytics, and minimize risk and ACH fraud loss while maximizing fund accessibility for good customers.
Problems and Complexity of ACH Fraud
There are several challenges financial institutions must address to protect themselves from ACH Fraud - threats that are both internal and external. According to the 2024 AFP Payments Fraud and Control Survey Report, ACH credits (47%) overtook wires (37%) as the most vulnerable payment type for business email compromise (BEC) fraud, with ACH debits (20%) close behind. This means that organizations must protect both their customers from ACH fraudsters and their employees from phishing, vishing, account takeover, and other fraud typologies that incorporate ACH.
On the flip side, consumers have 60 days to report a fraudulent transaction. Since Regulation E protects them, they are not liable for fraudulent ACH transactions, causing financial institutions to often bear these losses. By the time the transaction is returned, fraudsters have long absconded with the money, which can even mean double losses in cases where the bank funded the risky transaction that was withdrawn and must make the customer whole. NACHA, the organization that governs ACH transactions, also requires institutions to maintain a 15% or less overall return rate, meaning risky transactions must be detected, prevented, and interdicted over 85% of the time before generating a return code.
NACHA also has several rule amendments that will go into effect in 2026, putting more onus on Receiving Depository Financial Institutions (RDFIs) to monitor incoming ACH credits to identify fraud. The amendment will also require Originating Depository Financial Institutions (ODFIs) and others to establish and implement risk-based processes and procedures to help identify ACH Entries initiated due to fraud. These amendments are part of a larger Risk Management package. Those who violate NACHA rules can receive warnings and fines. If they fail to comply, institutions can be permanently removed from the platform.
Verifying account ownership can be a complex process hampered by the need for manual name matching, the inability of analysts with priority lists, and ever-increasing backlogs to scrutinize every single transaction. This leaves an exploitable gap for savvy fraudsters who continually adapt their strategies to outmaneuver traditional detection methods and manual processes. This is further complicated because fraudsters increasingly use AI, the dark web, and other technology to scale operations, make them more sophisticated, and trade personally identifying information (PII).
Solutions to Combat ACH Fraud
With the risk of ACH fraud increasing, FIs and Fintechs need to take a proactive approach to combat this trend. The faster the payment, the more risky it is for fraud, and the more secure the controls need to be; institutions can use a combination of tools that employ real-time monitoring, detection, prevention, and interdiction to stop fraud before it happens.
Verify Account Ownership
Although verifying account ownership can be difficult, using automation powered by AI, data enrichment such as consortiums and watchlists, and technology such as fuzzy name matching helps improve accuracy, provides additional data sources, and decreases manual work.
Tools like Unit21 can block transactions going to known fraudulent accounts and provide holistic, explainable risk insights. Verification of account ownership should take place as soon as the transaction comes in to stop fraud before it happens and create a frictionless experience for legitimate customers.
Use ML Scores
Manual, tedious, and repetitive transaction review processes burden many institutions. As transaction, alert, and case volumes continue to rise, this is becoming increasingly difficult and costly to manage. Time spent on straightforward tasks can be reduced by using AI/ML-optimized rules paired with a risk score that considers key indicators of ACH risk. These may include multiple accounts, many transactions within a short time period, and/or historical transactions to known fraudulent accounts.
Solutions such as Unit21 empower organizations to adjust their workflow parameters based on appetite for risk and assign follow-up actions accordingly, freeing analysts to focus on more complex problems. This could include automatically allowing all transactions under a specific dollar amount, blocking transactions over the threshold, and generating an alert to conduct a manual review. This narrows down what should be reviewed to a manageable amount, decreasing the backlog over time. By employing rules that detect, prevent, and interdict fraud quickly, customers are provided with a seamless experience that keeps them protected while fraudsters are stopped in their tracks.
Use AI for Investigations
As fraudsters continue utilizing AI for increasingly sophisticated attacks aided by purpose-built technology, tools, and automation at scale, it’s imperative that human analysts and fraud fighters do the same. In this case, it’s fighting fire with water: ACH fraud solutions like Unit21’s are designed from the ground up to combat the speed, scale, and sophistication of ACH fraud with AI/ML-powered technology.
Unit21 aids analysts in conducting quick and accurate investigations, including online searches and document analysis, while still including a human in the loop. Additionally, the AI checklist can ensure the investigator considers all data sources related to the transaction and provides a detailed, risk-based automated explanation to accompany the case and subsequent report filing.
The Bigger Picture
The complexity associated with these transactions and the increased use of ACH for faster payments means financial institutions and fintechs must employ technology and methods that are smarter, faster, and more accurate than what the fraudsters use. Outdated rules, next-day detection, and manual reviews are no longer sufficient. Technology like Unit21’s solution is pivotal for fraud fighters to stay ahead of fraudsters.
Unit21’s ACH fraud solution empowers organizations to predict ACH returns while significantly reducing the risk of fraud loss. This dramatically lowers return rates, ensuring compliance with Nacha regulations.
- Advanced risk scoring identifies ACH fraud quickly and accurately, decreasing false positives without compromising security.
- Out-of-the-box, no-code rules at go-live provide templates to stop common ACH fraud scenarios, including counterparty risk, without engineering.
- The AI Agent streamlines investigations, significantly reducing case and alert resolution time.
To learn more about how Unit21 predicts returns and reduces ACH fraud losses, request a demo today.
Subscribe to our Blog!
Please fill out the form below: