The Latest AFP Fraud Study Unveils a Surprising Jump in Fraud on the ACH

John Stewart April 10, 2019 Automated Clearing House, Credit Cards, Debit Cards, Electronic Checks, Fraud & Security, Issuing/Originating, Transaction Processing

Which payment method holds the dubious distinction of racking up the fastest growth in fraud last year? According to the latest annual fraud report from the Association for Financial Professionals, it’s debits and credits on the automated clearing house network. In fact, the ACH was the only payment method examined in the report that registered an increase in fraud in 2018.

Some 33% of responding organizations said they had been the victims of actual or attempted fraud on ACH debits last year, up from 28% in 2017. Meanwhile, 20% reported being the targets of ACH credit fraud, up markedly from 13%.

Surprised? So was Magnus Carlsson, manager for treasury and payments at the Bethesda, Md.-based AFP, a trade group for financial managers in a wide variety of industries. The ACH results were “probably the most stunning numbers we saw in this report,” says Carlsson. Before releasing the study, Carlsson adds, “I went back to the research department and said, ‘You have to double-check these numbers.’”

ACH credits and debits are two of five payment methods for which the AFP gathers fraud statistics from members and other contributing organizations. The others are checks (down from 74% to 70%), credit/debit cards (down a tick from 30% to 29%), and wire transfers (down to 45% from 48%). Indeed, the near-ubiquity of ACH usage was enough to shove the overall portion of organizations absorbing attempted or actual payments fraud up to 82% from 78% in 2017.

Not that the jump in fraud on ACH credits should have been a complete surprise, says Carlsson. That number has been “creeping up,” he notes. “I’ve been keeping my eye on that.” Indeed, after holding steady at 11% in 2015 and 2016, the number climbed to 13% in 2017. But the big leap in 2018 was “much more than I expected,” Carlsson says.

Carlsson: The ACH results were “probably the most stunning numbers we saw in this report.”

While some observers may note that the ACH network introduced same-day clearing for credits in September 2016 and for debits a year later, Carlsson says it’s far from clear that the faster processing figures in the fraud increase. That’s because isolating same-day transactions wasn’t part of the study. A likely explanation for the higher fraud, he adds, lies in the popularity of ACH, along with wire transfers, for schemes like business email fraud, phishing fraud, and account takeovers.

“You see these attacks more and more,” Carlsson adds. “It’s more sophisticated fraud. Criminals are taking their time, making more of an effort to commit their frauds.” In fact, the AFP’s report shows that 80% of organizations sustained a business email compromise in 2018, up from 64% as recently as 2015. In these schemes, fraudsters dress up emails to mimic those of a finance manager or supervisor to gull underlings into releasing funds, often on the pretext of a bogus emergency.

Also, despite the sharp rise in 2018, ACH fraud is still relatively in check, points out NACHA, the network’s governing body. “ACH fraud remains low on an absolute basis, and low in relation to other payment methods,” says Victoria Day, NACHA’s senior director & group manager, in an email statement. She argues the AFP’s finding on ACH fraud “is consistent with other studies,” such as a report the Federal Reserve issued in October on payments fraud.

The AFP fraud survey, which is now in its 15th year, was fielded in January and drew responses from 417 members and 200 prospective members. Respondents worked in a wide array of industries, including retailing, manufacturing, health care, and hospitality. JPMorgan Chase & Co. sponsored the research for the study, entitled “Payments Fraud And Control Survey Report.”

If you or your company have been victimized by a BEC scam, it’s important to act quickly. Contact the Bank immediately. 

Don’t Be a Victim
The business e-mail compromise scam has resulted in companies and organizations losing billions of dollars. But as sophisticated as the fraud is, there is an easy solution to thwart it: face-to-face or voice-to-voice communications.

“The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone,” said Special Agent Martin Licciardo. “Don’t rely on e-mail alone.”

Here are other methods businesses have employed to safeguard against BEC:

◾Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail. For example, legitimate e-mail of would flag fraudulent e-mail of

◾Create an e-mail rule to flag e-mail communications where the “reply” e-mail address is different from the “from” e-mail address shown.

◾Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another.

◾Verify changes in vendor payment location by adding additional two-factor authentication such as having secondary sign-off by company personnel.

◾Confirm requests for transfers of funds by using phone verification as part of a two-factor authentication; use previously known numbers, not the numbers provided in the e-mail request.

◾Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.

Trusteer Rapport

Trusteer Rapport is lightweight security software that helps to protect your online banking communication from being stolen by criminals. Trusteer Rapport is highly recommended by Citizens Bank as an additional layer of security to your own online security best practices, including anti-virus or security software you already use. By protecting your internet connection and creating a tunnel for safer online communication with Bank-By-Net, Trusteer Rapport blocks many malicious attempts to steal your money or account information. 

Even as effective as Trusteer Rapport is, nothing can guarantee complete protection from fraudulent or criminal attacks. Therefore, it is always recommended that you be constantly vigilant about your computer’s security and that you continue to monitor your bank accounts for any suspicious activity. 

To install Trusteer Rapport on your computer, login to Bank-By-Net, and you will be presented the option to download the Trusteer Rapport software. Citizens Bank customers can also download Trusteer Rapport by visiting Trusteer Rapport for Business.