New Nacha Fraud Rules Highlight Utility of AI

Nacha Rules Illustrate Need for AI and ML as Banks Battle Fraud

For financial institutions and stakeholders, the twin threats of business email compromise (BEC) and credit-push fraud demand more monitoring — and advanced technologies to do so.

Nacha introduced new rules Monday (March 18) that create a “base level of ACH monitoring for all parties in the ACH Network” with the exception of consumers.

“The rules are designed to promote the detection of fraud through the credit-push payment flow, from the point of origination through the point of receipt at an account at the [receiving depository financial institution (RDFI)],” PYMNTS reported Monday.

In terms of the mechanics of the new rules, when fraud is detected, the originating depository financial institution (ODFI) can request the return of the payment, the RDFI can delay funds availability (within limits), and the RDFI can return a suspicious transaction, without waiting for a request or a customer claim.

The rules are a bid to reduce BEC and vendor impersonation, among other scams.

PYMNTS Intelligence found last year that 43% of U.S. banks saw a rise in fraudulent transactions. Twelve percent of scams came from impersonation schemes. From 2022 to 2023, the share of firms that experienced an increase in payments made via same-day ACH increased by about 35 percentage points, surging from nearly 11% to nearly 46%.

The financial impact from that fraud has been considerable, as the price tag, as it were, due to fraudulent transactions came in at $3.2 million in 2023, up from $2.3 million the year before.

The share of fraudulent transactions due to schemes that impersonated authorized parties grew over the same timeframe from 11.1% in 2022 to 13.9% last year.

Separately, the FBI reported that BEC scams grew by double-digit percentage points. Between December 2021 and December 2022, there was a 17% increase in identified global exposed losses. There were more than 277,900 reported incidents, resulting in more than $50.8 billion in reported losses.

The Federal Trade Commission reported earlier this year that impostor scams totaled $2.7 billion, with $800 as the median amount lost when consumers were targeted.

In the United Kingdom, draft legislation would mandate that banks and payment firms would have to reimburse victims of authorized push payment fraud up to 415,000 pounds (about $528,000) per incident, as well as implement a policy delaying payments for up to four days if fraud is suspected.

PYMNTS Intelligence found that rules-based algorithms, artificial intelligence and machine learning are the technologies most used to combat fraud, especially among larger banks. Sixty percent of financial institutions reported using rules-based algorithms to combat fraud, up from 50% in 2022.

PYMNTS Intelligence also found that at least 66% of financial institutions with more than $5 billion in assets use AI and ML, exceeding the 44% of smaller banks that do the same.

Elsewhere, 56% of financial institutions overall plan to increase their use of AI and ML models to combat fraud.