Protecting Your Organization From Fraud
Find Resources and Educate Yourself
Fraud Threats Can Take Many Forms
Business Email Compromise, Vendor Impersonation Fraud, Payroll Impersonation
- Booklet: Protecting Against Fraud: How to Spot and Prevent Fraud Schemes
- NACHA: Business Email Compromise,Vendor Impersonation Fraud, and Payments: What Organizations and Financial Institutions Need to Know
- NACHA ACH Operations Bulletin #1-2017: Social Engineering Attacks Against Public Sector and Other Entities
- SEC: Warning - Potential Accounting Control Violations with Business Email Compromise (October 2018)
- FBI Infographic: Business Email Compromise
- FBI PSA: Business Email Compromise and Email Account Compromise (Emphasis on Real Estate Vector Compromises)
- FBI PSA: Business Email Compromise Contributes to Large Scale Business Losses Nationwide
- FBI PSA: Cybercriminals Utilize Social Engineering Techniques To Obtain Employee Credentials To Conduct Payroll Diversion
- FDIC: Cybersecurity Prepardness Resource (FIL-63-2018)
- Account Takeover: What You Need to Know
- Sound Business Practices for Third-Party Service Providers to Mitigate Account Takeover
- Sound Business Practices for Companies to Mitigate Account Takeover
- Sound Business Practices for Financial Institutions to Mitigate Account Takeover
- Policy Statement on the Importance of Sound Business Practices to Mitigate Account Takeover
- Corporate Account Takeover Can Lead to Fraudulent Transactions
- Fraud Advisory for Businesses: Corporate Account Takeover
- Recommendations for ACH Network Participants Lessons Learned for Proactive Risk Management Following Attacks on the SWIFT Network
- Security of Payment Network Access Points: Risk Mitigation Recommendations Related to Recent Payment Account Takeover Attacks Against Banks Leveraging the SWIFT Network
Common Fraud Schemes Encountered by the FBI
WEB Standard Entry Class (SEC) code transactions, or Internet-Initiated/Mobile Entries, are one of the fastest growing areas of Direct Payment via ACH. As more organizations look for sound business practices and solutions to offer WEB payment options, NACHA developed eResources to support businesses and financial institutions in implementing and using the WEB code.
These eResources will help organizations broaden payment options for customers of all types, realize efficiencies of electronic payments, and have necessary guidance to fully understand ways to address compliance, security and risk factors. They seek to expand knowledge and understanding among all stakeholders in the industry, supporting effective implementation of WEB transactions.
- Encryption is a core technology that underpins the security of the ACH Network. The eResource, based on information gathered from industry professionals, underscores its value and generates greater awareness about the need for methods for all ACH Network participants to combat data threats and attack scenarios.
- Authentication in the ACH Network is a common challenge among all ACH Network participants, particularly for WEB transactions. The eResource covers relevant risk management requirements for WEB in an effort to help participants better understand authentication technologies that are available on the market.
- Authorization involves determining what information should be collected and retained so that there is adequate proof in the event that a transaction is challenged--a common challenge among ACH Network participants that originate or process WEB ACH consumer debit transactions. The ability to prove that a transaction was properly authorized is highly dependent on the attributes of the authorization process and any underlying processes used to validate identity, all of which may vary among institutions, transaction types and operating models.