Payments in the United States are becoming faster. To gain a competitive advantage, some financial institutions offer consumers access to funds from an ACH credit before settlement, which is allowed under the Nacha Rules. Unfortunately, fraudsters are also looking for quick access to illicit funds and want the same benefits of early availability to make off with the money before the Originator, Financial Institution, or law enforcement is aware.
If you, as a Receiving Depository Financial Institution (RDFI), offer early funds availability to your customers, how can you help prevent fraudsters from taking advantage? The key is knowing your customer as the account holder and receiver of the transaction and searching for patterns to avoid known scams that target institutions offering early funds availability. Nacha and the Risk Management Advisory Group (RMAG) do not take a position on offering early funds availability but would like you to consider the following practices if your FI decides to offer this service to your customers.
The Patriot Act requires each FI to create a Customer Identification Program (CIP) to form a reasonable belief that it knows the true identity of each account holder. The Patriot Act guides each institution and requires a CIP appropriate for the FI's size and type of business, and provides general requirements and documentation needed for U.S. and non-U.S. persons. It is up to each FI to collect customer information and verify their identity. This task has become more difficult with the trend away from in-branch banking, which has only increased during the pandemic. FIs must find the right way to verify an individual without physically seeing their customer in-branch and touching their documentation to confirm its validity. FIs should reach out to their Regulator for additional information on CIPs.
Scammers and fraudsters can use stolen identities to bypass CIP and gain access to the banking system. An FI can put controls in place to limit risk to this type of scenario. FIs don't have to offer early funds availability to all accounts. New accounts, for instance, may be at a higher risk of fraud because of the lack of history and trend patterns with the FI. Institutions that offer early funds may restrict when customers can gain access to this benefit by offering early funds only to seasoned accounts. Each FI should determine how long an account must be open, how many payments the account must receive, or create other criteria that must be met before offering early funds availability.
Fraudsters often use money mules, either as willing or unknowing accomplices, to help them gain access to the banking system. Money mules will often receive many transactions that don't match the name of the account holder. The Nacha rules allow for the posting of credits to accounts on Routing Number (RTN) and Account Number only. RDFIs can review the Individual Name field of the entry detail record when posting as an indicator of potential fraud. Although there are many reasons a name might not match exactly—marriage, misspelling, nicknames, etc.—an account receiving items under names different than the account holder can indicate fraudulent activity. Early funds availability can be limited to an exact name match for the account holder to give the institution more time to verify the validity of the transaction. Knowing an exact name match policy is in place may be enough to encourage the fraudster to find another FI.
Velocity checks are controls that are also used to fight various schemes used by scammers. Velocity checks look for abnormal transaction patterns on many payment fields. An increase in the number of payments received, especially if in the same or similar value, can be a red flag worth reviewing. Velocity checks also look for payments to or from the same IP address, physical address, email address, account holder name, account number, or device in combinations that only make changes to some fields or don't make sense. Knowing what account holder and payment data are available can help you ask questions like, "Why is a customer creating a new account for an address in Herndon, Virginia, with an IP address that is from France?" or "Why is my customer receiving state unemployment credits with different individual names from different states?"
ATM withdrawal limits and dollar limits on early funds availability are controls that reduce the value of an account by making it harder to monetize illicit funds. ATMs can be used to withdraw cash from an account anonymously. Lower limits on cash withdrawals at ATMs increase the difficulty in turning illicit funds in an account into spendable cash in a short amount of time. Limits can be increased on seasoned accounts or accounts meeting a higher CIP threshold. High dollar limits put a cap on access to early funds by other methods used to withdraw funds from an account by limiting access to the amount of funds available before the intended settlement date.
Originating Depository Financial Institutions (ODFIs) can help too. Requiring Originators and Third-Party Senders (TPSs) to include full and accurate information in each field helps the RDFI identify the receiver of the credit. In 2019, Nacha worked with the payroll industry to standardize ACH payroll files through a voluntary standard. This voluntary standard has been adopted by payroll companies and is being used to combat payroll impersonation fraud schemes that victimize employees and employers. More information about the payroll credit formatting standard can be found here.
There are many schemes used by fraudsters to trick ODFIs and Originators to send credits to the fraudsters, and RDFIs have a responsibility to help identify accounts used by fraudsters to monetize the illicit funds. The Rules exempt an RDFI from the funds availability requirements if it reasonably suspects an ACH credit entry is unauthorized. When that's the case, the RDFI must promptly notify the ODFI. Offering early funds availability can reduce the time an RDFI has to identify the validity of the payment.
While it is important for each FI to determine products and services offered to remain competitive, they must also continue to do their part to identify accounts used by fraudsters to access the payments system.