Financial services professionals from different organizations, industries, and specialties recently attended Nacha’s Smarter Faster Payments 2024 conference in Miami. Attendees learned about the latest developments in faster payments, new fraud prevention realities, and the latest shifts—specifically, Generative AI and unified fraud, cyber, and anti-money laundering (AML) approaches.
Weren’t able to attend? No worries. We’ve got you covered! Feedzai’s Jasbir Anand and Ruxandra Aldea were among the conference attendees. In this blog, they break down their key takeaways from the Nacha Smarter Faster Payments conference.
The Need for Payments Speed
New payment options like FedNow and Zelle have given customers a taste of real-time payments. This makes old-school payment methods like ACH, which takes two to three business days to clear, seem inefficient by comparison.
Nacha is speeding up its payment operations to help recipients access funds more quickly. Time windows and batch cycles are increasing, allowing payments and financial services to move faster.
How to Maximize Profits Through Fraud Prevention
Fraud costs banks billions annually. Fraudsters exploit new digital channels and traditional banking methods with alarming success. Banks need a […]
By streamlining the processes, businesses can improve their services and gain faster access to capital. This is a significant improvement that helps move ACH closer to the realm of real-time payment services like Zelle and FedNow.
New Fraud Monitoring Requirements on the Horizon
It’s well-known that the increase in digital payments has led to more fraud. This remains a significant concern.
In response, Nacha is introducing new fraud monitoring rules that will go into effect by 2026. These rules aim to enhance security, improve consumer protection, and combat money laundering by addressing money mule activity.
Topic
Details
ACH Risk Management Topics – Summary
- The amendments aim to reduce fraud and improve fund recovery.
- Key changes include fraud monitoring, funds recovery tools, standardized information, and WSUD processes.
- Effective dates range from October 1, 2024, to June 19, 2026.
2024 ACH Risk Management Rules
- New rules empower ODFIs to request returns and RDFIs to delay funds availability and return suspicious transactions.
- Monitoring and analysis are enhanced by labeling ACH credits and debits.
Effective Dates for Rule Amendments
- October 1, 2024: Codification of Return Reason Code R17 and expanded use of ODFI request for return.
- March 20, 2026: Fraud monitoring by large ODFIs, Originators, TPSPs, TPSs, and RDFIs.
- June 19, 2026: Fraud monitoring by all other non-consumer Originators, TPSPs, and RDFIs.
Fraud Monitoring by Originators, TPSPs, and ODFIs
- Requires risk-based processes to identify fraudulent ACH entries.
- Annual review of processes is mandatory.
- Monitoring should establish baselines to detect anomalies.
RDFI ACH Credit Monitoring
- RDFIs must establish risk-based processes for identifying fraudulent credit ACH entries.
- Monitoring can consider transaction velocity, anomalies, and account characteristics.
- Aim to reduce fraud and improve fund recovery.
False Pretenses
- Newly defined term for fraud involving misrepresentation.
- Covers common scenarios like Business Email Compromise and vendor impersonation.
Codify Use of Return Reason Code R17
- Allows RDFIs to return entries suspected of fraud using R17, including the descriptor “QUESTIONABLE”.
Expanded Use of ODFI Request for Return/R06
- Permits ODFIs to request a return for any reason, with RDFIs required to respond within ten banking days.
Additional Funds Availability Exceptions
- RDFIs can delay funds availability for suspicious ACH credits.
- Aligns with requirements under Regulation CC.
Standard Company Entry Descriptions
- New standardized descriptions for payroll (PAYROLL) and e-commerce purchases (PURCHASE) to aid in monitoring.
Timing of Written Statement of Unauthorized Debit (WSUD)
- Allows WSUD to be signed upon presentment, improving the process for unauthorized debit claims.
RDFI Must Promptly Return Unauthorized Debit
- RDFIs must return unauthorized ACH debits promptly to improve fund recovery and fraud prevention.
Minor Topics Rule Changes
- Various editorial changes to improve clarity, correct inconsistencies, and reflect current practices.
Three significant changes are on the horizon:
1. Required Inbound Payment Monitoring
Financial institutions have historically only monitored outbound payments for fraud. Nacha’s new RDFI ACH Credit Monitoring rules will also require them to monitor payments coming into their accounts.
The rule is designed to encourage financial institutions to identify any inbound or incoming transactions that might be linked to scams. Financial institutions can return funds flagged as suspicious or contact the originating organization for more information.
Monitoring inbound payments offers an additional benefit. Inbound payment monitoring can uncover suspicious accounts that may be linked to money mule activity. In other words, financial institutions can expose suspicious activity across the broader connected ecosystem.
2. Fighting False Pretense Payments
The shifting language of fraud and scams is among the imporant key takeaways from the Nacha Smarter Faster Payments conference.
Nacha is also focusing on the threat of what has typically been referred to as “scams”. Financial institutions will now be required to report “false pretense payments” incidents.
Nacha’s language describes false pretense as “the inducement of payment by a Person misrepresenting (a) that Person’s identity, (b) that Person’s association with or authority to act on behalf of another Person, or (c) the ownership of an account to be credited.” The new definition is designed to cover a wide range of impersonation scams, including Business Email Compromise (BEC), vendor impersonation, or impersonations of government agencies, law enforcement, or financial institution staff.
There is an exception to the false pretenses label. The rule will not apply to transactions involving “fake, non-existent or poor-quality goods or services.”
Nacha’s new rule requires financial institutions to report incidents of false pretense payments. Recording these deceptive tactics enables institutions to heighten their vigilance against such activity and better protect their customers.
3. Payment Originators on Alert
Originators of payments will also face new requirements under new Nacha rules, including fraud protections for both authorized and unauthorized activity.
Nacha currently requires payment originators to use a “commercially reasonable fraudulent transaction detection system” to screen payments. Under the new rules, Nacha will remove the “commercially reasonable” language entirely and replace “detection system” with “processes and procedures.”
These new rules are designed to prevent unauthorized fraud tactics like account takeover (ATO). The language change requires institutions to ensure they have implemented protections that monitor who is sending payments as an ACH credit. Effective protections should include both the right technology and robust protocols to identify and respond quickly to suspicious activity.
GenAI & LLMs Prompt New Fraud Prevention Urgency
It’s an unfortunate reality that fraudsters are the fastest innovators. Advancements in large language models (LLMs) and GenerativeAI have made fraudsters’ deceptions considerably more convincing.
The threat of fraud from deepfakes is particularly elevated in businesses where invoice fraud, BEC, and CEO fraud can target employees. Fraudsters have acquired a deep understanding of many financial institutions’ internal operations and procedures, elevating the threat of business fraud.
For example, fraudsters can send an email pretending to be a CEO and requesting immediate payment to a new account. Most financial institutions recommend calling the requester by phone to confirm the unusual request. However, fraudsters are familiar with this procedure and prepare accordingly. They can use a deepfake voice recording to pretend to be the CEO and convince the employee to approve the transaction.
These scams are becoming increasingly common…and effective. Case in point, an employee at an energy company was deceived into sending a significant amount of money after fraudsters used a deepfake voice clone of the company’s chief executive.
Sophisticated scenarios like these will become more commonplace as criminals leverage GenAI.
Key Takeaways and Actionable Steps from the Nacha Smarter Faster Payments Conference
Increased payment speeds, new fraud monitoring requirements, and advancements in technologies like LLMs and GenAI are among the key takeaways from the Nacha Smarter Faster Payments Conference.
What can financial institutions do next? Here are three key recommendations that financial institutions can implement from the Nacha conference’s learnings.
1. Invest in LLMs for Fraud Investigations
Fraud analysts constantly face a mountain of data to sift through when conducting investigations. LLMs can act as research assistance for fraud investigators, quickly answering complex questions and helping analysts shift away from manual and time-consuming tasks.
Financial institutions can use LLMs to review and analyze data rapidly. Investments like this will streamline fraud investigations and free investigators’ time to focus on high-priority cases instead.
2. Use GenAI for Rule Authoring and Model Creation
Streamlining fraud investigations is not the only opportunity financial institutions have to capitalize on advancements in AI. Financial institutions can also simplify the rule-writing process using GenAI. For example, instead of coding rules, personnel can verbally describe the rules they want. GenAI can then draft the code for them, doing the heavy lifting in seconds.
Writing new rules simply by speaking or typing is a significant time-saver. Financial institutions can also ensure the rules are accurate and tested before they are implemented.
3. Focus on a Unified Operational Approach Between Fraud, AML and Cyber
Collaboration has been described as the holy grail of fighting fraud. However, collaboration refers to more than joint work and policy solutions for data sharing with external bodies (including telcos, marketplaces, law enforcement, and networks). It is also an imperative to break down internal data silos within a financial institution.
The most forward-thinking financial institutions are moving toward a unified approach between their cyber, fraud, and AML teams. This approach starts with building detailed 360-degree reference data at the customer level, which can deliver insights into downstream transaction monitoring activity and benefit cross-functional teams.
Such reference data, typically including billions of data points in customer journeys across channels and products, is even more attractive now. Machine learning analytical tools, including automated machine learning, supervised and unsupervised models, and graph databases, can now deliver improved real-time insights and actions. Meanwhile, cloud-driven applications and architectures enable increased agility to work with changing data parameters.
Conclusion
Faster payments will lead to happier customers and businesses. But before financial institutions can tap into the full range of opportunities available from faster payments, they must ensure these transactions are secure.
Nacha’s new rules open up new opportunities for financial institutions to deliver the benefits of faster payments while protecting customers from fraud and false pretense payments. Financial institutions can proactively purge money mule accounts from their systems, making their organizations off-limits to bad actors.
Fraudsters might be the earliest adopters of tools like GenAI and LLMs. However, financial institutions can use these same tools to fight fraud. Implementing these technologies can free fraud analysts’ time to tackle tough cases, enable faster rule-writing, and break down internal data silos allowing fraud, AML, and cyber to collaborate more effectively.
Measures like these are vital to staying ahead of the curb and making faster payments smarter and more secure.