Fraud resulting from account-takeover attacks continues to increase. And the mechanisms by which the fraud is being perpetrated continue to vary as fraudsters use creative ways to ex-filtrate stolen funds from financial institutions. While ACH and wire transfer fraud aimed at commercial account holders continues to be the most damaging and prevalent, an interesting trend has been seen emerging targeting retail customers. Fraudsters have begun to leverage external funds transfer as a new way to defraud customers—only they‘re using account linking to other FIs to “bounce” the transactions around before withdrawing.
Recently, we’ve noticed an uptick in the number of fraud cases (approximately 6 cases involving just over $170k in 2013) reported by our FIs involving fraudulent transactions created via incoming external transfers soon after new accounts have been opened. The general scenario works like this. A new account holder [fraudster] opens an account and enrolls in online banking. Shortly after enrollment, generally less than a month, the fraudster links the new account to an external account, or sometimes multiple external accounts, held at other FIs. The fraudster initiates an ACH-debit transaction, transferring funds into the newly created account. The funds are quickly withdrawn from the account in a number of ways, including ATM withdrawals, checks, or outgoing external transfers. Be on the watch for these types of activities. Examine your existing controls around funds transfer entitlements, and consider implementing additional mitigating controls, including:
- Limit the ability of net new customers to link accounts or initiate external transfers through online banking. Consider using a minimum of at least 30 days after the initial opening of a new account with your financial institution.
- Monitor ACH-debit activity (inbound transfers). Although it doesn’t represent the same risk as an outgoing transaction, it is still important to watch for anomalous activity.
- Review existing entitlements and abilities current account holders have based on historical usage.