A new ACH scheme
We have frequently used a variety of languages (ancient Hebrew, Arabic, German, French, Latin, Spanish, and Urdu, to pick a few of we recall), with some confidence that our readers will understand. But when it comes to understanding the arcania of electronic payments we want to be really sure you understand, so we have included a glossary in front of the article. Electronic payments are replacing check and drafts. As wise and informed people, we need to know the language of this electronic payment frontier. Willy Sutton used to rob banks “because that’s where the money is.” Fraudsters are going to work on the ACH system because that where the money now is.
Glossary for Article
The Automated Clearing House (ACH) Network is a highly reliable and efficient nationwide batch-oriented electronic funds transfer system governed by the NACHA.
NACHA is a not-for-profit association that represents more than 11,000 financial institutions through direct memberships and a network of regional payments associations, and 650 organizations through its industry councils. NACHA develops operating rules and business practices for the Automated Clearing House (ACH) Network and for electronic payments in the areas of Internet commerce, electronic bill and invoice presentment and payment (EBPP, EIPP), e-checks, financial electronic data interchange (EDI), international payments, and electronic benefits services (EBS).
Prearranged Payments or Deposits (PPD), used in an ACH header record to indicate the ACH format being used and to identify…
Once authorization is acquired, the Originator then creates an ACH entry to be given to an Originating Depository Financial Institution (ODFI), which can be any financial institution that does ACH origination. This ACH entry is then sent to an ACH Operator (usually the Fed) and is passed on to the Receiving Depository Financial Institution (RDFI), where the Receiver’s account is issued either a credit or debit, depending on the ACH transaction.
R7 and R10 transactions are where the customer goes to their bank and disputes or revokes debit to their account. These have always been heavily scrutinized and subject to a 2.5% threshold. A higher percentage typically results in suspension of their ACH processing rights.
Written Statement Under Penalty of Perjury (WSUPP) to the ODFI is what is used to dispute ACH transaction usually under R7 or R10.
And now, the article…
Last year we saw another ACH scam, where the NACHA rules worked against a financial institution.
An individual opened a mutual fund account and signed the ACH authorization form. He then phoned to make a $65,000 purchase into the fund, paid with a PPD debit originated to his bank account. A couple days later he phoned and made a $70,000 purchase, again funded by a PPD debit. Then about a month later he phoned to redeem the money, which he did with a PPD credit. All phone calls were recorded and available, as is mandatory in these financial institutions.
About 55 days after the first debit, he went to his bank (the RDFI, in this case) and claimed the two debits were unauthorized. The RDFI, of course, credited him with $135,000 (again!) and sent an R10 to the mutual fund.
The day after receiving the R10 the fund knew it was a fraud, but there is nothing the firm could do to protect themselves under the NACHA Rules (the money was, of course, already gone from the bank.). A WSUPP was requested, and a copy appeared two days before the required delivery deadline – and it was as accurate as most WSUPPs we have seen.
A little research would have shown he had received the $135,000 already into his account, but under the Rules the RDFI has no reason – more to the point no incentive – to question the consumer. But since the RDFI can push all liability onto the ACH Originator, why should they make the effort?
This exposure of all ACH Originators to the “60 day right of refusal” has been around for as long as the ACH, and has been a hurdle for some fund and brokerage firms to use ACH. NACHA steadfastly has refused to even try to find equity or balance in the legal exposure of ACH Originators.
Interestingly, the definition for an R10 in the NACHA Rules (and in Reg. E) says: “An unauthorized debit entry does not include a debit entry initiated with fraudulent intent by the Receiver.” Even though that was clearly the case in our instance, where do you go with that?
Obviously there is legal recourse against the individual involved, but it is a long and very hard road to pursue.
This is one more case that points to the importance of KYC (Know Your Customer). If you’re going to allow customers to originate these types of transactions, as more and more brokers seem to be doing, you need to make sure you protect yourself by underwriting the customer, since you’ve actually created a potential creditor relationship. If you’re unwilling to extend this type of credit, then you shouldn’t be allowing him to originate the transactions involved. Or, at least should be providing some form of reserve and/or credit protection for yourself.