When a fraudster either successfully performs account takeover, business email compromise or impersonates vendors or employees, their intent is to send a fraudulently originated ACH or wire transfer payment to an account which they own or have access (i.e., working both sides in the scheme).  It is very likely that the fraudulent account information used on a payment has a routing number and account number combination that hasn’t been seen by a financial institution in the past. This is where New Receiver Alerts come in handy.

New Receiver Alerts involve using the receiver/beneficiary account information on a current originated ACH/wire payment (being sent to other financial institutions) and scanning it against your prior history of originated ACH/wire payments to detect unusual activity. This may be performed automatically via online banking or ACH, wire and fraud monitoring systems, but also via homebrewed database solutions along with manually scanning system-generated ACH/wire reports.

Thus, in situations such as the one mentioned above, if you have any type of New Receiver Alerts implemented systematically or review each payment manually against a database or report system, any new destinations for an ACH/wire payment may be reviewed with your account holder. While your intent of performing new receiver alerts is to catch fraud, they also catch errors caused by typographical errors, which can create great customer service opportunities.

If you have a “new receiver” alert or detected one through your own manual scans, you should reach out to your account holder and review the payment with them. You may want to ask your account holder the following questions:

• Do you know the recipient of the payment?
• How did you obtain account instructions?
• If instructions were sent by email, did you perform a second verification step?

Another “new receiver” review on originated ACH/wire payments could be performed by focusing in on the receiver/beneficiary names (or parts of it) and seeing if the financial institution and/or account number have quickly changed from one wire to another. Sometimes the fraudulent instructions for wires will change from a domestic wire to an international wire. By bringing up the account holder’s wire history, you may observe a sudden change in account instructions despite the recipient’s name remaining mostly the same.

Depending on your ACH and wire volume, you may want to establish a dollar amount threshold for automatic review for any new receiver alerts or reviews on originated payments.  Employers are constantly hiring new people while utility companies are adding new clients, and that may trigger multiple lower dollar amount new receiver alerts. Whatever your new receiver reviewing process may be, just make sure that it’s outlined in your policy, procedures and control documentation.

Remember, as a payments professional, you’re not just working at a financial institution to handle deposits and process payments, but you are there to protect your account holders from risk. If you’re reviewing a new receiver alert with your account holder and some of the questions still prompt red flags, you may consider not processing the payment (review with your management or fraud groups).  Sending payments is a privilege and not a right.

As a registered “sending point” for ACH/wire payments and assuming the most liability as a participant in these transactions, your institution has every right to be cautious when sending payments to a never-before-seen destination. If your new receiver alerts/review catch a valid fraudulent payment or errors, those frowns from your account holders will turn upside down when you saved them from enduring a loss. This will also allow your financial institution and account holder to celebrate instead of questioning what went wrong to allow a fraudulent payment to be sent and who is financially liable.

Republished with permission from EPCOR