ORLANDO, Fla. — Mix one part encouraging news with one parttruly worrisome news and there are the bookend messages from twopanels during the closing morning of NACHA's Payments 2014conference Wednesday at the Orlando World Center Marriott.

First, the optimistic news. The $6 billion Citizens BusinessBank in Ontario, Calif. has suffered not a dime in ACH fraud lossessince it implemented sophisticated fraud prevention tools fromGuardian Analytics in 2012, said Assistant Vice President RobertPiccini.

Also from NACHA's Payments 2014:
Mobile Warning: Eat or Be Eaten
Mississippi CU and the Underbanked
Same Day ACH Here and Abroad
Mobile Wallets and Payments

Terry Austin, CEO of Mountain View, Calif.-based Guardian Analytics, which claims hundreds of financialinstitution clients, said that Guardian Analytics' tools “look atthousands of different data elements, from what IP they are loggingin with through the device they are using, the browser, even downto the screen resolution settings.”

He added that the process is invisible to customers andcriminals alike. The objective is to detect anomalies – departuresfrom established patterns – before fraudulent activity occurs.

“There are not a lot of false positives,” Austin said. “Dataanalytics is the most accurate way to distinguish illegitimateusers from legitimate.”

He stressed that a complication is that in these cases– typically fraud attempted over the online banking channel– the criminal has valid login credentials. The fraudsterlooks real, at least at first glance, which is why moresophisticated analysis needs to be performed to separate thefraudulent from the honest. But the tools, increasingly, exist.

That was the good news.

However, double doses of bad news arose in a session on emergingfraud trends led by Citibank SVP Brian Todd and David Fapohunda,Citibank director, fraud policy.

Fapohunda delivered the first dose when he said what has beenkeeping him awake at night has not been fallout from the Targetbreach, but rather from breaches suffered by two data aggregators.Specifically naming Dun & Bradstreet as one aggregator,Fapohunda said the companies gather substantial personal andprofessional information on millions of individuals.

“Now fraudsters can easily answer security questions,” hesaid.

In credit card breaches, such as Target's, banks typically are notified of potential problems.But, the data aggregators do not notify banks.

“They may notify individuals whose data was compromised. But notthe bank,” Fapohunda said.

That's left Citi and other financial institutions scrambling notto get tricked by wily fraudsters, he said.

Todd delivered the last bit of bad news: Citibank is seeingsubstantial growth in mobile remote deposit capture fraud.

It is getting much more sophisticated, Todd said, and theprevailing regulations and rules simply have not kept up with thetechnology evolution MRDC represents. That makes sorting outresponsibility and who suffers the loss more difficult.

As for the growing MRDC sophistication, Todd said initially this double dippingusually was to one account. It was easy to detect. Now, criminalsare involving multiple accounts, making it much harder to unravelwhat can be a lengthy chain of deposits.

Fraudulent MRDC is also showing up in new account openings, hesaid.

And worse, although MRDC fraud losses have been well containedso far, mainly due to the low deposit limits imposed by mostfinancial institutions, consumers are pushing for higher limits. Asthose amounts go up, so will fraud, Fapohunda predicted.

“This issue will grow significantly,” he added.