Credit unions' primary ACH-related risk stems from inbound fraud, such as phishing attacks and identity theft. The trouble with fraud is that, by design, it looks like legitimate ACH traffic. And while there is no way to entirely stop fraud, receiving institutions can help detect fraud in its earliest stages to minimize any negative outcome and make all attempts to proactively prevent it.

ACH traffic needs to be monitored by credit unions for spikes in invalid account returns or sudden increases in traffic from a particular originator. Either of these may indicate that a new player has appeared on the network and may be the first noticeable sign of a fraud attempt.

To best protect members, technology solutions that monitor ACH fraud and compliance issues should encompass a comprehensive offering that includes risk identification, risk analysis and quantification, risk response and mitigation and risk reporting and monitoring. Credit unions can respond to any suspicious activity faster if they are alerted to it automatically. Risk is identified early by constantly watching for fraudulent transactions and network violations.

Training service and operational staff to proactively identify and review an ACH issue is a vital part of responding and mitigating ACH risk, as aware and involved staff become dedicated detectives.

Receiving credit unions need to identify originators that are not playing by the rules. These originators cost the entire network money–and most of that cost is borne by the receiving institutions, which incur 100% of the cost of detecting, returning and reporting inappropriate activity against their members' accounts.

Credit unions should use an ACH monitoring system that can accommodate NACHA's regulations as they change to ensure the credit union is compliant with the latest ACH rules. Credit unions using an ACH system that is built only to handle specific business needs and target a specific set of ACH rules risk being unaware of new rules and becoming noncompliant.

If a specific originator violates ACH rules, the first option to handle this situation is for the credit union to contact the originating institution. It's in the best interest of that institution to resolve issues with originators, especially in light of the recently enacted changes to the National System of Fines.

The second option to mitigate any further disputed activity is for the credit union to file a possible rules violation with NACHA. Technology-based solutions can ease the burden of assembling the data necessary to file such a complaint as well as completing the lengthy and complex federal forms, ultimately reducing the cost of filing the rules violation with NACHA.

Another way to combat ACH fraud and maintain compliance is to use an issue tracking system to manage member complaints about ACH transactions. Once an issue has been detected it should be entered into a tracking system to manage all similar instances. A credit union's issue tracking system should be able to associate a specific concern with a particular transaction or set of transactions. Research and analysis will be easier for credit unions that maintain at least a 180-day transaction history and make standard reporting a regular feature.

An ACH reporting system that supports research with features like reports by originating institution and originator allows credit unions to understand where their inbound ACH traffic comes from. Credit unions can also review the larger picture of how the originator on one transaction is interacting with the rest of the accounts.

As member-focused organizations, good sense dictates that credit unions take reasonable steps to proactively identify and report apparent fraud. While the receiving institution is not liable for fraudulent transactions, it's their members who will suffer in the end if they don't.

Carl Daniel is chief technology officer at Laru Corp. He can be reached at 888-527-8007 or at [email protected]