From Gateway to Gatekeeper: The Role of Private Industry Players in Detecting and Preventing Fraud Moderator: Tracey Thomas, Staff Attorney, Division of Marketing Practices, FTC Panelists: Jack Christin, Senior Regulatory Counsel, eBay/PayPal Jane Larimer, General Counsel, NACHA – The Electronic Payments Association Clifford Stanford, Assistant Vice President & Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta James Paravecchio, Group Manager, Fraud Risk Management Operations, Verizon Tim Cranton, Associate General Counsel, Microsoft Corporation Panel 3: 1:30 – 3:00 pm
Jack Christin Senior Regulatory Counsel eBay/PayPal, Inc. San Jose, CA
ACH Network Detecting and Preventing Fraud February 25, 2009 Jane Larimer EVP ACH Network Services General Counsel NACHA -The Electronic Payments Association
NACHA is the administrator of the ACH Network, responsible for: Developing and maintaining the NACHA Operating Rules Performing Network risk management Administering the National System of Fines to enforce the Rules Educating payment system participants Risk events are addressed proactively when they occur Risk events are managed to minimize the long-term effect on consumers and financial institutions. Implementing NACHA’s risk strategy includes amending the NACHA Operating Rules, disseminating best practices and developing tools to manage the risk profile of the Network on an ongoing basis. Risk trends look positive for the ACH Network. As the ACH Network’s utility has been expanded, there has been great attention to risk and fraud mitigation. The ACH Network has experienced lower rates of return for unauthorized entries and other returns indicative of fraud. The ACH has gained visibility from a regulatory perspective. Since 2006, the OCC has issued guidance on managing risk related to ACH activity twice ( and ) Since 2001, debit unauthorized return rates reduced from.09% to.04%. The ACH Network …Risk Management is a Priority
ACH Network Unauthorized Debit Rate – … Continuing To Decline The rate of unauthorized transactions in the ACH Network has been historically low. The peak for unauthorized transactions in the Network was realized in 2002 with telemarketing abuse of the TEL application. Since than, NACHA and the Operators’ attention to Network risk management shows in a consistently declining return rate for transactions returned as unauthorized.
NACHA Risk Management Initiatives …Significant progress has been made along a Risk – Quality Continuum The ACH Network is safe and secure. Proactive work on initiatives outlined on the risk quality continuum include developing rules and managing risk at NACHA and across all network participants to result in a low risk payment network.
“Traditional” fraud included telemarketing fraud, credit repair, and membership clubs. The Internet provided a new vehicle for companies who would perpetrate fraud and could use the anonymity provided by the Internet. The traditional frauds are present, plus key logging and phishing attacks were added to the arsenal. OCC : list of high risk originators include: –Online payment processors –Credit repair services –MOTO companies –Internet gambling –Offshore businesses –Adult entertainment Fraud Trends
September 2007, Capital Credit Alliance, Inc. and Consumer Credit Services, Inc. (CCA/CCS) filed suit against NACHA. CCA/CCS sought: –Temporary restraining order (TRO) against NACHA due to “NACHA’s arbitrary, capricious, and unwarranted imposition of monetary fines” against CCA/CCS. –Declaratory judgment that they are not and have never been in violation of the NACHA Operating Rules. –Reimbursement for fines assessed. Litigation
Nevada Attorney General filed an amicus brief in support of NACHA’s opposition to the TRO. January 2008, the US District Court of Nevada denied CCA/CCS’ Motion for Preliminary Injunction and TRO. The Court found that CCA/CCS failed to demonstrate a likelihood of success on the merits. In assessing this the Court stated: –even a cursory review of the transcripts and authorization forms…demonstrate that Plaintiff’s method of attaining authorization for debit transactions is deceptive, and in violation of the NACHA Operating Rules. Litigation
The Court stated further: –the public has a strong public interest in the enforcement of the NACHA Operating Rules, as unauthorized transactions create significant problems for consumers whose bank accounts are improperly debited, and for financial institutions forced to incur the expense of investigating and correcting unauthorized transactions. February, 2008 CCA/CCS voluntarily dismissed their lawsuit against NACHA.
Clifford Stanford Assistant Vice President & Director Retail Payments Risk Forum Federal Reserve Bank of Atlanta Atlanta, GA
A Catalyst for Collaboration
The views expressed in this presentation are those of the presenter and do not necessarily reflect the views of the Federal Reserve Bank of Atlanta or the Federal Reserve System.
The Environment: Some Key Challenges –Check payments still highest driver of fraud despite volume decline –Potential movement of fraud from checks to ACH –Ever increasing occurrence of ecommerce Consumer personal and financial information more vulnerable More transactions processed without customer and merchant physical interaction –Increased interest in protection of consumer information Reputation risk of possible data breach –Slow to implement cross channel fraud monitoring –Proliferation of prepaid cards with fraud vulnerabilities »Source: “A summary of the roundtable discussion on retail payments fraud”, Federal Reserve Payments System Policy Advisory Committee, March 2007
Noncash Payments Increased at Annual Rate of 4.6% from 2003 to 2006 *CAGR is compound annual growth rate. Source: Federal Reserve Bank of Boston [2007 Federal Reserve Payments Study]
Distribution of Noncash Payments – Value vs. Number (2006) Payment Type Percentage (Number) Percentage (Value) Checks paid33%55% ACH16%41% EBT1%0% Debit card27%1% Credit card23%3% Source: The 2007 Federal Reserve Payments Study
Check Fraud Increasing Despite Decrease in Check Volume Check Volume –30.6 billion checks paid in 2006 (down 6.4% since 2003) 1 Check Fraud –Counterfeit checks resulted in loss of $271 million for banks in % increase from 3 years prior –Check-related fraud overall – $969 million in »Source: 1 The 2007 Federal Reserve Payments Study; ABA Deposit Account Fraud Survey Report
2007 ABA Deposit Account Fraud Survey CHECK FRAUD AGAINST BANK DEPOSIT ACCOUNTS (Industry Estimates) Source: American Bankers Association
Highlights from AFP Fraud Survey (2008)– corporate perspective 71% of organizations were victims of actual or attempted payments fraud (check, ACH, cards, or wire) in % of organizations experienced some financial loss as a result of attempted payments fraud –median loss was only $13,900 Almost all organizations (94 percent) that experienced attempted or actual payments fraud in 2007 were victims of check fraud. –17% reported a financial loss from check fraud –Organizations were much less likely to be subject to fraud from electronic payments than from checks
A Closer Look at ACH Payments Number of ACH payments billions CAGR ( ) Total change (billions) ACH payments 18.6%5.8 Converted checks 98.7%2.2 Other ACH12.6%3.6 Source: The 2007 Federal Reserve Payments Study
Fraud in ACH Internal ACH fraud Internet-based fraud Telemarketing fraud “Bad” checks converted to ACH Reverse phishing (altering ACH RT and a/c data) Keystroke logging ACH kiting
“Emerging” Payments... ACH eChecks for non-recurring payments Remotely created “Non-Check eChecks” Remote deposit capture (even consumer level) Mobile banking Decoupled debit cards Prepaid cards Payroll cards Contactless cards “PII portals” Etc. etc.
Evolving Fraud Environment Fraudsters are well organized and structured Rings are global Fraud perpetrated across payment types – no longer specialized Improved technology and communication Active market for confidential information
So, what about the regulators and law enforcement? How savvy about retail payments systems? Does the complexity of payments systems hinder efforts? Are consumer protections adequate? Are private sector/self-regulatory efforts adequate? Are there sufficient market incentives, or does more need to be done by regulators and law enforcement? Are adequate resources dedicated? What are the gaps? What collaborative mechanisms work/don’t work? How do we break down the barriers among those with common interests in mitigating risk and preventing fraud?
The Environment: Opportunities? –Holistic solutions that look across all payment systems –Increased collaboration and information sharing across the industry –Enhancements to authentication techniques –Implementation of standards –National fraud-notification systems –Fed-sponsored outreach events, research and analysis »Source: “A summary of the roundtable discussion on retail payments fraud”, Federal Reserve Payments System Policy Advisory Committee, March 2007
Retail Payments Risk Forum The Retail Payments Risk Forum is a catalyst for collaboration among thought leaders in the retail payments risk management arena to: –convene interested parties, –promote actions to mitigate risk, –conduct research and analysis, and –provide education. Portals and Rails blog –portalsandrails.frbatlanta.org
James Paravecchio Group Manager Fraud Risk Management Operations, Verizon Denver, CO
Tim Cranton Associate General Counsel Microsoft Corporation Seattle, WA
Questions?
From Gateway to Gatekeeper: The Role of Private Industry Players in Detecting and Preventing Fraud Moderator: Tracey Thomas, Staff Attorney, Division of Marketing Practices, FTC Panelists: Jack Christin, Senior Regulatory Counsel, eBay/PayPal Jane Larimer, General Counsel, NACHA – The Electronic Payments Association Clifford Stanford, Assistant Vice President & Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta James Paravecchio, Group Manager, Fraud Risk Management Operations, Verizon Tim Cranton, Associate General Counsel, Microsoft Corporation Panel 3: 1:30 – 3:00 pm
3:00 – 3:15 pm