On October 3, 2016, NACHA Rules will be implemented for the assessment of fees for unauthorized debit entry submissions. After that date, OFDI’s will be required to pay a $4.50 unauthorized debit fee to RDFI’s for each returned ACH debit coded with return reasons R05, R07, R10, R29, and R51. Although the anticipated gain for ODFI’s is an enhanced capacity to better manage originator risks (and for RFDI’s, increased revenues through the collection of unauthorized entry fees), NACHA believes that the entire ACH network will benefit from the endeavor because of overall industry systems upgrades. Between now and then, ODFI’s should be in the process of tightening their systems for validating originating debit entries so that they can prevent those future unauthorized entry fee payments.
ODFI Systems Need Reviewing and Enhancing
With both the oversight and financial burdens of unauthorized debit entries shifting to ODFI’s, their existing entry originating validation processes should be reviewed. At the very least, a systemic analysis from all originators through to the ODFI’s existing procedures should be performed to identify and close gaps that may let fraudulent entries pass through. Current customers and other originators with high volumes of entries that result in unauthorized returns will need to modify their activities if the ODFI intends to avoid fines because of their practices.
The bigger challenges, however, are the ever-impending threats of financial fraud and breaches in cyber security. Past incidents of data breaches have been widely reported and have resulted in the loss of billions of dollars from both merchants and their consumers. According to a new study, it is almost a certainty that these types of nefarious events will increase in both number and scale in the years to come.
Internet Theft and Fraud
The Consumer Sentinel Network is a database maintained by the Federal Trade Commission (FTC) containing over 10 million reported claims of consumer fraud and identity theft gathered from national law enforcement agencies from 2010 through 2014. Just in 2014, 2.5 million complaints were filed, alleging more than 30 types of consumer fraud.
Analysis of that 2014 data revealed that 8.2 percent (205,000) of those fraud complaints were related to checking, savings, deposit accounts, and electronic transfers; 17.4 percent (435,000) of the complaints were related to credit card fraud, and 9.2 percent (230,000) were related to employment and loan fraud. Government benefits fraud constituted the biggest percentage of complaints, at 38.7 percent.
Cybercrime is also growing. The Internet Crime Complaint Center (IC3) was created in 2000 to monitor Internet-related criminal activity. Again, in the single year of 2014, over 123,000 verified complaints involved a significant dollar loss, the total of which is estimated to be as much as $800 million.
For data breaches, where confidential consumer information is stolen, 2014 was also a banner year. Database breaches at two of America’s largest health care insurers compromised the privacy of more than 88 million people, 78 million of Anthem’s customers, and 11 million customers of Premera Blue Cross. Even more shocking (and embarrassing), the U.S. Government was also hacked, exposing the data of more than 14 million of its personnel. The Center for Strategic and International Studies (CSIS) estimates that the cost to the global economy of these and other cybercrimes ranges from $375 billion to $575 billion per year.
Clearly, ODFI’s have an uphill battle as they seek to implement systems and strategies to defend against both the criminal acts of others and the potential fines they might face for failing to do so. Confronting the challenge early on is the best course to ensure that system-wide improvements are in place and operational come Fall 2016. Not only will ODFI’s be avoiding fines, but they’ll also be improving their customers’ experience by providing truly safe and secure electronic banking services.