April 16, 2026
Nacha, a nonprofit organization that governs the Automated Clearing House (ACH) Network, is pivotal in overseeing account-to-account money transfers, which amounted to 31.5 billion payments valued at $80.1 trillion last year. One significant threat Nacha aims to combat is the Business Email Compromise (BEC) scam, where cybercriminals gain access to corporate email accounts to conduct unauthorized transfers using payment methods like ACH.
In the past, victims of ACH payment fraud had to navigate a cumbersome process involving multiple parties to request returns for fraudulent transactions. Michael Herd, who administers the ACH network, emphasized the urgency of addressing fraudulent activities promptly to prevent fraudsters from swiftly withdrawing or moving funds.
Nacha’s new rules will gradually roll out from October through early 2026. These rules empower banks involved in ACH transactions to monitor and take action against suspicious activities without waiting for formal requests or customer claims. While banks receiving funds remain non-liable for fraudulent transactions, they now have a defined role in monitoring ACH payments and can delay fund availability to investigate suspicious transfers. Additionally, originating banks can request returns for any reason, enhancing the overall security and accountability within the ACH ecosystem.
Despite the focus on ACH transactions, the principles and techniques outlined in these rules have broader applicability to all credit-push payment methods. While Zelle has faced scrutiny from lawmakers like Sen. Elizabeth Warren due to fraud concerns, the emphasis on proactive monitoring and prevention strategies underscores the industry’s commitment to enhancing security across various payment platforms.
In conclusion, the new Nacha rules represent a significant step towards combating payment fraud in business transactions. By combining proactive prevention measures with regulatory compliance, businesses can better protect themselves against evolving threats in the digital payment landscape. Quinte stands ready to assist and collaborate with financial institutions in effectively adapting to these changing fraud prevention regulations.
The landscape of fraud in business payments is evolving, with cybercriminals increasingly targeting credit push payments through sophisticated schemes like Business Email Compromise (BEC) fraud. Nacha, the governing body of the Automated Clearing House (ACH), has responded by introducing new rules to combat this growing threat.
The Challenge of Irrevocable Push Payments
Traditionally, push payments have been considered irrevocable, providing fraudsters with an attractive opportunity to exploit unsuspecting businesses. A credit push, a common payment method for businesses to pay suppliers or manage payroll, hinges on the accuracy and vigilance of the finance team in verifying recipients.
The Rise of BEC Fraud
BEC fraud thrives on convincing impersonation tactics, where cybercriminals pose as legitimate suppliers or payroll entities to deceive businesses into making irreversible payments. The FBI’s 2023 report highlighted BEC as the second most prevalent form of fraud, resulting in substantial financial losses exceeding $2.9 billion.
Introducing New Fraud Prevention Rules
Nacha’s latest rules empower financial institutions to take proactive measures against fraudulent activities:
- ODFI Authority: Originating institutions can request an ACH return for suspicious transactions.
- RDFI Oversight: Receiving institutions have the flexibility to delay crediting funds for investigation and can initiate returns without customer complaints.
These rules mark a significant stride towards safeguarding customers and thwarting fraudsters’ attempts to exploit vulnerabilities in payment systems.
Balancing Prevention and Cure
While these rules offer vital recourse for fraud victims, it is crucial to acknowledge the potential cost implications associated with ACH returns. Emphasizing prevention strategies and over-reactive measures remains paramount in mitigating financial risks and protecting businesses from fraud.
Leveraging Data and Enhanced Security Measures
Businesses can enhance due diligence before executing transactions by scrutinizing recipient information through bank consortia and open banking sources. For high-value payments, introducing additional verification steps like user confirmation or supplementary information submission adds a layer of security against fraudulent attempts.
Collaborative Success Stories
Collaborative efforts between industry players like Sardine and companies like Airbase have yielded tangible results in combating fraud. In Southeast Asia, Tookitaki takes similar initiatives, each employing unique collaboration approaches.
In conclusion, while the new Nacha rules represent a positive step towards combating payment fraud, a holistic approach that combines proactive prevention strategies with regulatory compliance is essential in safeguarding businesses against evolving threats in the digital payment landscape.
Quinte assists and collaborates with banks and credit unions to ensure timely, cost-effective, and proactive responses to changing fraud and compliance regulations.
