Skip to content

Direct Debit Fraud at an All Time High

It is worthwhile remembering that there is actually more than one victim involved in Direct Debit fraud. The Paying Bank executes the payment against a fraudulent direct debit mandate, and the Collecting Bank receives the fraudulent payment, whose customer provides goods and services – for simplicity let's assume they are in fact legitimate in the first place.

Under scheme rules the Collecting Bank is obligated to indemnify the Paying Bank up to a specific threshold limit where payment has been made by mistake (including fraudulent payments). So the actual victim here is not just the Paying Bank’s customer whose details were stolen, but also the Collecting Bank and their customer who in good faith provided goods and services to the criminal against a fraudulent payment instruction.

This is not a new theme. Those financial crime professionals that are old enough will also remember and be familiar will the old Direct Debit telegraphic transfer directory scam in the mid 1980s. However, Direct Debit and ACH fraud does need to be taken seriously This is also not just a domestic problem. Reg E in the US also exposes banks to fraud threats and requires careful management.

Fortunately there are a number of tools that banks can employ to help identify this type of fraudulent activity, possibly one of the most common and successful being ‘out of band’ communication – where the bank contacts the customer using a mobile phone call or SMS message for example, to confirm the new mandate instruction. This method can also be used as a verification tool for any type of transaction to confirm its legitimacy – including online payments or even debit or debit card transactions. For banks, the priority is identifying fraud accurately at the first possible opportunity, and stopping the criminals in their tracks.

Andy Morris

Risk Business Solutions Consultant

ACI Worldwide