ACH Fraud Rules

The Unit21 Out of the Box ACH Fraud Rules are designed to help your team quickly identify and act on potential fraud risks. ACH transactions are a common target for fraudsters, so we’ve built five rules that are ready to use right out of the box.

For instance, our rules can flag transactions where the receiver’s name doesn’t match the account holder's or highlight transactions with a high risk of being returned with an R10 code. They can also quickly detect patterns like repeated failed validation attempts or duplicate ACH transactions.

Using these rules lets your team spot suspicious activities faster, helping you keep your operations secure and compliant. The following sections will walk you through each rule and the data needed.

1. Mismatched Account Information

Transactions, where the name of the receiver on an ACH transaction does not match the name of the user on the account, may indicate suspicious activity. This can happen when fraudsters gain access to someone else's bank account details and attempt to route payments to their accounts.

This rule flags ACH transactions where the name of the receiver entity does not match the name of the sender, using a fuzzy matching algorithm to determine if there is a match or not.

Data needed: The sender and receiver entities should be defined on the transaction. The rule also needs transactions with an ACH-classified transaction type.

2. ACH Risk Score

Unit21’s machine learning model provides a risk score based on how likely an ACH transaction is to be returned with an R10 code.

This rule is designed to flag ACH transactions with a high-risk score, as defined by the risk score threshold.

Data needed: The sender or receiver entity being flagged should be defined on the transaction. The rule also needs transactions with an ACH-classified transaction type and requires an ACH Risk Score model. Please reach out to support or your CSM for more details.

3. Consortium Flagged ACH Originator or Receiver

Originators or receivers on an ACH transaction who have been previously blocked in the Unit21 Consortium may be more likely to commit suspicious activity. The Consortium provides information on why the user was blocked and how recently they were blocked.

This rule is designed to flag sender or receiver entities that have been flagged in the Unit21 Consortium when performing ACH transactions. These entities can be flagged based on their blocked reason and how recently they were blocked in the Unit21 Consortium.

Data needed: The sender or receiver entity being flagged should be defined on the transaction. The rule also needs transactions with an ACH-classified transaction type.

4. Suspicious Duplicate ACH Transactions

Fraudsters may try to steal money from a bank customer's account by initiating the same ACH transfer multiple times. This tactic relies on customers not noticing the repeated withdrawal. They may sometimes create fake business names as the receiver to make it seem realistic.

This rule flags sender entities when they send 2 or more ACH transactions with the same sender, receiver, and amount within a short period of time.

Data needed: The sender and receiver entities should be defined on the transaction. The rule also needs transactions with an ACH-classified transaction type.

5. Multiple Failed Validation Attempts

Before setting up ACH payments, accounts typically undergo validation processes like prenote transactions or micro-deposits. Suspicious activities during these validation stages, such as multiple failed validation attempts, can indicate potential ACH fraud.

This rule flags entities based on the number of action events with a specific status, such as a "Validation Attempt" with a "Failed" status, in a short period of time.

Data needed: The rule needs action events and their status related to ACH fraud. Each action event should also be mapped to a user in the entities table.