Payments Industry News

Personalize Your Experience

Archive

RMAG Issues Alert on Double-Sided Spoofing

A new credit-push fraud scheme is being used to target financial institutions and their commercial clients. Nacha’s Risk Management Advisory Group (RMAG) member banks reported seeing the new scheme late last year. RMAG serves in an advisory capacity to Nacha on risk-related topics to assure the ongoing strength, stability, and quality of the ACH Network.

The scheme starts with the fraudster calling the customer and representing themselves as the financial institution or law enforcement. The fraudster convinces the targeted commercial customer to provide login credentials and additional security information that can be used for the second step in the scheme. 

Using that information, the fraudster then calls the financial institution posing as the commercial customer and asks for the token on their device to be reset. Once the token is reset, the fraudster logs into the victim’s account at the financial institution and proceeds to submit ACH credit and wire transactions to be sent to receiving accounts the fraudster controls at other institutions. 

Click Read More below to learn recommended actions for defending against this scheme.

Print