According to IBM, anomaly detection is the “identification of observations, events or data points that deviate from what is usual, standard or expected, making them inconsistent with the rest of a data set.”
In the payments world, anomaly detection helps financial institutions and ACH or wire Originators identify activity that is unusual compared to historical ACH or wire transfer patterns. Most of your organization’s transactions are likely recurring with the same employees, vendors, utilities, accounts payable/receivable recipients or lenders. Anything that deviates from this baseline stands out as atypical and may warrant review with the Originator or Receiver.
Two common anomaly scenarios include:
- New Receiver set-ups: Account and routing number combinations that have never been used before.
- Changes to existing Receivers: Sudden account or routing number changes, often authorized through methods that don’t meet legal requirements, such as email, fax or regular mail.
An anomaly detection service can flag these deviations, alerting the financial institution or originating account holder for further review. Beyond fraud detection, anomaly detection also mitigates operational risks, such as keying errors on ACH or wire entries. This aligns with UCC 4A-201, which calls for “security procedures” to detect errors in transmission or payment content. Nacha’s recent Supplement #2-2024, which complements the new 2026 ACH fraud monitoring rules, further advises “stopping further processing of a flagged transaction” and “consulting with other internal monitoring teams or systems to determine if the transaction raises other flags,” while also contacting those who forwarded the payment info or entries afterward.
Your organization can implement an anomaly detection system with:
- System Vendors: Many core banking systems offer services that can screen ACH and wire transactions before transmission.
- Fraud Application Plug-ins: ACH and wire systems often include fraud or anti-money laundering (AML) plug-ins to detect patterns in regular payment activity.
- Federal Reserve: Their FedDetect® Anomaly Notification for FedACH Services creates alerts regarding notifications of change, Same-Day ACH and micro-entries. Other Federal Reserve Bank services may create other alerts or reports for you. Contact your Federal Reserve Bank account representative for more information.
- Internal IT Solutions: Teams with skills in Access, Excel, Structured Query Language (SQL) or other data tools can create custom anomaly detection workflows and allow you to test current ACH/wire payments.
To support our members, EPCOR has developed the Origination Detector — a FREE Excel-based tool designed to help financial institutions or Originators identify anomalies in ACH or wire transactions. Users can compare archived ACH files or account information against current entries.
Any entry that is contrary to the archived data stored in the Origination Detector will present one of the following alerts:
- Recurring but 10% Excess of Average
- No Previous History – Review
These alerts provide the opportunity for financial institutions to review with their Originators or allow Originators to review with their Receivers using verified contact information — not email or untrusted sources.
The Origination Detector can help with the following use-cases:
1. ODFIs reviewing ACH files or payments sent by Originators or Third-Party Senders (TPSs).
2. TPSs reviewing ACH files or payments sent by Nested TPSs or their Originators.
3. Third-Party Service Providers reviewing received ACH files or payment information.
4. ACH Originators reviewing their own ACH files for atypical activity.
5. Financial institutions reviewing wire requests versus historical data.
6. Wire Originators reviewing their previously sent wires.
The Origination Detector can be used depending on transaction volume — either one sheet per Originator or a single sheet for all originations. The archive holds up to 20,000 rows of ACH files and 20,000 rows of wire data. Proper documentation and procedures should accompany its use, ensuring the financial institution maintains responsibility. Check out this tutorial video to learn how to set up the tool, interpret alerts and integrate the Origination Detector into your organization's risk management process.
Personally, catching “new Receiver” alerts is the most effective way to prevent fraud and reduce errors. Transactions sent in error can be difficult to recover, so using systems or Excel-based tools proactively can stop multiple ACH or wire fraud incidents before they reach a fraudster. Utilizing systems and Excel-based spreadsheets, I can proudly say that I stopped multiple ACH or wire fraud incidents dead in their tracks before being transmitted to the fraudster. Even without costly systems or specialized expertise, this simple Excel sheet can help prevent headaches and keep your program secure.
|
|
Master the basics of ACH and build a strong foundation in payments at Virtual ACH Day Camp! Join our expert trainers March 24–25 for an interactive and engaging experience that covers ACH history, technical fundamentals, risk management and more. Get ready to participate, learn and connect in a way that makes ACH concepts stick! |