ACH Fraud: The Great Debate

Security Vendor, ABA Square Off with Opposing Views on How to Protect Banks, Businesses from Corporate Account Takeover
ACH Fraud: The Great Debate
Is a legislative remedy needed to protect banking institutions and businesses from the ravages of online fraud? Depends on whom you ask.

In separate interviews this week, Doug Johnson of the American Bankers Association (ABA) and Jim Woodhill, a security services vendor, offer diametrically opposed perspectives on this issue of how to prevent corporate account takeover.

Woodhill, founder and chairman of Chicago-based Authentify Inc., is currently lobbying for more protections for small business. Pointing to the PlainsCapital-Hillary Machinery case, which revolved around the definition of "reasonable security," Woodhill says banking institutions won't provide commercial customers with more protection unless they're forced.

"We can't stop ACH fraud, but we can stop the (commercial) victims from being stuck with the losses from ACH fraud," Woodhill says in his interview with Tom Field, editorial director of Information Security Media Group, publisher of this site.

Amending Reg E, which currently protects only consumers - not businesses -- would be a good first step, Woodhill says.

"We've been to Washington, D.C. a number of times and met with members of the House Committee on Financial Services, Subcommittee on Financial Institutions and Consumer Credit, and the Senate Banking Committee, Subcommittee on Financial Services," Woodhill says. "In just about every case, it's a complete surprise, and they don't believe you have the story right. It sounds impossible, you know, that banks would allow this to happen to their commercial customers."

Johnson, vice president of risk management policy for the ABA, says amending Reg E is a bad idea -- one that would pit banks against their commercial customers.

"(Changes) on the retail side of Reg E would completely absolve a retailer from any responsibility, and you can see from a community bank standpoint how that might not be effective," he tells Field. "When you place Reg E protections, legislatively or otherwise, in the business account environment, you potentially do tremendous violence to the business model, [create] tremendous disincentives for the banks to provide basic products for our commercial customers that they have come to expect."

Rather, Johnson sees stronger protections against database breaches coming from a more collaborative approach one that takes FI and business interests to heart.

"I do reject the notion that somehow community banks don't have the ability to protect their smaller business customers," he says. "Community banks, just like larger banks, have the ability to protect customers. ... I think the biggest risk we face here with corporate account takeover is the damage it does to financial institutions and customers. Because I do believe at the end of the day, it's all about shared responsibility to protect accounts."

For more, please listen to audio of the Woodhill and Johnson interviews.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.