Source: Dept of Treasury, IRS, US Secret Service and CISA

Source: Nacha

Source: Pymnts.com

We have received numerous reports of a well-organized international crime ring that is exploiting the COVID-19 pandemic by committing large-scale fraud against multiple state unemployment programs. The potential losses are in the hundreds of millions, according to the U.S. Secret Service. The activity caught the attention of many savvy payments professionals and your instincts to call TCHPA for guidance have been excellent. With your help, we have been able to work with our industry partners to piece together the details of this unique, elaborate scheme and the impact on our members.

Following is a high-level overview of our findings to date:

• Secret Service has confirmed a known fraud group who have managed to file fraudulent on-line unemployment claims in the names of unsuspecting individuals (many of whom are still actively employed).
• Identities used are likely synthetic, using pieces of various individuals’ Personally Identifiable Information (PII) to simulate one person.
• In some instances, it was a single transaction, while others reported 10 or more transactions to the same account in a single day. In the case where the account holder was watching for the credits, they have typically been newer accounts with low balances until these funds were received.
• In all cases, the payment was for the benefit of someone other than the account holder.
• In some cases, account holders have been enticed to act as a mule and to re-direct the received funds back to the fraudsters, with notable use of the Cash App as a way to complete the transaction. Others have been directed to withdraw the cash and mail it out of the country.
• Some transactions were returned R03 (No Account/Unable to Locate Account). Some RDFIs returned the transactions R23 (Credit Entry Refused by Receiver) after being contacted by their account holder who noticed the credit while checking their banking activity online. In other cases, your fraud detection techniques kicked in and you returned the transaction using the R17 return code (RDFI Believes the Item was Initiated Under Questionable Circumstances).
• Nacha, TCHPA and other payments associations are encouraging financial institutions to remember the various return timeframes and respond accordingly (ACH Rules, Page OR135). In the event fraudulent credits are unable to be returned in the appropriate 2 day time frame; the RDFI can make the decision to utilize the R23 for this instance only.

The plot thickens… This is not about ACH fraud. This scheme started with the filing of fraudulent unemployment applications thereby defrauding states with fictitious identities (identity theft), resulting in the states including these benefits in their properly formatted ACH files. This is also about money laundering as the fraudsters are using routing and account numbers for active accounts, and asking mules to then send the money back out of the country using various methods. You never know what they might do with that information next.

A reminder for RDFIs:

• Always alert your BSA/Compliance Officer when you recognize suspicious activity to ensure you follow proper procedures. As an RDFI you hold no warranties to the validity of the transaction; however BSA/AML calls out willful blindness and obligates the financial institution to take action!
• Your job is to react to suspicious/fraudulent activity in a timely manner, unless you need to freeze the account for an investigation. Consult your account disclosures to ensure you are covered.
• Return what you can using the BEST POSSIBLE return code.
• Counsel your account holders on how to avoid these traps in the future. You might consider establishing a new account for them, since their current account number is known.

A recent New York Times article titled ‘Feds Suspect Vast Fraud Network Is Targeting U.S. Unemployment Systems’ provides additional information about this latest fraud scheme. As always, contact TCHPA Member Support at 800-875-2242 (choose option 3) or email education.services@theclearinghouse.org for additional guidance.