Coris’s mission is to modernize risk infrastructure for software platforms serving SMBs. To achieve this mission, we’re constantly building products that address emergent forms of fraud in a systematic and AI-driven way.

Today, we’re excited to introduce the world’s first ACH fraud model built specifically for software platforms’ unique needs. It automatically scores incoming ACH payments via Stripe Connect for their likelihood of return, empowering software platforms to reduce fraud losses and lower unauthorized ACH return rates.

Read on to learn more, and contact us to get started today. 

‍

What is ACH fraud?

ACH payments are on the rise: they represented $80 trillion in total dollar value in Q2 2024, and are the preferred payment method for large ticket transactions (e.g., contractor construction payments). However, with greater usage comes greater risk: 30% of businesses have experienced ACH credit fraud (which we define as illegitimate ACH returns). 

Legitimate ACH returns often occur within the first week following a transaction, and are typically due to bank account issues (e.g., insufficient funds, frozen / closed account, incorrect account information). 

Illegitimate ACH returns typically occur later and up to 60 days after a transaction. Oftentimes these returns are due to first-party “friendly fraud”: the customer legitimately purchased and received the product / service, but disputes it because they aren’t happy with it or no longer have use for it. Since ACH transactions can’t be disputed on the basis of delivery or quality issues, customers fraudulently submit these return requests as unauthorized transactions.

Fraudulent ACH returns negatively impact merchants and software platforms:

• Merchants initially absorb losses. For small merchants with high ticket transactions, these losses can quickly add up and jeopardize their business.
• If a merchant can’t or won’t absorb the losses, the liability is passed onto the software platforms that serve them. Since ACH generates lower fees than other payment methods, these losses can undermine the economics of accepting ACH payments. 

‍

Existing payment fraud tools don’t analyze ACH transactions holistically

There is no publicly-available ACH payment fraud product that looks at SMBs’ ACH transactions comprehensively. This means that software platforms are often flying blind when accepting these payments.

Traditional payment fraud tools such as Stripe Radar have only focused on transactional fraud arising from credit card payments. While some companies have started to address ACH payment fraud, they are typically only addressing ACH fraud based on payer bank account metadata. For example, they might use a bank verification provider to check a customer’s real-time balance to avoid rejections due to non-sufficient funds (NSF), or other common account verification issues. These tools don’t analyze ACH transactions themselves. 

Moreover, many software platforms possess unique metadata on their customers – reviews, invoice payments, invoice attributes, etc. – that can be crucial to predicting the likelihood of ACH fraud at the transactional level. However, there hasn’t been an easy way to translate this data into insights.

After seeing the positive feedback to CorShield, our SMB onboarding fraud model, our team started to wonder: can we use similar mechanisms to address other forms of fraud throughout the SMB journey, such as ACH payment fraud?

‍

How our ACH fraud model works

Our ACH fraud model can significantly drive down ACH fraud losses. It automatically triangulates known information on the ACH payment and payer, and generates a score predicting the likelihood that the ACH payment might be returned.

Here’s how it works:

1. Set up integration with Stripe Connect. Simply generate and share a new restricted API key, and we’ll take care of the rest.
2. Receive webhook notifications when an ACH-related charge happens.
3. Automatically collect all of the details related to that payment and payer. This information comes from Stripe, MerchantProfiler, proprietary email and phone data, and metadata from the software platform. For example, if a construction software platform accepts an ACH payment from a contractor with consistently low Google reviews, these reviews could be indicative of higher ACH risk. These reviews will be collected by MerchantProfiler and incorporated into the ACH payment fraud score.
4. Analyze this information to generate an ACH payment fraud score. Scores range from 0 to 100, with 100 indicating a high likelihood of fraud. For each score, we also share the top 3 reasons for the score.
5. Redirect suspicious payments to manual review or automated actions. Customers using Fuzio, our case management platform, can set custom fraud score thresholds and automatically forward ACH payments exceeding these thresholds to manual review. They can also set up automated actions for these ACH payments, such as a delayed payout for the merchant.

‍

Want to learn more?

Our ACH fraud model can be used alongside CorShield, our SMB onboarding fraud model, and Fuzio, our SMB risk management platform, to develop a comprehensive SMB risk & fraud management strategy.

‍Contact us if you’d like to learn more, or if you have an additional payment fraud use case you’d like us to investigate.