An earlier NACHA report may bear repeat ref from Feb: http://internetcouncil.nacha.org/News/news.html
as an aside, the above URL also contains pointer to the results of the NACHA AADS trials http://www.garlic.com/~lynn/index.html#aadsnacha Internet Payments Fraud: A Primer for Merchants and Financial Institutions http://internetcouncil.nacha.org/docs/Fraud%20Paper%20Final%20%20Jan%20%2703.pdf table of contents for above: INTERNET PAYMENTS FRAUD: A PRIMER FOR MERCHANTS AND FINANCIAL INSTITUTIONS 1.0 INTRODUCTION 1.1 OVERVIEW OF INTERNET FRAUD 1.2 SCOPE 1.3 ORGANIZATION AND USE OF THIS DOCUMENT 2.0 ACH-SPECIFIC FRAUD.. 2.1 INTRODUCTION 2.2 ACH FRAUD CATEGORIES 2.2.1 Unauthorized 2.2.2 Returns/60-day Right of Recredit 2.2.3 Real-time Online Account Number Verification 2.2.4 Account Numbers 2.2.5 Non-Sufficient Funds 2.3 CASE STUDIES/EXAMPLES 2.3.1 Case 1 - Fraudulent Use of Stolen Bank Account 2.3.2 Case 2 - Buyer Beware" Fraud 2.3.3 Case 3 - Fraudulent Use of a Corporate Account 3.0 TRANSACTION-LEVEL FRAUD 3.1 INTRODUCTION 3.2 TRANSACTION-LEVEL FRAUD CATEGORIES 3.2.1 Transport Vuln 3.2.2 Price Changing 3.2.3 Login ID, Username and Password Crackers 3.2.1 Case 1 - Insecure File Transmission 3.3.2 Case 2 - Price Changing 4.0 IDENTITY THEFT 4.1 DESCRIPTION 4.2 IDENTITY THEFT CATEGORIES 4.2.1 Types 4.2.2 Methods 4.3 CASE STUDIES/EXAMPLES 4.3.1 Case One - GAO Identity Theft Case 4.3.2 Case Two - Corporate Executives as ID Theft Victims 4.3.3 Case Three - Internet ID Theft 4.3.4 Case Four - Establishment of New Accounts 4.3.5 Case Five - Systematic Theft of Social Security Numbers 5.0 MERCHANT-LEVEL FRAUD 5.1 INTRODUCTION 5.2 MERCHANT-LEVEL FRAUD CATEGORIES 5.2.1 Employee-Initiated Fraud 5.2.2 Fraudulent Auction Sellers 5.2.3 Spoofing 5.2.4 Merchant Non-Delivery/Bankruptcy-Related Fraud 5.2.5 Hacking into a Legitimate Merchant Site 5.3 CASE STUDIES/EXAMPLES 5.3.1 Case 1 - Triangulation 5.3.2 Case 2 - Corporate Payroll Check Number 5.3.3 Case 3 - PayPal Website Spoof 5.3.4 Case 4 - Last Minute Address Changes 6.0 STAKEHOLDER IMPACT 6.1 CONSUMERS 6.2 MERCHANTS 6.3 FINANCIAL INSTITUTIONS 6.3.1 Merchant Financial Institutions 6.3.2 Consumer Financial Institutions 6.4 PAYMENT SYSTEMS 7.0 TIPS FOR MANAGING FRAUD RISK 7.1 FINANCIAL INSTITUTIONS 7.1.1 Verification and Authentication Procedures 7.1.2. Secure Data Management 7.1.3 Real-time Fraud Detection Capabilities 7.1.4 Internal Audit and Control Procedures 7.1.5 Remediation Activities 7.2 MERCHANTS 7.2.1 Verification and Authentication Procedures 7.2.2 Internal Data Security 7.2.3 Order Screening... 7.2.4 Fraud Detection Capabilities 7.2.5 Internal Audit/Control Policies 7.2.6 Non-Sufficient Funds (NSFs) 7.3 CONSUMERS 7.3.1 Information Protection 7.3.2 Fraud Detection.. 7.3.3 Fraud Remediation 8.0 CONCLUSION 9.0 FRAUD MANAGEMENT REFERENCES 9.1 U.S. GOVERNMENT RESOURCES 9.2 INDUSTRY RESOURCES... 9.3 PRIVATE RESOURCES 9.4 OTHER RESOURCES 10.0 APPENDICES 10.1 GLOSSARY 10.2 APPENDIX - GENERAL SECURITY CHALLENGES 10.2.1 Generalized Hacking 10.2.2 DOS- Denial of Service 10.2.3 Trojan Horse Attacks (And Worms and Viruses) 10.2.4 Transport Vulnuerabilities 10.2.5 Many to One Logins 10.2.6 Buffer Overflows 10.2.7 Cross-site Scripting 10.2.8 Outsourcing 10.2.9 Script-Based Attacks 10.2.10 Incorrect Coding 10.2.11 Authentication-only 10.2.12 HTTP Secure Form Post 10.2.13 Credit Balance Refund -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm