• First-party fraud losses are rising through online account opening
• Large initial deposits create unnecessary early-stage risk
• Long dispute windows allow bad actors time to withdraw funds
• Deposit limits reduce exposure before behavior is established
• MFA is less effective against first-party fraud
• Internal monitoring and layered controls are critical
• Risk-based privilege expansion improves loss prevention
• Early account activity requires stronger governance

Banks are facing growing losses from first-party fraud schemes that begin with online account opening, prompting renewed focus on practical controls that limit exposure before customer behavior is fully understood.

Speaking to Bank Info Security this week, Brent Phillips, senior vice president and director of ACH operations at Cadence Bank, said many institutions underestimate how much risk is embedded in the earliest stages of the digital onboarding process.

Unlike account takeover or origination fraud, first-party fraud involves legitimate customers exploiting bank policies for personal gain, making it harder to detect using traditional authentication tools alone.

“These are brand-new customers, and you really do not know their intentions,” Phillips said. “If you allow very large initial deposits, you are exposing yourself to unnecessary risk. Keeping that amount low significantly reduces potential losses.”

Phillips pointed to initial online deposit limits as one of the strongest and simplest controls banks can implement.

By capping the amount a customer can fund at account opening, institutions reduce the potential size of any loss while they observe transaction behavior and establish trust.

Once patterns are validated over time, limits can be expanded using a risk-based approach.

The issue is compounded by U.S. ACH rules and Regulation E, which generally give consumers a 60-day window from the statement date to dispute transactions.

In practice, Phillips noted, that window can stretch close to 90 days, creating an opportunity for bad actors to exploit provisional credit.

During that period, funds may be withdrawn or moved before investigations are completed, leaving banks with limited recovery options.

This extended dispute timeline means that losses from first-party fraud often surface well after accounts appear to be operating normally.

As a result, banks that rely solely on front-end identity verification may find themselves exposed even when onboarding checks are technically passed.

Verification tools such as multifactor authentication and behavioral biometrics still play an important role, Phillips said, but their effectiveness is more pronounced in stopping account takeover and origination fraud rather than deliberate misuse by the account holder.

When the customer initiating transactions is the same individual who opened the account, internal controls and monitoring become more important than authentication layers alone.

“Internal monitoring, strong processes and layered controls matter more in these cases,” Phillips said. “It is about what you allow the customer to do and when, not just who they are.”

Risk-based monitoring allows banks to gradually increase privileges as confidence grows, rather than granting full access immediately.

That includes limits on deposits, withdrawals and payment activity during the early life of an account, as well as closer review of unusual behavior patterns.

Phillips also emphasized the value of dual-approval controls and transaction oversight in payment origination, particularly for ACH activity.

While these measures are often associated with corporate accounts, elements of the same discipline can be applied to consumer and small business onboarding to reduce exposure during the most vulnerable period.

As digital account opening continues to expand, banks are under pressure to balance convenience with control.

Phillips warned that prioritizing speed and customer experience without sufficient guardrails can quietly increase fraud losses that only emerge months later.

“The goal is not to slow down onboarding unnecessarily,” he said. “It is to align trust with evidence. Until you have that evidence, you should not be giving new accounts the keys to the vault.”

Phillips oversees ACH operations, compliance, fraud and audit at Cadence Bank and has spent nearly two decades in payment leadership roles spanning treasury management, risk and fraud operations.

His experience reflects a broader industry shift toward treating early account activity as a managed risk phase rather than a fully trusted relationship from day one.