Jump to Content
ABA: The American Bankers Association
Skip Section Navigation

ABA Solutions: Internet Fraud Alert FAQs

Internet Fraud Alert (IFA), through a partnership between the National Cyber-Forensics & Training Alliance (NCFTA), the ABA, and Microsoft, is currently a free industry service that creates a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online – such as username and password, log-in information for online services, or compromised credit and debit card numbers – to the appropriate institution responsible for that account. The program has also been expanded to alert members to demand deposit account (DDA) information discovered online.

Through a centralized alerting system, powered by Microsoft technology, developed specifically for this program, IFA will quickly inform companies about compromised credentials and DDA account information, allowing companies to take the appropriate action to protect customers.

What is Internet Fraud Alert?

Internet Fraud Alert (IFA) is a system that functions as a centralized clearinghouse and alerting mechanism, allowing trusted participants to report compromised credentials that have been uncovered online. Once reported, IFA will issue an alert to the relevant financial institution, or other service provider, indicating its customer’s credentials have been compromised. Information regarding the compromised credentials will also be made available to law enforcement tasked with investigating cyber crime.

How does IFA work?

Users submit data through the IFA web application. Once reported, IFA will issue alerts to the appropriate financial institutions, or other service providers, indicating customer credentials may have been compromised. The organizations may then log in to IFA and download the reported data as either a comma delimited or tab delimited file.

What else happens to the data?

The NCFTA, a non-profit corporation that functions as a conduit between private industry and law enforcement, performs analyses on all submitted data, within the scope of its mission, to identify, mitigate and neutralize cyber crime. A submitting organization can choose to share its information with law enforcement.

What type of security does the IFA database have? 

  1. Two factor authentication in order to log in to the system
  2. Multiple layers of encryption on all levels 
  3. Security reviews were done at the network, application, and application code layers by trusted third party security companies 
  4. Vetting of user community

What is the cost of IFA?

There is no cost at this time. Microsoft has donated the tool to the NCFTA. Accuity, the leading provider of global payment routing data, has donated a solution to assist the NCFTA with the vetting of institutions. There will be future cost needs in terms of maintenance (bandwidth, internal data parsing, etc.) and any upgrades to the system.

Who can be a member?

To become an IFA partner, an organization must be affiliated with a trusted online service provider, retailer, financial institution, law enforcement, government, or Internet security research firm, and undergo a thorough vetting process.

What if the organization is not a member of IFA?

Research will be conducted to determine the authoritative organization, and all reasonable attempts will be made to make organizations aware of IFA and to solicit participation.

How does an organization become a member of IFA?

Prospective members may complete the online application form at: https://www.ifraudalert.org/becomepartner.aspx

For more information, visit https://www.ifraudalert.org/ or contact IFA Support.​