Several HSA service providers (including some ECFC members) have become victims of fraud relating to the establishment of new HSA account programs and have worked with the Federal Bureau of Investigation on apprehending those involved in committing the fraud. This summer, the FBI issued an unclassified Intelligence Bulletin that details the current fraudulent schemes against HSA programs that it has encountered and what the perpetrators of fraud against HSAs may do in the future. The FBI has asked ECFC to alert members of the HSA community to the possibility that fraud could be committed against HSA accounts to which they provide services. Accordingly, we thought that it would be appropriate to send members a copy of the FBI Intelligence Bulletin.
One type of fraud being committed is for a phantom company to be established, and that company establishes an HSA program with HSA contributions made at the beginning of the program. After the funding for the by the phantom company clears but before the ACH reversal period and after the accounts have been established for the fictitious employees, cash allocated to those accounts is withdrawn from the HSA accounts, and the phantom company disappears after reversing the transaction. The Intelligence Bulletin states that the administrators of HSA programs are being cognizant of the risks involved in establishing these new HSA programs and are taking appropriate precautions. The FBI is worried that the next level of fraudulent activity taken against HSA programs will be cyber intrusion against these accounts.
Administrators of HSA programs should review the information contained in the FBI Intelligence Bulletin and be aware of the potential for fraud to be committed against these programs.