Automated Clearing House (ACH) payments are governed by Nacha. When a payment is made, it moves through the ACH network until it reaches the recipient. This type of payment is typically used for direct deposit, automated bill payments, peer-to-peer transfers, and payments to contractors.
While the ACH network is extremely secure, ACH fraud can easily occur before and after the payment is made. Phishing attempts can get bank account information from your employees. Alternatively, someone could pretend to be one of your actual vendors and collect an invoice payment. Unfortunately, there are many different ways that ACH scams can take place. By learning about ACH fraud prevention and detection, you can take the first step in protecting your company from criminals.
TL;DR
- ACH fraud occurs when criminals gain access to banking and routing numbers in order to make unauthorized transactions.
- Some of the most common techniques involve vendor impersonation, phishing emails, fraudulent chargebacks, account takeovers, and insider threats.
- Because of their weaker security measures, small- and medium-sized businesses are frequent targets of ACH fraud.
- Employee training, bank validation, frequent reconciliation, and separating duties can help you prevent fraudulent transactions.
- For an added layer of prevention and detection, companies should use a secure payment gateway, real-time threat monitoring, and AI-driven fraud detection tools.
What Is ACH Fraud?
So, what is ACH fraud? And what are the best methods for ACH fraud detection?
While checks are the most common type of payment fraud, 30% of businesses report having ACH debit or credit fraud each year. ACH fraud occurs when an unauthorized payment is made out of someone’s bank account. For example, someone may use malware, phishing, or similar techniques to get an employee’s login information in order to transfer funds.
Although fraudulent ACH payments can occur due to many different sources, it is frequently caused by an outsider. In one survey of financial professionals, 65% of payment fraud occurred because of people outside of the organization. All criminals require in order to commit fraud is the bank account number, the bank’s routing number, and account access. Once the money disappears from your account, it can be difficult to get it back.
How ACH Fraud Works
Automated Clearing House fraud occurs when a scammer gets your bank account and routing information to create unauthorized payments or withdrawals. In some cases, the scammer convinces an employee to unknowingly help them commit fraud. For example, they may pretend to be the CEO in an email and ask for money to be transferred.
Normally, fraudulent ACH transactions go through a few key steps.
- Access Information: The first step is often the hardest. In order to create a fake ACH payment, the scammer must first convince an employee to give them access to the information. While this could occur through keylogging or high-tech tools, scammers often rely on human error instead. They may use a phishing email to get an employee’s login details. Alternatively, they may steal a physical check that has your account number and routing information on it.
- Make a Fake Transaction: Next, the criminals create a fake transaction. For example, they may convince your company’s administrator that a vendor payment didn’t go to the right account. They may also set up a recurring subscription payment so that they can surreptitiously pull out a small sum each month.
- Complete the Payment: If everything goes according to plan, the criminal’s fraudulent payment will go through the ACH network. The system uses security measures and reconciliation to verify the payment’s authenticity. Because the fraudster has your account number and routing information, the payment will likely go through.
After the criminal receives the funds, they (and the funds) often vanish into thin air. However, some criminals continue to perform the same scam if it was successful for them the first time. For instance, they may resend fraudulent vendor invoices each month if no one noticed that the first one was fake. Often, the fraud is only discovered when someone at your company reviews the bank statement and realizes weeks or months later that the fraud happened.
Common Types of ACH Fraud
Before you can learn how to prevent ACH fraud, it helps to understand the types of ACH fraud that can exist. The following ACH fraud examples are ways different scams can look in the real world.
| Fraud Type | What Is It? | Example | Prevention Techniques |
| Compromised Business Email | Scammers impersonate legitimate vendors to convince workers to send ACH payments to their account. | A scammer sends an email that is from a local caterer that says your company forgot to pay its invoice for its annual banquet. | Implement a high-quality spam blocker and multi-factor authentication (MFA). Train workers on how to spot scams. |
| Account Takeover Fraud | Someone gains unauthorized access to an account. | If an employee leaves their password out, a janitor or visitor can use that information to access the account. | Train employees to always log off their computers and to never write their passwords down. Use MFA to make account access harder for cybercriminals. |
| Fraudulent Chargebacks | The customer makes a legitimate purchase. However, they later filed a chargeback and said that the purchase was fraudulent. | A customer funded their gambling account, but they later had buyer’s remorse after losing all of their money. Afterward, they filed a claim with their card issuer that said the charges were fraudulent. | Work with a payment processor that has excellent chargeback and fraud prevention services. |
| Phishing and Social Engineering | Deceptive emails or phone calls are used to trick someone into giving personal information or money. | An employee receives an email that their username and password have expired. They follow the link to a fake banking site and enter their information. | Besides investing in a good spam filter, one of the best ways to prevent this issue is through employee training. |
| Vendor Impersonization | The thief poses as a fake vendor and provides an invoice to the company. | Someone pretends to be a plumber who recently completed work at your company. They submit a fake invoice and say that they weren’t paid, so an employee cuts them a check. | Create protocols for vendors to go through before getting invoices paid. Train employees to never immediately pay invoices. Implement a mandatory callback policy so that employees have to call the vendor’s company to verify the invoice’s authenticity. |
| Insider Threats | An employee or someone who has access to your company’s finances issues fraudulent ACH payments. | A payroll specialist creates a fake 1099 payment to one of their friends. | Control access so that everything happens on a need-to-know basis. Create checks and balances so that there are multiple people involved in each payment. Use behavior analytics and AI tools to spot unusual transactions. |
Who Is at the Highest Risk of Experiencing ACH Fraud?
Everyone is at risk for ACH fraud, which is why ACH fraud prevention is so important. Often, criminals target small- and medium-sized businesses because they know that these organizations have fewer protections against fraud. Similarly, scam artists go after educational institutions and hospitals because they know that there are numerous payments happening, so a single case of fraud can easily slip through the cracks unnoticed.
Often, criminals target accounts payable departments. These departments often process payroll and contractor payments, so an additional check can go unnoticed if there aren’t controls in place. In particular, scam artists often use Form 1099 fraud because it is easier to get paid as a contractor than as an employee.
Ultimately, the biggest source of ACH fraud is unprotected companies. If you have weak security measures in place, criminals will find ways to trick your workers out of money. Additionally, any business that has limited security protocols is also at risk of insider fraud.
Strategies To Detect and Prevent ACH Fraud
Fortunately, there are a few important steps you can take to prevent different types of ACH fraud. From MFA to employee training, the following steps can help you learn how to prevent ACH fraud at your business.
Create an Employee Training Program
To prevent ACH scams, teach your employees what different types of ACH fraud look like. Train them on not clicking email links as well as the signs of phishing attacks. For example, the majority of scams involve a sense of urgency because urgent messages get people to act quickly without thinking about what they’re doing.
It often helps for workers to see what a scam looks like in practice. Keep your workers on the alert by having your IT department periodically send out pretend phishing emails.
Perform Bank Account Validation
One way to prevent fraudulent transactions is through bank account validation. Periodically, check to make sure that the bank account numbers you pay are valid accounts.
Review Transactions
ACH scams can continue for years if they aren’t caught. It’s a good idea to have your accounting department review transactions on a daily basis to make sure all of them are legitimate.
Adopt More Secure Payment Methods
When it comes to fraud protection, it pays to work with a professional. By partnering with an experienced payment processor like PayCompass, you can get better fraud prevention tools. Real-time transaction monitoring, data encryption, and advanced fraud analytics can help you detect and prevent fraud from happening.
Set Up MFA
Anything you can do to make accessing your payment system harder will deter fraud. Multi-factor authentication involves multiple authentication methods, such as using a password before you verify your access with a phone code. Good MFA involves two different forms of authentication, such as passwords, email, security questions, or phones. In order to create fraudulent ACH payments, a criminal would have to access both authentication methods.
Give Separate Duties
If one employee is in charge of the entire ACH payment process, a scammer only has to target a single worker with a phishing attack in order to gain access. For better ACH fraud prevention, designate one worker to be in charge of initiating transactions, one to approve the payment, and one to reconcile the account. Besides protecting against outside scammers, this technique can also prevent insider theft.
Adopt Transaction Monitoring Software
To protect your company, start using transaction monitoring software. These tools can detect unusual IP addresses, such as those that are commonly used by known scam artists. Anything unusual about the timing of a transaction, the transaction volume, or inconsistencies in the payment request can trigger an automatic audit.
How PayCompass Can Help
When it comes to ACH fraud prevention, PayCompass can help detect and prevent criminals from accessing your ACH payments. From AI-backed transaction monitoring to multi-layer verification, we can spot fraudulent transactions before they leave your bank account. For a heightened level of security, we can personalize your account alerts and fraud rules. From our secure payment gateway to our customized solutions, we do everything we can to ensure the best level of ACH fraud prevention.
Final Thoughts
Once an ACH payment is made, it can be difficult to claw it back. If the hacker lives in a different country, it may actually be impossible to get the payment returned. Because of this, it’s important to learn from different ACH fraud examples and figure out effective ways to prevent ACH fraud from impacting your company.
From better encryption methods to proactive worker training, there are a few steps you can take to make it harder for criminals to process fraudulent transactions. Many of these techniques have the added benefit of preventing insider fraud as well.
At PayCompass, we offer a highly secure payment gateway, MFA techniques, and advanced behavior analytics for detecting fraud. Our goal is to protect your revenue without slowing down your business.
Learn more about our ACH payment protection options by reaching out to our payment processing experts today.
Ready to Transform the Way You Do Business?
Don’t settle for less when it comes to payment processing. With PayCompass, you get smarter, faster, and more reliable solutions tailored to your unique needs. Join thousands of businesses who trust us to keep their business moving forward.
Similar Posts
Payment Monitoring System: How to Track and Improve Your Payment Performance
At many companies, payment processing is an overlooked part of their day-to-day business operations. While you might carefully monitor the output of each factory line, it’s easy to forget about monitoring the rate of chargebacks from international card payments. As a business, you can’t afford to overlook your payment monitoring system. Hidden issues can lead […]
Billing Descriptor: What It Is, Types, and Examples for Merchants
Businesses spend a lot of time worrying about how to save money on overhead and variable expenses. However, many companies are missing out on a key way to manage costs. By improving your payment processes, you can save money on transactions and improve your company’s bottom line. A simple update to your billing descriptors may […]
Push vs. Pull Payments: What’s the Difference and When To Use Each
While the most basic difference between push vs. pull payments is who initiates the payment, there are other key differences as well. Each payment type carries unique benefits and drawbacks, so it’s important to understand which option makes sense for your transactional needs. Push payments tend to be more effective for one-time transactions and large […]
Local Payment Methods: What They Are and How To Offer the Right Options in Each Market
Deciding to sell internationally involves more than simply translating your website and creating a new Google Ads campaign. To succeed, you need to make sure potential customers can pay with confidence. Using local payment methods instills trust, so customers feel comfortable making a purchase on your checkout page. In each market, customers have unique payment […]
Incremental Authorization in Payments: What It Is and How It Works
Marketing departments carefully design sales funnels to turn prospects into clients. In a moment, a single payment problem can derail a customer’s buying experience. While failed payments and inconvenient refunds can deter customers, it is possible to prevent them. With incremental authorization, you can easily charge customers when you aren’t sure what the final transaction […]
Square Fees: What Square Charges Per Transaction and Per Month
How much does Square charge per transaction? Are there ways you can reduce your Square payment processing fees? Like other payment processors, Square charges different fees based on the payment channel. However, the amount you pay will also depend on which Square plan you sign up for. While the Square Free plan requires no monthly […]
Cash Discount Program Guide: What It Is, How It Works, and When to Use It
While 65% of consumer payments are made with a credit card or debit card, only 14% of payments are made in cash. For merchants, this represents a potential opportunity. If you can increase the number of cash transactions, you can lower your overall processing fees and reduce your operating expenses. Companies can encourage more cash […]
What Is a Soft Decline in Payment Processing (and What Merchants Can Do About It)
Soft declines make up the majority of declined transactions for merchants. Unlike hard declines, there are steps you can take to mitigate and resolve these issues. These transactions are declined for temporary reasons that can often be fixed by updating information, switching payment types, or retrying the transaction. To learn more about credit card soft […]
PayPal Business Fees Explained: What Merchants Really Pay
When creating a business strategy, entrepreneurs often focus on the cost of materials, overhead expenses, and labor hours. However, payment processing fees can quickly cut into your company’s bottom line. If you are currently paying PayPal business account fees, you’re likely spending more than you realize. With PayPal business fees, you’re paying a fixed-rate fee […]
B2B Payment Automation: How Businesses Can Streamline Vendor Payments
From tax filing to reconciling invoices, computers are faster and less error-prone than human workers. One way you can improve your company’s internal processes is through business-to-business (B2B) payment automation. These automated tools can deliver more accurate results with fewer labor hours than manual processes. In one study, just 17% of businesses reported that they […]