Automated Clearing House (ACH) payments are governed by Nacha. When a payment is made, it moves through the ACH network until it reaches the recipient. This type of payment is typically used for direct deposit, automated bill payments, peer-to-peer transfers, and payments to contractors.
While the ACH network is extremely secure, ACH fraud can easily occur before and after the payment is made. Phishing attempts can get bank account information from your employees. Alternatively, someone could pretend to be one of your actual vendors and collect an invoice payment. Unfortunately, there are many different ways that ACH scams can take place. By learning about ACH fraud prevention and detection, you can take the first step in protecting your company from criminals.
TL;DR
- ACH fraud occurs when criminals gain access to banking and routing numbers in order to make unauthorized transactions.
- Some of the most common techniques involve vendor impersonation, phishing emails, fraudulent chargebacks, account takeovers, and insider threats.
- Because of their weaker security measures, small- and medium-sized businesses are frequent targets of ACH fraud.
- Employee training, bank validation, frequent reconciliation, and separating duties can help you prevent fraudulent transactions.
- For an added layer of prevention and detection, companies should use a secure payment gateway, real-time threat monitoring, and AI-driven fraud detection tools.
What Is ACH Fraud?
So, what is ACH fraud? And what are the best methods for ACH fraud detection?
While checks are the most common type of payment fraud, 30% of businesses report having ACH debit or credit fraud each year. ACH fraud occurs when an unauthorized payment is made out of someone’s bank account. For example, someone may use malware, phishing, or similar techniques to get an employee’s login information in order to transfer funds.
Although fraudulent ACH payments can occur due to many different sources, it is frequently caused by an outsider. In one survey of financial professionals, 65% of payment fraud occurred because of people outside of the organization. All criminals require in order to commit fraud is the bank account number, the bank’s routing number, and account access. Once the money disappears from your account, it can be difficult to get it back.
How ACH Fraud Works
Automated Clearing House fraud occurs when a scammer gets your bank account and routing information to create unauthorized payments or withdrawals. In some cases, the scammer convinces an employee to unknowingly help them commit fraud. For example, they may pretend to be the CEO in an email and ask for money to be transferred.
Normally, fraudulent ACH transactions go through a few key steps.
- Access Information: The first step is often the hardest. In order to create a fake ACH payment, the scammer must first convince an employee to give them access to the information. While this could occur through keylogging or high-tech tools, scammers often rely on human error instead. They may use a phishing email to get an employee’s login details. Alternatively, they may steal a physical check that has your account number and routing information on it.
- Make a Fake Transaction: Next, the criminals create a fake transaction. For example, they may convince your company’s administrator that a vendor payment didn’t go to the right account. They may also set up a recurring subscription payment so that they can surreptitiously pull out a small sum each month.
- Complete the Payment: If everything goes according to plan, the criminal’s fraudulent payment will go through the ACH network. The system uses security measures and reconciliation to verify the payment’s authenticity. Because the fraudster has your account number and routing information, the payment will likely go through.
After the criminal receives the funds, they (and the funds) often vanish into thin air. However, some criminals continue to perform the same scam if it was successful for them the first time. For instance, they may resend fraudulent vendor invoices each month if no one noticed that the first one was fake. Often, the fraud is only discovered when someone at your company reviews the bank statement and realizes weeks or months later that the fraud happened.
Common Types of ACH Fraud
Before you can learn how to prevent ACH fraud, it helps to understand the types of ACH fraud that can exist. The following ACH fraud examples are ways different scams can look in the real world.
| Fraud Type | What Is It? | Example | Prevention Techniques |
| Compromised Business Email | Scammers impersonate legitimate vendors to convince workers to send ACH payments to their account. | A scammer sends an email that is from a local caterer that says your company forgot to pay its invoice for its annual banquet. | Implement a high-quality spam blocker and multi-factor authentication (MFA). Train workers on how to spot scams. |
| Account Takeover Fraud | Someone gains unauthorized access to an account. | If an employee leaves their password out, a janitor or visitor can use that information to access the account. | Train employees to always log off their computers and to never write their passwords down. Use MFA to make account access harder for cybercriminals. |
| Fraudulent Chargebacks | The customer makes a legitimate purchase. However, they later filed a chargeback and said that the purchase was fraudulent. | A customer funded their gambling account, but they later had buyer’s remorse after losing all of their money. Afterward, they filed a claim with their card issuer that said the charges were fraudulent. | Work with a payment processor that has excellent chargeback and fraud prevention services. |
| Phishing and Social Engineering | Deceptive emails or phone calls are used to trick someone into giving personal information or money. | An employee receives an email that their username and password have expired. They follow the link to a fake banking site and enter their information. | Besides investing in a good spam filter, one of the best ways to prevent this issue is through employee training. |
| Vendor Impersonization | The thief poses as a fake vendor and provides an invoice to the company. | Someone pretends to be a plumber who recently completed work at your company. They submit a fake invoice and say that they weren’t paid, so an employee cuts them a check. | Create protocols for vendors to go through before getting invoices paid. Train employees to never immediately pay invoices. Implement a mandatory callback policy so that employees have to call the vendor’s company to verify the invoice’s authenticity. |
| Insider Threats | An employee or someone who has access to your company’s finances issues fraudulent ACH payments. | A payroll specialist creates a fake 1099 payment to one of their friends. | Control access so that everything happens on a need-to-know basis. Create checks and balances so that there are multiple people involved in each payment. Use behavior analytics and AI tools to spot unusual transactions. |
Who Is at the Highest Risk of Experiencing ACH Fraud?
Everyone is at risk for ACH fraud, which is why ACH fraud prevention is so important. Often, criminals target small- and medium-sized businesses because they know that these organizations have fewer protections against fraud. Similarly, scam artists go after educational institutions and hospitals because they know that there are numerous payments happening, so a single case of fraud can easily slip through the cracks unnoticed.
Often, criminals target accounts payable departments. These departments often process payroll and contractor payments, so an additional check can go unnoticed if there aren’t controls in place. In particular, scam artists often use Form 1099 fraud because it is easier to get paid as a contractor than as an employee.
Ultimately, the biggest source of ACH fraud is unprotected companies. If you have weak security measures in place, criminals will find ways to trick your workers out of money. Additionally, any business that has limited security protocols is also at risk of insider fraud.
Strategies To Detect and Prevent ACH Fraud
Fortunately, there are a few important steps you can take to prevent different types of ACH fraud. From MFA to employee training, the following steps can help you learn how to prevent ACH fraud at your business.
Create an Employee Training Program
To prevent ACH scams, teach your employees what different types of ACH fraud look like. Train them on not clicking email links as well as the signs of phishing attacks. For example, the majority of scams involve a sense of urgency because urgent messages get people to act quickly without thinking about what they’re doing.
It often helps for workers to see what a scam looks like in practice. Keep your workers on the alert by having your IT department periodically send out pretend phishing emails.
Perform Bank Account Validation
One way to prevent fraudulent transactions is through bank account validation. Periodically, check to make sure that the bank account numbers you pay are valid accounts.
Review Transactions
ACH scams can continue for years if they aren’t caught. It’s a good idea to have your accounting department review transactions on a daily basis to make sure all of them are legitimate.
Adopt More Secure Payment Methods
When it comes to fraud protection, it pays to work with a professional. By partnering with an experienced payment processor like PayCompass, you can get better fraud prevention tools. Real-time transaction monitoring, data encryption, and advanced fraud analytics can help you detect and prevent fraud from happening.
Set Up MFA
Anything you can do to make accessing your payment system harder will deter fraud. Multi-factor authentication involves multiple authentication methods, such as using a password before you verify your access with a phone code. Good MFA involves two different forms of authentication, such as passwords, email, security questions, or phones. In order to create fraudulent ACH payments, a criminal would have to access both authentication methods.
Give Separate Duties
If one employee is in charge of the entire ACH payment process, a scammer only has to target a single worker with a phishing attack in order to gain access. For better ACH fraud prevention, designate one worker to be in charge of initiating transactions, one to approve the payment, and one to reconcile the account. Besides protecting against outside scammers, this technique can also prevent insider theft.
Adopt Transaction Monitoring Software
To protect your company, start using transaction monitoring software. These tools can detect unusual IP addresses, such as those that are commonly used by known scam artists. Anything unusual about the timing of a transaction, the transaction volume, or inconsistencies in the payment request can trigger an automatic audit.
How PayCompass Can Help
When it comes to ACH fraud prevention, PayCompass can help detect and prevent criminals from accessing your ACH payments. From AI-backed transaction monitoring to multi-layer verification, we can spot fraudulent transactions before they leave your bank account. For a heightened level of security, we can personalize your account alerts and fraud rules. From our secure payment gateway to our customized solutions, we do everything we can to ensure the best level of ACH fraud prevention.
Final Thoughts
Once an ACH payment is made, it can be difficult to claw it back. If the hacker lives in a different country, it may actually be impossible to get the payment returned. Because of this, it’s important to learn from different ACH fraud examples and figure out effective ways to prevent ACH fraud from impacting your company.
From better encryption methods to proactive worker training, there are a few steps you can take to make it harder for criminals to process fraudulent transactions. Many of these techniques have the added benefit of preventing insider fraud as well.
At PayCompass, we offer a highly secure payment gateway, MFA techniques, and advanced behavior analytics for detecting fraud. Our goal is to protect your revenue without slowing down your business.
Learn more about our ACH payment protection options by reaching out to our payment processing experts today.
Ready to Transform the Way You Do Business?
Don’t settle for less when it comes to payment processing. With PayCompass, you get smarter, faster, and more reliable solutions tailored to your unique needs. Join thousands of businesses who trust us to keep their business moving forward.
Similar Posts
MCC 7011: Hotels & Lodging (Description and Payment Processing Impact)
The United States hotel market size is estimated at $263.21 billion. Most of these companies will be assigned merchant category code (MCC) 7011. Because hospitality transactions involve cancellations, advance bookings, incremental adjustments, and no-show charges, they require specific types of payment processing services. The MCC 7011 (hotels) classification has a direct impact on interchange rates, […]
MCC 5993: Cigar Stores & Tobacco Shops (Description and Processing Impact)
The United States is the fifth-largest producer of tobacco in the world. In a typical year, the country produces around 359 million pounds of tobacco. While some of that tobacco is sold abroad, a great deal of it ends up being sold to American consumers. If you are considered a cigar store or tobacco shop, […]
MCC 5812: Restaurants & Eating Places (Description and Payment Processing Impact)
Merchant category code (MCC) 5812 is given to restaurants and eating places by the merchant’s payment processor or acquirer. From fraud monitoring to credit card rewards, this code plays a major role in your company’s payment processing setup. It can affect your approval rates, processing fees, and dispute patterns. To learn more about how MCC […]
MCC 5511: Car & Truck Dealers (Description, Risk Profile, and Processing Tips)
Each year, more than $1.5 trillion is spent in the United States on vehicles and parts. Due to the high-value transactions, deposits, financing, and refund complexity involved, the MCC 5511 (automobile/cars) designation is considered moderate to elevated risk by payment processors. If your company falls under this code, understanding how to improve your account approval […]
MCC 4722: Travel Agencies & Tour Operators (Description, Examples, and Processing Impact)
If you run a travel-related business, you will be assigned a specific merchant category code known as MCC 4722. This code represents the specific risks and challenges associated with the travel industry. From how customers receive credit card rewards to the payment processing fees you pay, this code can affect all aspects of your payment […]
Cascading Payments Explained: How Cascading Retries Reduce Failed Payments
No matter what type of business you operate, payment failures are bound to happen. By being strategic about how you approach these failures, you can recuperate lost revenue. Failed transactions can lead to a higher churn rate, so companies need the right retry strategy to process these payments. With cascading payments, transactions can be distributed […]
Payment Processor Down: A Merchant Playbook for Keeping Sales Moving
With a standard payment processor, you can expect 99.9% uptime. This works out to 43 minutes of downtime or less each month. However, top-tier payment processors experience just five minutes of downtime each year. Even with the best processors, downtime can still happen. When a payment processor outage does occur, the costs can quickly add […]
Authorization Optimization: How To Improve Payment Authorization Rates
Whenever a payment fails, a decline reason code is created that explains the exact failure reason. These codes can vary between payment processors, although many processors use the same ISO 8583 codes used by Visa and Mastercard. As a merchant, understanding these codes is essential for authorization optimization. Once you understand why transactions are declined, […]
Accepting Multiple Payment Methods: A Practical Guide for Businesses
As a merchant, your cash flow can quickly take a hit if you are only accepting a handful of payment methods. Today’s shoppers use buy now, pay later (BNPL), digital wallets, cash, cryptocurrency, and cards to pay for their transactions. If you don’t have the capacity to accept multiple payment methods, it’s going to quickly […]
Payment Service Provider: What It Is and How To Choose the Right One
Accepting payments isn’t as straightforward as just handing over cash. With credit cards, debit cards, and mobile payments, an entire web of interactions takes place in the background each time a card is swiped. Besides the basic transaction processing, this network of activity also works to inspect for fraud, authenticate the payment information, verify that […]