By: Editorial Staff, Date: November 8th, 2022
What is ACH Fraud?
ACH fraud is fraudulent access to an account to make unauthorized payments and purchases. Fraudsters can execute an ACH fraud by getting the business checking account number and bank routing number.
By obtaining that information from targets, criminals can initiate purchase of goods and services or pay off debts.
Common ACH Fraud Schemes
- Overseas money transfers -An ACH scam that happens when a fraudster sends you an email or letter asking you to help them move a large amount of money out of the country. Usually, they say that it’s due to a natural disaster, or conflict in their country to trick you into giving your bank account details.
- Check kiting -A devastating type of check fraud. Fraudsters juggle the fund back and forth between bank accounts at different banks. This can also be used as an illegal scheme of interest-free credit.
- Spear phishing -An authorized employee for ACH transactions usually gets targeted by this type of scam wherein he will receive an email redirecting to a website with malware that installs a keylogger software. The thief will then monitor the keystrokes and authentication information.
- Fake offers -Fraudsters use this scheme to advertise free offers or significantly discounted items to ask for your billing information. If you fall into the trap, a subscription fee will be charged automatically but you won’t receive the product you expected.
- Insider threat -Stems from people who have access to sensitive credentials and data. Insider threat scenarios can happen either due to the intentional act of a rogue employee in stealing data for personal gain or simply a mistake in sending an important email with sensitive information thus compromising the system or data of an organization.
- Data breach in customer credentials -The thieves use the customer’s credentials to generate unauthorized ACH transactions and withdraw the funds.
ACH Fraud Protection
ACH fraud attacks can force financial institutions to close their doors thus, setting up protective measures to guard an account against ACH fraud is paramount.
Here are the best practices to avoid falling victim to ACH fraudsters:
- ACH debit filter -this protection tool gives you option to block all incoming ACH debits/ credits. Only the ACH item, which is pre-authorized will get completed, thus allowing you to prevent unauthorized transactions and fraud.
- ACH debit block -This is an effective ACH fraud protection that eliminates automatic and unauthorized ACH transactions. It allows you to review a transaction before it gets processed by putting an ACH block on accounts.
- Use long passwords -It’s better to use 8-12 characters or longer with special symbols, upper and lower-case letters, and numbers. It’s also recommended to update your passwords at least every 3 months to prevent accounts from getting hacked.
- One-time authorization -Allows you to make a one-time payment or single transaction to a specific company. The bank will then verify and process only that particular transaction.
- Authorized-user list -By designating an authorized user list, you can filter fraud transactions. You can specify your transactions regularly with the list of other parties and amounts wherein request outside the list gets rejected or hold.
- Checks and balances -Set up a multi-person approval process for certain transactions so that, not only a single person has overall control.
- Educate employees and customers -Awareness and education on ACH fraud scams are important aspects to outsmart and fight ACH fraudsters. Encourage customers and employees to avoid sharing account information online unless the site is verified, set up two-factor authentication for online banking, recognize and avoid phishing tactics, and other practices to combat ACH fraud.
Upcoming Webcasts
Accounting Fraud & SEC Investigations: Recent Enforcement Initiatives and Compliance Issues
The Securities and Exchange Commission’s (SEC) recent investigation on the alleged accounting fraud committed by Synchronoss Technologies, Inc.