3 Factors that Put Your Business at Risk for ACH Fraud

ACH fraud continues to rise, and it starts with just two things:

• Your business checking account number
• A routing number

“Those two simple pieces of information are all fraudsters need to attempt a fraudulent ACH transaction,” explains Nick Benz, Treasury Management Sales Officer Lead.

According to the Association for Financial Professional’s (AFP) latest Payments Fraud and Control Survey Report, 53% of all attempted or actual payment fraud in 2020 was ACH credit or debit related. The survey shares that compared to prior years, “fraud perpetrators are targeting ACH payment methods more frequently than check and wire transfers. As ACH transactions are typically considered safer and more difficult to compromise, the increased focus on ACH transactions suggests that fraudsters are acquiring more sophisticated techniques when targeting organizations.”

So how can you take the target off your back and help your business stay safe? Consider these three risk factors when working to combat ACH fraud.

1. Using one fraud management tool instead of layering multiple tools for added security.
You have to start somewhere and maybe a few years ago you signed up to use one fraud management tool for your business account. While something is better than nothing, it’s time to up your game. "Fraudsters are always getting smarter, and we need to stay one step ahead of them by combining multiple fraud tools to fully protect a business account,” says Nick.

His recommendation? At minimum, your business should use a combination of these well-known Treasury Management tools:

• ACH Filters – allows you to provide a pre-approved list of vendors to pay for each individual business account.
• ACH Blocks – allows you to block specific vendors/individuals from payment across all your accounts.
• Positive Pay – only checks matching a pre-approved list from you are paid.
• Reverse Positive Pay – allows you to review a daily check report to approve before transactions are finalized.

With check fraud still ranking as the most common fraud in the nation, followed by ACH debits and credits, using a layered approach to security is the best way to see results. Nick shares, “Through the fraud protection services Merchants offers its clients, we have rejected many unauthorized transactions in the past 90 days, the magnitude of which continues to grow. We don't see it going away anytime soon.”

2. Not having a process for reviewing your ACH blocks/filters regularly.
Using your fraud management tools properly is yet another piece to the puzzle. If you have set up ACH blocks or filters, how often are you reviewing those lists to ensure accuracy. Nick says review of your parameters should be done a regular basis that makes sense to your business – be it quarterly, bi-annually or annually.

In reference to fraud controls such as ACH blocks and filters, the AFP survey report notes: “If organizations made it a regular practice to validate their fraud controls, they would be able to identify any faults in the process and rectify them sooner. Additionally, by validating fraud controls, they are committing to controlling fraud. Validating fraud controls also reinforces with vendors and employees that the company is serious about minimizing fraud.”

3. Lack of security protocols and training for your staff.
So, you’ve put the tools in place, but does your staff understand their role in mitigating fraud? “We truly believe that staff education and proper access management are two of the biggest factors in preventing fraudulent ACH transactions - or really any type of fraud. A lot of this comes down to staff feeling confident in recognizing and addressing fraud,” notes Nick.

To make security practices a part of everyday work life, you should:

• Create procedures for account access and review. It’s important to document who has access to specific accounts and tools or who is responsible for different processes. Keep in mind that the more people you provide access to, the greater the risk for fraudulent activity since the fraudster has more possible people to impersonate.
• Use dual control as often as possible. What’s dual control? Having more than one employee involved in key financial review processes. Dual control provides a check back so two eyes are reviewing important financial information and payouts to catch anything out of the ordinary.
• Make a plan for continued education. Fraud and the people behind it are not going away anytime soon. One of the best things you can do is provide training and education opportunities for your staff at every level. While office managers, your finance or accounting team or owners may need more in-depth review, all staff may be presented with an imposter email, for example, and need to know how to identify and address it in the moment. A Treasury Management partner can provide you with resources for internal training.

If you’re interested in learning more about our fraud management tools or would like to see how your current fraud approach can be enhanced, our Treasury Management team can talk you through the options and build a custom protection plan based on your needs.