ACH (Automated Clearing House) is an affordable and widely used payment method with low risk. However, less risk does not equate to no risk, as many companies are discovering that their responsibility rises as ACH payment usage rises. Determining the nature and mechanism of ACH fraud is the first step towards mitigating its risk.
The utilization of ACH is increasing. Still, there is a greater chance of ACH fraud risk due to increased utilization. Between 2021 and 2023, the proportion of businesses reporting ACH credit fraud rose by 6%, and over half of those with less than $1 billion in revenue could not recover money lost to payment fraud attempts.
What is ACH Fraud (Automated Clearing House Fraud)?
Any unlawful withdrawal from a bank account using the Automated Clearing House (ACH) network is considered ACH fraud. The ACH serves as a central clearinghouse and financial transaction network for all electronic fund transfer (EFT) transactions in the United States.
Sadly, it’s not too difficult to commit ACH fraud risk – all it takes is two stolen pieces of information to get started: a bank routing number and a checking account.
How do ACH Fraud Scams Occur?
The first step in reducing risk is to understand how ACH fraud happens. Several methods can lead to ACH payment fraud, just like other forms of fraud.
Fraudulent ACH Returns
The ability to request a refund for an ACH payment makes it one of the most prevalent forms of ACH fraud. Bank-initiated returns and customer-initiated returns are the two primary categories of ACH returns.
Bank refunds might happen for innocent reasons, including when consumers don’t realize their account isn’t funded enough. On the other hand, fraudsters might profit from NSF (non-sufficient fund) returns as well. To enhance the customer experience, the fraudster would, for instance, move funds to an investment account, which would then front the funds until the ACH process was completed.
Phishing Attack
Phishing attacks happen when a malicious party sends a false email or text message to individuals or groups, fooling them into disclosing private bank information that is then used to start unapproved ACH payments.
Ghost Funding
When users are granted instant access to money that hasn’t been fully settled through ACH, fraudsters might take advantage of this situation and commit ghost-funding fraud. For example, a person registers for an account on an investing app and starts an ACH transfer to the investment app from their bank. While the ACH payment is being processed (which may take several business days), the app credits the user’s investment account to enhance the user experience.
After that, the user buys cryptocurrency or moves the funds to another account. A few days later, the ACH payment is returned for insufficient funds. The investing app cannot get the money back because the user has already spent the money they were fronted.
Insider Threats
Fraudsters might occasionally be found within the organization. Sometimes, contractors and workers can access private data that is responsible for ACH fraud. For instance, they can approve bills they know are fraudulent and keep the money for themselves. Employees may occasionally process the same payment twice, change the amount before processing, or divert payments to accounts under their ownership.
Account Takeover Fraud
Although ACH payments are susceptible to account takeover fraud, they are less frequent. For instance, fraudsters may access an account via social engineering when they have authority; they can transfer money from the account to their own account and use it to commit fraud.
Who Bears the Loss for ACH Fraud?
The persons involved, the method of fraud, and the circumstances all influence who is responsible for the loss in an ACH scam. In numerous instances, your business can end up footing the bill for ACH fraud performed against you:
- Fraudulent ACH returns: The selling company bears the loss when a customer buys an item and then makes a fraudulent return while keeping the item.
- Phishing attacks: Depending on the actions taken as a result of the attack (for example, if a person authorized a payment to a fraudster), the firm or individual that was the target of the assault may be held accountable for losses.
- Ghost Funding: The app or business that fronted the money to the account usually suffers the loss when a user funds an account and then vanishes with the money.
- Insider threats: Fraud committed by an employee may have different legal ramifications. The organization that was deceived is immediately liable, but there are legal avenues for recovering the money from the perpetrator.
- Account takeover fraud: Although recovery might be possible in certain circumstances, the person whose account was entered is usually responsible for the damages. In certain situations, the financial institution could bear the loss on behalf of the user.
How common is ACH fraud?
Nowadays, ACH is the primary payment method for 93% of American workers. Furthermore, more people use digital payment apps that transfer money between accounts using ACH. As the number of people who receive ACH payments increases, so does the number of criminals scamming people using this network.
Can I Raise a Dispute Against ACH Fraud Transactions?
Customers can contest a fraudulent ACH transaction within 60 days of the settlement date or 60 days after obtaining a statement from the banking institution detailing the transaction. Put another way, to receive payment from the bank, the customer must disclose the fraud within a fair amount of time.
How to Prevent ACH Fraud?
ACH Fraud Prevention will be the first strategy in business, and here, you can find the main points to follow to prevent ACH Fraud:
- Robust Internal Controls: Internal controls help lower the risk of fraud by guaranteeing that financial information is only accessible to authorized persons. Organizations should also have policies for authorizing transactions and monitoring accounts to spot any strange activity.
- Implement Segregation of Duties: Your accounts payable procedure should be based on the same checks and balances philosophy as our country’s government. Under the principle of segregation of duties, one person is in charge of processing business payments while another is in charge of authorizing them prior to money being released.
- Close Monitoring: Organizations should regularly monitor ACH payments to spot any unusual activity or transactions. Examining payments for irregularities or unusual activities is one way to do this.
- Modern Cybersecurity Strategy: Organizations can increase payment security and guard against unwanted account access using the most recent security protocols and technological advancements, such as encryption and two-factor authentication.
- Vendor Authentication: Businesses must ensure that all vendor data is current and accurate. Confirming the bank account numbers linked to each payment request ensures that payments are always issued to the right person.
- Staff Education: Establishments must train their staff regarding the possible hazards of electronic money transfers. They ought to exchange advice on how to spot questionable transactions or activities.
- Validation of Bank Accounts: Organizations should regularly validate bank accounts to ensure that the bank accounts linked to payments are legitimate. This prevents fraudulent transactions from being processed.
Secure your ACH Payments with Cheqly!
Fraud still remains the top concern of any organization, and ACH payment fraud is no exception. Proper internal controls, proper monitoring of payments, and employee education may, in combination, represent strategies of prevention and detection to protect the organization from these types of fraudulent schemes.
With Cheqly, your business can be sure that ACH payments are both safe and completely free within the US. There are no hidden charges or complicated terms. Plus, our user-friendly platform allows you to manage your domestic payments with ease. Open your Cheqly business bank account today and enjoy peace of mind with your ACH transactions!