Preventing ACH Payment Fraud

Preventing ACH Payment Fraud

Innovation within the payment industry frequently leads to the opening of new opportunities for fraudsters. In order to avoid the costs associated with fraud attacks, all parties involved in the payment process need to improve their fraud prevention strategies.

Fraudsters display unparalleled resourcefulness when it comes to discovering and exploiting loopholes.  The best moment to do so is when the payment environment undergoes some major change.

How ACH Fraud Is Possible

ACH merchant account fraud can be perpetrated both over the phone or on the internet.

For example, in a common fraud scheme, the fraudster will convince the account holder to disclose their confidential financial information over the phone.  The information is then used to defraud the account holder.  

The most sophisticated type of ACH fraud involves the infection of computers with a virus that will start looking for specific keystrokes performed by victims while they log into their bank accounts. Fraudsters will use this information to create their own login credentials and transfer funds from the hacked accounts to their own untraceable overseas accounts.

It is not surprising that the volume increase of ACH payments has been going hand in hand with a proliferation of fraud attempts. Since fraudsters rely on the human factor to pull off their fraud attacks, raising awareness about fraud and popularizing means to protect oneself from them seems to be the right way to go.

The Information Security Media Group carries out a yearly survey of banking institutions that is meant to provide an overall industry perspective on fraud and how it evolves. The 2014 Faces of Fraud survey shows that the biggest stumbling block against fraud prevention is the lack of awareness among customers regarding fraud, and their unwillingness to accept additional security features or more sophisticated authentication methods.

Impact of Same-Day ACH on Fraud

Lack of customer awareness places additional burdens on financial institutions and companies to prevent fraud through other means, such as data analysis, automated software, or manual review. The introduction of Same-Day ACH, a new feature that will decrease the settlement time of ACH payments, will prove to be a game changer in terms of fraud prevention as well.

Guardian Analytics describes some possible scenarios that Same-Day ACH will make possible. Fraudsters will most likely try to take advantage of the spike in volume that will occur right before the deadline for transaction submission. For example, they might submit a high number of relative low-value transactions or they might take the time to harvest information about the account holder that would enable them to create payments which will seem legitimately enough to pass a fast review.

Prioritizing Fraud Prevention

A comprehensive fraud prevention strategy includes customer profiling, real-time transaction monitoring, data analysis, and secure authentication.  Guardian Analytics suggests that the successful strategy after the introduction of Same-Day ACH should rely on the automation of some existing fraud prevention tasks, which should enable financial institutions to assign more resources to complex behavioral analytics.

Regardless what strategy financial institutions will eventually implement, the introduction of Same-Day ACH will confirm the widely-accepted assumption that fraud is a constantly changing phenomenon.

Do you want to prevent fraudulent ACH payment transactions and safeguard your business?

Cybercriminals Target Bank Accounts

FBI Reports Thefts 

The FBI has released findings from its investigation on how cybercriminals are stealing money from the bank accounts of small-mid sized US companies.

The thieves then initiate a series of unauthorized bank transfers out of the company’s online account in less than $10,000 to avoid banks’ anti-money-laundering reporting requirements.

The funds are sent to “money mules”, who are willing participants or naive individuals recruited over the Internet through work-at-home job scams. The mules pull the cash out of their accounts, keep a small percentage of it, and wire the rest to organized criminal groups operating in countries like Moldova, Russia and Ukraine.

The deputy assistant director of the FBI’s Cyber Division said criminals involved in these online account takeovers have attempted to steal at least $85 million from mostly small and medium-sized businesses, and have successfully made off with about $40 million of that money.

Companies that bank online have few of the protections afforded to consumers. Individuals are usually are made whole by their bank. Businesses, however, often must absorb the losses.

How Can You Protect Yourself?

The FBI says businesses should protect themselves by conducting online banking from a dedicated, locked-down computer that is not used for everyday web browsing or e-mail.

Malicious software that thieves use to steal online banking user names and passwords is usually installed when the recipient of a spam e-mail opens a poisoned attachment or clicks a link that leads to a booby-trapped web site.


Despite the best efforts of a business to protect itself, online banking still presents risk.

Companies being victimized by this type of crime often have accounts at small and regional financial institutions which do not have adequate fraud detection technologies in place. These institutions rely on layers of customer protections, such as security tokens, which can easily be circumvented by cybercriminals.

Interested in finding out more?

Contact today

Banks Vulnerable to Fraud

According to consulting firm Treasury Strategies losses caused by fraud could result in the closing of as many as 10 financial institutions within the next three years. According the Barry Barretta, a principal at Treasury Strategies, “Fraud risk in the industry is at an unprecedented level.”

Small banks are the hardest hit by fraud because they do not have the money to spend on adequate fraud protection tools nor the capital to absorb the losses caused by fraud. But, even larger banks could be impacted, particularly if they reduce spending on anti-fraud weapons. And the poor economy has more fraudsters than ever hunting for holes in bank security.

Often, fraudulent transactions come from transactions from third parties, rather than direct bank customers. This makes it more difficult to track transactions and slows down the time that it takes to discover fraud.

Sophisticated gangs for fraudsters have insiders working as employees at the bank. It’s also easy to get existing employees to become informants since some mid-level employees feel no loyalty to institutions. The insiders pass on how financial transactions flow, bank practices, and system access codes. The fraudsters then have all the information needed to scam millions from the banks.


Payment Processing Challenges

Carla Balakgie, CEO of the Electronic Transactions Association says that the current economic condition and malicious fraudsters with criminal intent are among the biggest problems facing the payment processing industry.

According to Balakgie, the downturn in the economy is the biggest problem facing payment processors. Credit is tight. Consumer spending is down. And merchants are faced with a slow-down in retail sales. The situation is not likely to change anytime soon. Consumers are less able to take on additional debt and lenders are continuing to make credit difficult to obtain.

Merchants are keeping a close eye on payment processing costs. Sales organizations selling payment processing have to offer benefits other than low rates. Offering alternative payment processing options is one good way to add value to current merchants and to acquire new ones.

Another important consideration is protecting merchants from fraud. Online fraudsters have become increasingly sophisticated and target any weak links in the payment processing electronic transaction flow. It is crucial to have a ongoing payment processing strategy in place to block fraudulent transactions and handle any security breaches quickly and effectively.

Interested in a secure payment processing account for your business?

Contact today