ACH Fraud: What Businesses Need to Know to Stay Protected
The ACH Network is a vital tool for moving money efficiently, but it is also a growing target for fraud. As cyber criminals become more sophisticated, businesses that originate ACH transactions must take an active role in understanding where risks for fraud exist.
Below is a practical breakdown of the most common ACH fraud schemes and what organizations can do to reduce exposure.
Business Email Fraud
Business email fraud occurs when criminals impersonate an employee that has the authority to transfer funds at that corporation. They will either hack into their actual email or create a new account with a very similar email address. Using that identity, the fraudster requests a funds transfer. Because the request appears legitimate, this fund transfer can often mistakenly be approved.
Vendor Impersonation Fraud
In vendor impersonation fraud, criminals pose as legitimate, trusted vendors. Like most of these fraud schemes, the fraudster will impersonate these vendors and request updates to payment instructions. They wait until the legitimate vendor submits an invoice. When they do, the criminals are the ones who receive the funds. Public sector organizations are often targeted because their contracts are publicly available.
Payroll Impersonation Fraud
Payroll impersonation fraud targets HR departments and payroll systems. Fraudsters impersonate employees or use stolen credentials to request changes to direct deposit information. Payroll funds are then sent to fraudulent accounts instead of the intended employee.
Account Takeover Fraud
Account takeover fraud occurs when criminals gain access to a bank account using stolen credentials. With full account access, the criminal can quickly initiate payments and drain funds.
Staying Ahead of ACH Fraud
ACH fraud prevention requires ongoing awareness, layered security controls, and informed employees. By understanding how fraud occurs, recognizing common schemes, and using industry tools, organizations can better protect themselves and respond more effectively when incidents arise. Nacha has a list of tools and tips to add additional layers of security.
For additional guidance on ACH fraud and risk management, Nacha provides further educational resources on its website.