TruCommunity Blog

As businesses increasingly rely on Automated Clearing House (ACH) transactions for efficiency and convenience, the threat of ACH fraud becomes a growing concern. While ACH transactions streamline processes like payroll, vendor payments, and customer billing, they can also be targets for fraudsters. At TruBank, we prioritize your security and want to help you stay vigilant against potential threats.

“TruBank has strong internal controls to ensure the validity of ACH requests from our customers. However, businesses need to take ensure their internal controls are also up to date,” states Clint Welling, TruBank President.

Common Methods Used in ACH Fraud

ACH fraud occurs when an unauthorized party gains access to a business’s bank account and initiates fraudulent transactions or poses as legitimate known vendor but changes payment information. Fraudsters employ a variety of tactics to perpetrate ACH fraud, including:

• Phishing Emails — Fraudsters send emails that appear to be from legitimate sources (like a trusted vendor or financial institution) to trick employees into revealing sensitive account information.
• Malware and Keyloggers — Malicious software can be unknowingly installed on a company’s computer, capturing keystrokes to harvest banking or vendor system login credentials.
• Social Engineering — Fraudsters impersonate company executives or trusted vendors to manipulate employees into making unauthorized ACH transfers.

Red Flags to Watch For

Being aware of potential red flags can help businesses detect and prevent ACH fraud before it impacts your business. Here are some warning signs to keep an eye on:

• Changes in Vendor Payment Details — A sudden change in a vendor’s payment instructions, email, address, or bank account information should be treat with caution. Always verify changes through a trusted contact.
• Unrecognized Accounts — Regularly review your ACH transaction history for any new or unfamiliar accounts. Fraudsters may add a new account to test small deposits or withdrawals before initiating larger fraud attempts. 
• Unusual Timing or Patterns — Understand when your vendors normally request payment or invoice you. Urgent requests for payment or submission after business hours or on weekends may indicate suspicious activity.
• Suspicious Vendor Invoices — Watch out for invoices from vendors you don’t recognize or duplicate invoices with slight modifications. This could be an attempt to redirect payments.
• Reported Employees or Vendors being Phished — If an employee or vendor has reported being phished, exercise due diligence if that vendor sends information or payment request. Fraudsters using hacked employee accounts may send notification about payroll discrepancies.

How to Protect Your Business from ACH Fraud

Not only do you need to be aware of these red flags but you may need to ensure your internal control structure is properly designed and operating as a final step to protect your business:

• Update Security Measures — Ensure that your company’s security software is up to date and that you have firewalls and anti-virus protection in place on all company computers.
• Train Your Team — Conduct regular training sessions to educate employees about the tactics fraudsters use and the importance of safeguarding sensitive information. Limit who has access to accounts/who can initiate payments.
• Verify Changes Independently — Always verify changes in payment instructions through a known, trusted contact method. Do not rely on contact information provided in an email requesting the change. Require verbal verification through a known number for changes in account details or remittance info. Verify internal payment requests by calling the employee.
• Regularly Monitor Accounts — Set up alerts for all ACH transactions and review your accounts daily to catch unauthorized transactions early. Conduct periodic audits and reviews.

ACH fraud may be a significant risk for businesses, but with vigilance and proactive measures, you can protect your company from potential losses. If you suspect ACH fraud or notice any unusual activity, contact TruBank immediately. TruBank is committed to supporting our business customers with the tools and knowledge needed to defend against fraud. If you have questions about ACH fraud or the ACH process, don’t hesitate to contact us.