Risk Management · January 07, 2021

Protect Your Business Accounts From ACH Fraud

If there's one thing every small business owner knows, it's to stay vigilant when it comes to monitoring your money and cash flow. Technology has undoubtedly made Automated Clearing House, or ACH, and wire transfers easier. However, it's also opened up the potential for theft and fraud.

While these transactions are generally considered the safest option, growing instances of ACH fraud are reported every year. In their 2020 Payments Fraud and Control Survey, the Association for Financial Professionals found that 81% of organizations reported being targets of payment fraud.

Here's what to know about ACH fraud and some tips for what your business can do to stay safe.

What is ACH fraud?

ACH payments are a common way for businesses to move money. You might use this method to pay vendor bills, cover direct deposit payroll to employees and transfer funds between banks.

Cybercriminals are always on the lookout for opportunities to get key business and personal identification data, such as bank passwords, account numbers and routing numbers. They use that information to get into your accounts and transfer your funds to themselves.

Today, lax cybersecurity infrastructure allows many hackers and fraudsters to get your information directly from your business. Sometimes, that's in the form of easy-to-hack passwords, allowing them access to your company server or Intranet, where this data is stored. Some fraudsters also pretend to be customers or vendors, obtain your bank information through email and send themselves payments.

An increasing threat comes from your employees accidentally providing this information through spam and phishing used in business email compromise, or BEC, schemes. In this case, an employee gets an email from a bank or vendor asking for account information. Because the email appears legitimate, the employee may send that information along, giving the fraudster everything they need to access your funds.

Impacts of ACH fraud

ACH fraud can take a significant toll on your business. The primary issue is that your funds could get tied up with the fraudster. Many small and medium businesses rely on having the necessary cash flow to manage the books each month. Any unexpected disruption to that could put you behind on payroll and bills.

Another factor is time. Dealing with financial fraud is a headache. In addition to getting your funds back, you'll have to spend time contacting your bank and vendors, performing an audit to find out what was stolen and preparing documents. All this takes precious hours away from your ordinary course of business.

A fraud attempt also leaves your accounts vulnerable to future attacks, so you'll need to spend time and effort to improve your system's defenses going forward. If you don't take steps to improve security following an incident, you could face a constant threat from hackers who can get into your system and steal vital information.

How to lower your risk

Small and medium-sized businesses are often targeted for wire and ACH fraud because there's often less security, so the information is easier to obtain.

The good news is you can take steps to help lower your risk of fraud.

  • Install and maintain appropriate malware and antivirus software on your system and connected computers.
  • Limit who has access to your accounts and who can initiate ACH and wire transfers.
  • Request any changes to vendor account information directly from the vendor in writing on an official document, not through email.
  • Train your employees to never respond to emails asking for sensitive information and to alert the IT department if they get one.
  • Set limits on the amounts debited from your ACH accounts.
  • Create a system of regular audits and reviews of your ACH accounts and transactions.
  • Work with financial institutions that offer fraud monitoring and send preventative alerts on potentially suspicious transactions.

Working with a trusted banking partner can also help protect your business from fraud. When you have a personal relationship with your bank, it means you're more than just a number. Your banker can work with you to find strategies to help reduce your risk and alert you to any potential issues.


Financial insights for your business

No results found

This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.