ACH Fraud Protection¹
Fraud is a major threat for any business. Altering or creating fictitious financial documents can make it easy for a criminal to drain funds from your company. Fraud committed against company bank accounts usually occurs by writing unauthorized checks, through wire fraud, or through ACH fraud.
ACH stands for Automated Clearing House, a nationwide electronic funds-transfer system which provides for fund-transfers between banks and other financial institutions. The Federal Reserve and Electronic Payments Network serve as overseers for the ACH network. The ACH network has made transferring funds between financial institutions and their customers easy and rapid; sadly, the system has also made it possible for companies to fall victim to ACH fraud.
ACH fraud occurs when an account is accessed for unauthorized ACH payments or withdrawals. While a variety of tools are available, a criminal can commit ACH fraud by having access to just two pieces of information: your business checking account number and your bank routing number.
With that information in hand, a criminal can use those numbers to make a payment for goods or services, either by phone or online. The most common ACH fraud attempts are misrepresentation of a business and unauthorized use of business bank accounts. By the time you realize what has happened. The criminals have often disappeared leaving you to clean up the financial mess.
Fortunately, guarding against ACH fraud is easy:
- ACH blocks. The simplest and arguably best way to prevent ACH fraud is to place a block on all your accounts. The block will not automatically reject transactions; in each case you will be required to review and approve the transaction before it can be completed. In short, an ACH block eliminates the possibility of automatic or non-reviewed transactions.
- One-time authorization. A one-time authorization is just that: you authorize a single transaction by providing the company identification information and amount of that transaction. The bank verifies the transaction with the information you provide and processes that transaction but no others.
- Authorized-user list. If you have transactions that will occur on a regular basis with a finite list of other parties, you can create an authorized-user list. You can also specify dollar amounts or limits, date ranges, and recurring or one-time use. If a request is received from a company not on the list (or falling outside the other parameters you set) the transaction is rejected or placed on hold for you to review.
Setting up an effective ACH fraud prevention system with your bank provides a number of benefits:
- Losses are minimized since you can prevent unauthorized transactions before they take place.
- Errors are minimized since fraud-control tools identify transactions that do not meet your pre-established criteria and also identify misrouted transactions or incorrect dollar amounts.
- Cash flow is improved while security risks decrease.
- Preventing losses saves time and effort associated with recovering those funds.
In short, you can enjoy the benefits of ACH transactions while keeping your company safe from fraud.
But don't stop there. You can also set up internal controls to prevent fraudulent behavior by your employees. For example, one effective way to control the transfer of funds is to create a "dual control" system: one employee initiates a payment or debit transaction, and another approves the release or acceptance of that transaction. That way, no one person is in control of the overall process. (Putting a system of checks and balances in place makes sense for any financial function.)
Additionally, you should make sure that the computers used to store or access financial information including ACH transactions are free from viruses and malware. Use strong passwords, change passwords often, and limit the use of your ACH system to those individuals who need to use the system. One of the best ways to prevent employee fraud is to limit the number of individuals who are in a position to commit fraud.