Consumers around the world are familiar with the large-scale hacks that have occurred in the past few years. While news of these breaches was widespread, other unnoticed security invasions occur on a daily basis. One of the threatened organizations is the Automated Clearing House, which processes large batches of financial transactions and transfers for payroll, direct deposit and vendor payments. Companies in a variety of industries utilize this service for their employees, but may be unaware of the risks they face.
ACH fraudsters are becoming more intelligent, finding new ways to get their hands on people's sensitive information and money. There are certain popular devices these hackers use to gain access to business credentials and more. It's important for organizations to be aware of these ACH fraud trends to combat them in the future:
This practice came into existence as a product of the success of check kiting. Check kiting allows fraudsters to inflate a bank account by writing checks from multiple accounts and taking advantage of the grace period between when the check was deposited and when it actually clears. Those checks that would have originally bounced would then have enough time to clear the system, giving hackers the money they wanted.
ACH fraud is similar, except the totals are usually larger and may increase over the course of a few days, according to National Mortgage News. Those amounts look like a credit to the fraudster and his or her fake enterprise, enabling them to run off with the money before the debited company has noticed or questioned it. To avoid instances of ACH fraud, businesses should check their accounts on a frequent basis and report any suspicious activity as soon as possible.
When ACH first gained popularity, every part of the process was completed manually. Banks would even call their business clients to verify the requested amounts before releasing the funds. Since more companies pushed for increased efficiency, practices moved online. As a result, hackers have had to change the ways they gain access to banking customers' funds. Since it's become more difficult to breach banking firewalls and other protections, hackers have set their sights on the organizations themselves.
Today's thieves use methods like spear phishing to locate important ACH credentials. All it takes is a convincing email to knowing payroll employees – with a credible-looking hyperlink – for fraudsters to find the necessary information. With this data, hackers are able to impersonate organizations and drain their accounts by redirecting the money to their accounts. Michael Thomas, a partner at Crowe Horwath, has some advice to help companies avoid this kind of fraud.
"…Go back to the old way," he said. "Even though it is coming through the Internet, pick up the phone to verify, and this way you're covered."
Looking to the Future
NACHA – The National Automated Clearing House Association – recently announced its plan to introduce same-day ACH transfers this year. The progress will come in a series of stages. While this decision increases companies' efficiency with their financial transfers for payroll and direct deposit for employees, it also makes the risk of fraud that much higher. Hackers capitalize on the short transmission time of funds, allowing thieves to get away with stolen money and information before businesses even notice.
"Same-day ACH will make it more difficult for companies to retrieve their lost funds."
Same-day ACH will make it more difficult for companies to retrieve their lost funds, as fraudsters will have more time to move the money out of reach, according to Banking Exchange. Organizations of all sizes should regularly monitor their accounts, keeping an eye out for any suspicious ACH activity. Furthermore, it's important these businesses don't wait to report skepticism regarding certain transfers. It's always better to be safe than sorry to avoid larger problems in the future.
In 2014 alone, 73 percent of companies experienced one to five instances of ACH fraud, according to the Association for Financial Professionals. As the years go on and same-day transactions become more prevalent, businesses and their banks will need to work together to find a solution to fast, unquestioned charges. For now, frequent monitoring is organizations' best bet for catching criminals and ensuring company and employee money and information is safe from harm.