COVID-19 ALERT—ACH Payment Fraud Can Leave You Empty-handed and Your Bank Account EMPTY!
The outbreak of COVID-19 is challenging every human advancement and technology. From health to education and governance to the economy, it incurred damages across the sectors.
Financial institutions are experiencing no fewer trials and turbulences than any other entity. In fact, it has become a more graving threat than ever because people have now become more dependent on online and digital technologies to process their everyday financial operations including online purchasing, business dealings, payment transactions, financial communications, and others.
Pandemic surfaces the new challenges and threats to the online system of money and finance. And, the fraudulent elements have found opportunities in this mess and chaos. These evil geniuses are out to trick your money into their accounts. Even, the safest ways of online fund transfers are at risk.
ACH Payments are one of them.
Fraud involving the payment made through the ACHN is on the rise. ACHN is the Automated Clearing House Network. It is a financial institution that processes electronic funds through the batch processing system.
Batch processing made ACH one of the safer ways to transfer electronic funds from one bank to another bank.
The fraudulent elements have increasingly started attacking the ACH payment transactions to tap money out of the bank accounts of unsuspecting victims.
This article encompasses the key concerns like what ACH fraud is, how pervasive this fraud is, what are the risks of ACH payments, what different types of ACH payment frauds are, and how can they be prevented?
Let’s begin with reviewing the understanding that what ACH payment is and how it works?
What are ACH Payments?
ACH Payments are the electronic mode of funds transfer from one bank to another without using checks, credit card networks, wire transfers, or cash, in batches, and through the Automated Clearing House Network (ACHN).
ACH transfers are cost-efficient and user-friendly ways to transfer funds, electronically. Individuals, businesses, organizations, and governments, and other entities use ACH Payments for reliable and controlled-payment transfers.
Ach payments are of two types:
Direct Deposits
The ACH Direct Deposits are the electronic funds transfers that are made by a business to any institution—government, another business, or individual customers. They can be made using Paychecks, Government Benefits, Tax Refunds, Interest Payments, and others.
Direct Payments
Paying a bill online, sending money from one bank account to another, sending payments via PayPal, Stripe, Braintree, and other payment processing providers, and more are the prime examples of ACH Payments.
Also Read: What Are the Online Payment Methods for Automated Recurring Payment Processing and How Do They Work?
Understanding the ACH Payment Fraud
ACH payment fraud refers to the unauthorized transactions of ACH payments involving Automated Clearing House Network. The ACHN is used by the banks and other financial institutions to make direct deposits, checks, bills, payment transfers, and others between individuals, businesses, financial entities, and governments.
Unsuspecting accounts are the primary targets of the ACH fraudsters. They need only two pieces of information to leave you empty-handed and your bank account empty:
- A Checking Account Number
- A Bank Routing Number
This information can easily be obtained through the targeted digital con called phishing email.
Phishing is a type of electronic crime that refers to trick the victim into running malicious software which facilitates criminals to install keylogging software and acquire bank account passwords to steal money from the bank accounts.
The Phishing Scam
Phishing is a type of cybercrime that is used to target the victims via email, text, or any other digital medium and cons them to provide sensitive information, including bank account number, password, or answer to the security question, or any other to access the bank routing number for ACH payment fraud resulting in financial loss.
Access to information can also be gained by installing malicious software on a computer instead of getting it directly from the victim.
These sophisticated malicious software, also known as malware, can be sent via email attachments or infected URLs.
It is important for individuals to ensure protection against the phishing scam from their side.
Links and attachments in potential ACH fraud emails may contain malware that can be installed onto your computer and steal personal information. These emails later may take control of your system and can demand payments by threatening to lock the computer if you don’t pay.
Opening emails or clicking on fishy links within emails from senders you don’t recognize can land users into the hot waters and they may end up providing a username, password, date of birth, social security number, financial data, or other personal information in response to an email, text, or robocall.
One such phishing scam form is BEC—Business Email Compromise. BEC refers to the frauds that are made as compromises or mimic emails associated with employees, vendors, or clients. Hackers use that email to request a sham ACH payment or wire transfer. In most cases, an email address is used that closely resembles an employee, client, or vendor email address.
The Dangers of the ACH Fraud
During the difficult times of COVID-19, it is pertinent to take all the precautionary measures and use tools and procedures to ensure protection against financial frauds and scams.
2019, a whopping more than $1000 billion losses are reported due to ACH fraud. The FBI reports it is seeing several new victim complaints and cases opened every week.
The Association of Financial Professionals (AFP) 2020 Payments Fraud and Control Survey report suggested that 81 [percent of the respondents were the victims of online payment frauds and more than 55 percent were targeted through ACH transactions.
33 percent of them were ACH Debits, whereas 22 percent were ACH credits.
The same-day ACH payment has become a reason for concern. As same-day ACH payments are beneficial for all types of businesses and this is where the scammers found the paradise to trick and damage the victim’s accounts and steal money from their accounts.
Also Read: Online Payment Frauds—Types, Challenges, Detections, & Preventions
The Targets of the ACH Fraud
According to the Internet Crime Complaint Center (IC3), the bank account holders who have become the target of the ACH frauds due to phishing scams are often small- to medium-sized businesses across the United States, in addition to court systems, school districts, and other public institutions.
SMBs frequently become the target of these ACH payment fraudsters as they do not protect their digital information against cybercrimes.
Cybercriminals can easily deceive the internal employees and con them to reveal crucial information, account passwords, and others through phishing emails that contain infected files and links to infected websites or applications. It eases the hacker to access the banking credentials.
With the advancement of technology, bypassing security clearances and stealing time-sensitive information from businesses and individuals to access the passwords of bank accounts has now become relatively easier.
This is why protecting your corporate assets requires constant vigilance and looking for precautionary measures. When dealing with payments like an automated clearing house (ACH) payment or wire transfers, business accounts must be protected with minimum risk.
Also Read: The Online Payment Security Obstacles—Learn How SaaS Businesses Can Easily Overcome Them
How to Prevent ACH Fraud?
Until now, ACH has never been considered a high-risk payment method as it is a different and guarded payment method. The ACH batch processing is a great assistance to ensure protection However after the COVID outbreak, fraudsters are now focused on targeting ACH payments and transactions in addition to checks and wires.
And, their prime targets are small- to mid-sized businesses with bank accounts in local banks and currencies, and the participants of the subscription commerce—Consumer and merchant, both.
In the recurring billing business, the payment information is stored and encrypted by the billing system and is safe to process through batches. But, the real threat here is phishing or BEC emails.
Implementation of the following of the few preventive practices can help businesses as well as individuals to protect their sensitive information and mitigate the risks of compromised or mimic emails. Some of these are:
Consider implementing the following best practices to better protect your business:
- Invest time, effort, and resources to educate yourself about the potential risks of ACH frauds and learn to not only identify but also find the ways to mitigate them to protect your financial assets and sensitive information.
- Avoid initiating payments on email confirmation only. Cross-check the authenticity of the source in other ways as well. Two-step verifications are a solution to avoid any complications.
- If you are a SaaS, ensure preventive measures for ACH chargebacks as well.
- Do not click on every random message or link received or available on social media platforms or digital communications applications that may contain malware that can steal the information.
- With an intrusion detection system, set rules to flag emails that can potentially be threatening.
- B2B and B2C online businesses, subscription and SaaS businesses must know the payment behaviors of their customers and their clients. Payment behaviors difference may be a red signal to verify the payment requests.
Configure the billing system with AI-modules to process payments through multiple payment gateways facilitating multiple payment methods to provide maximum security to online transactions and payment communications.