Skip to content
Premier Bank Logo
In observance of Columbus Day, Premier Bank will be closed Monday, October 14th. Mobile Banking, Online Banking, and over 37,000 surcharge-free ATMs are always available 24/7.  
Premier Bank Logo
Log in to Online Banking
Log in to your Commercial Account
Log in to your Wealth Account
background image

ACH Origination Fraud

ACH Origination Fraud

What You Need to Know

The Automated Clearing House (ACH) Network is an electronic payments network used by individuals, businesses, financial institutions and government organizations. The Network functions as an efficient, electronic alternative to paper checks. It allows funds to be electronically debited or credited to a checking account, savings account, financial institution general ledger account or credited to a loan account.


Proper Procedures to Mitigate Risk

Origination fraud occurs when an originator or third party generates invalid transactions using the name of the true originator. Use of the Internet and web-based ACH origination systems has created this vulnerability.

We are here to help your business operate efficiently while managing the risk on digital services. Read on for our tips on preventing ACH Origination and our Fraud Prevention Checklist.

 

How does ACH fraud origination occur?

Perpetrators hack into the your company’s computer system using compromised User IDs and passwords and originate ACH credits to “mule” accounts created for the express purpose of committing fraud.

Those accounts are then emptied and abandoned. Your company’s account is debited for the invalid origination file. The credits are usually irretrievable by the time the fraud is discovered.

 

Prevent ACH Fraud

Proper controls and procedures can keep your business safe while enjoying the efficiencies of ACH.

  • Establish procedures to review transactions before the leave the company. Ensure that you have proper authorization of transactions and verify any changes in payment instructions. If a vendor requests payment detail changes via email, do not replay to the email request or use the contact phone number in the email to authenticate, call a known contact at the business requesting the payment change to confirm.
  • Operate Premier Bank’s Business Internet Banking ACH Origination software on equipment that is regularly updated and patched for security vulnerabilities (including the use of and updating of firewall, virus protection, anti- malware protection, anti-spam protection).
  • Consider having one computer in your office which is not used to browse the internet or read e-mail to be your sole source of access to the Business Internet Banking system.
  • Limiting access to the computer which is used to house and transmit ACH data may help avoid the accidental downloading of harmful programs/viruses that could potentially compromise your transactions.
  • Ensure that all User IDs, Passwords, Tokens, Authentication Methods and any other applicable security procedures issued to your employees are protected and kept confidential.
  • All staff should be aware of the need for proper user security, password controls and separation of duties.

As ACH Origination is a higher risk commercial banking function, we suggest that your company perform your own internal risk assessment and controls evaluation periodically to be sure you are considering all available security options.

How does Premier Bank help my business combat ACH origination fraud?

Premier Bank’s Business Internet Banking makes migrating the risk of fraud more simple for your business. We offer your business peace of mind with:

  • Multi-factor authentication by way of a secure access code that is sent out to a pre-determined telephone (voice or SMS text) when access is requested from an unknown computer.
  • Security (RSA) Token to access Business Internet Banking ACH origination service. This helps ensure that your transaction is secure and protects you from fraud and identity theft.
  • Separation of duties for ACH processing, in which one employee generates the ACH batch and the system requires a secondary employee to log in and approve the ACH batch. Dual-control procedures such as this go a long way in preventing ACH origination fraud.
  • Check your “Online Activity” and “Transaction History” screens daily within the Business Internet Banking program to be aware of all transactions, even when they have not yet posted to your account. The sooner ACH fraud can be detected; the more successful the bank will be in assisting to recover your company’s potentially lost funds.
  • Enabled Security Alerts to send notifications when a new user or recipient is added, when your login ID is changed or disabled, when your password or security alert preferences are changed and when your user profile is updated. In addition, there are several custom alerts for oversight and control available to you and all sub-users based on their entitlements. 

 

How can I protect information for my business, employees and vendors?

Handling ACH Protected Information

Any Protected Information that is collected should be stored in locked cabinets or drawers for paper documents and secure servers, desktops and laptops or USB drives or CDs for electronic documents.

Moving ACH Protected Information

To prevent origination risk when transmitting protected information use devices with updates to firewall protection and encryption software. Utilize secure emails and websites like online banking.

Destroying ACH Protected Information

Information that is not needed should be minimized or destroyed. Paper documents should be shredded while electronic information, password protected, encrypted or masked data should be erased or wiped.

Key Takeaways for Preventing ACH Fraud

Use Effective Passwords

  • Use strong passwords or passwords phrase that are unique to each user (i.e. specific length and character type), specify how passwords and never use default passwords. 
  • Require employees to change password frequently.
  • Use password-activated screensavers.

Block Potential Intruders

  • Restrict access to your computer for business purposes only.
  • Protect your IT system - anti- virus/spyware software and firewalls.
  • Limit or disable unnecessary workstation ports/services/devices.
  • Automatic log-outs after a certain amount of inactivity.
  • Change all vendor supplied passwords.
  • Encrypt all data when moved and when stored.
  • Install updates as soon as they are published.
  • Log off computer or device when not in use.

Restrict Access

  • Limit the number of locations where Protected Information is stored.
  • Keep paper records in locked cabinets.
  • Limit employee access to Protected Information, including server rooms.
  • Take precaution when mailing Protected Information.
  • Encrypt or mask electronic Protected Information.
  • Do not store Protected Information on portable devices.
  • Transmit Protected Information over the internet in a secure session.
  • Establish an Internet Acceptable Usage Policy.

ACH_origination_fraud
Educate Staff

  • Keep Protected Information safe and secure at all times.
  • Mask Protected Information in communications, such as phone calls, emails and snail mail.
  • Make staff aware of security policies in place.
  • Make staff aware of phishing scams, via emails or phone calls.
  • Notify staff immediately of potential security breach.
  • Establish a Clean Desk Policy.

 

 

Fraud Prevention Checklist

We want to minimize your down time and cost of recovery so you can stay focused on your business. Check out our Fraud Prevention Checklist.

 

Security for your Business

Talk with a Treasury Management Specialist for ways to help prevent credit card theft, check fraud and liability exposure.