ACH Origination Fraud
What You Need to Know
The Automated Clearing House (ACH) Network is an electronic payments network used by individuals, businesses, financial institutions and government organizations. The Network functions as an efficient, electronic alternative to paper checks. It allows funds to be electronically debited or credited to a checking account, savings account, financial institution general ledger account or credited to a loan account.
Proper Procedures to Mitigate Risk
Origination fraud occurs when an originator or third party generates invalid transactions using the name of the true originator. Use of the Internet and web-based ACH origination systems has created this vulnerability.
We are here to help your business operate efficiently while managing the risk on digital services. Read on for our tips on preventing ACH Origination and our Fraud Prevention Checklist.
How does ACH fraud origination occur?
Perpetrators hack into the your company’s computer system using compromised User IDs and passwords and originate ACH credits to “mule” accounts created for the express purpose of committing fraud.
Those accounts are then emptied and abandoned. Your company’s account is debited for the invalid origination file. The credits are usually irretrievable by the time the fraud is discovered.
Prevent ACH Fraud
Proper controls and procedures can keep your business safe while enjoying the efficiencies of ACH.
- Establish procedures to review transactions before the leave the company. Ensure that you have proper authorization of transactions and verify any changes in payment instructions. If a vendor requests payment detail changes via email, do not replay to the email request or use the contact phone number in the email to authenticate, call a known contact at the business requesting the payment change to confirm.
- Operate Premier Bank’s Business Internet Banking ACH Origination software on equipment that is regularly updated and patched for security vulnerabilities (including the use of and updating of firewall, virus protection, anti- malware protection, anti-spam protection).
- Consider having one computer in your office which is not used to browse the internet or read e-mail to be your sole source of access to the Business Internet Banking system.
- Limiting access to the computer which is used to house and transmit ACH data may help avoid the accidental downloading of harmful programs/viruses that could potentially compromise your transactions.
- Ensure that all User IDs, Passwords, Tokens, Authentication Methods and any other applicable security procedures issued to your employees are protected and kept confidential.
- All staff should be aware of the need for proper user security, password controls and separation of duties.
As ACH Origination is a higher risk commercial banking function, we suggest that your company perform your own internal risk assessment and controls evaluation periodically to be sure you are considering all available security options.
How does Premier Bank help my business combat ACH origination fraud?
Premier Bank’s Business Internet Banking makes migrating the risk of fraud more simple for your business. We offer your business peace of mind with:
- Multi-factor authentication by way of a secure access code that is sent out to a pre-determined telephone (voice or SMS text) when access is requested from an unknown computer.
- Security (RSA) Token to access Business Internet Banking ACH origination service. This helps ensure that your transaction is secure and protects you from fraud and identity theft.
- Separation of duties for ACH processing, in which one employee generates the ACH batch and the system requires a secondary employee to log in and approve the ACH batch. Dual-control procedures such as this go a long way in preventing ACH origination fraud.
- Check your “Online Activity” and “Transaction History” screens daily within the Business Internet Banking program to be aware of all transactions, even when they have not yet posted to your account. The sooner ACH fraud can be detected; the more successful the bank will be in assisting to recover your company’s potentially lost funds.
- Enabled Security Alerts to send notifications when a new user or recipient is added, when your login ID is changed or disabled, when your password or security alert preferences are changed and when your user profile is updated. In addition, there are several custom alerts for oversight and control available to you and all sub-users based on their entitlements.
How can I protect information for my business, employees and vendors?
Handling ACH Protected Information
Any Protected Information that is collected should be stored in locked cabinets or drawers for paper documents and secure servers, desktops and laptops or USB drives or CDs for electronic documents.
Moving ACH Protected Information
To prevent origination risk when transmitting protected information use devices with updates to firewall protection and encryption software. Utilize secure emails and websites like online banking.
Destroying ACH Protected Information
Information that is not needed should be minimized or destroyed. Paper documents should be shredded while electronic information, password protected, encrypted or masked data should be erased or wiped.
Key Takeaways for Preventing ACH Fraud
Use Effective Passwords |
|
Block Potential Intruders |
|
Restrict Access |
|
|
|
Fraud Prevention Checklist
We want to minimize your down time and cost of recovery so you can stay focused on your business. Check out our Fraud Prevention Checklist.
Security for your Business
Talk with a Treasury Management Specialist for ways to help prevent credit card theft, check fraud and liability exposure.