Empower Blog
ACH & Wire Fraud
August 17, 2023

How to Avoid ACH & Wire Fraud

Fraud and Security, Business Banking
Business scams and fraud attempts are on the rise — especially ACH and wire fraud, in which fraudsters use various means to try to trick you or your employees into sending them money electronically. ACH and wire transfers move money much quicker than writing and depositing checks. There are ways to keep your business safe from fraudsters attempting ACH and wire fraud.

ACH Fraud

ACH fraud is the theft of funds transferred through the Automated Clearing House financial transaction network. It can occur when there is fraudulent access of online banking credentials to obtain account numbers and vendor information.Payroll set up for direct deposits can also be vulnerable to ACH fraud.

Wire Fraud

Wire fraud is theft of funds moved using the wire transfer systems. This could include domestic or international wire transfer systems. Wire transfers are used by businesses because it is the quickest way to move funds, anywhere around the world, sometimes in just a few hours. Wire fraud occurs when someone is coerced or tricked into sending funds, or account information is obtained through phishing. Many times, fraud attempts occur through email where fraudsters coerce someone into sending funds under false pretenses.


When it comes to ACH and wire fraud, disputing the transfer can be difficult because once it’s sent, it’s gone. Electronic payments are great for members to use due to the swiftness however fraudsters take advantage of this as well. Most disputes end with funds at the receiving institution already being withdrawn. Therefore, nothing to return to the sending institution. Liability protections on checks and card transactions are not the same for ACH and wire transactions.


CommunityAmerica always wants to protect our members. It’s critical to have good fraud controls in place at your business, including well-trained staff, daily banking transactions reconciliation and strong callback procedures.

Strategies for Protecting Your Business

Here are a few of the best practices recommended for businesses, including controls and instances where caution should be taken.

Dual Approval Controls

To ensure protection from fraud, you can require users to get secondary authorization from another user before a transaction is approved. CommunityAmerica’s Mobile App allows selected users the ability to authorize transactions regardless of where they are - in the office or on the golf course.


Be sure to limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses. Employees with authorization for ACH transactions can become targets of email phishing scams. Employees who open file attachments or click on web links in suspicious emails could expose the system to malicious code that could hijack their computer.

Use a Stand-Alone System

The American Bankers Association recommends commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system solely used for online banking and not for mail, web browsing and file sharing. If achievable for your business, this control is particularly important for those members with a high value or large numbers of online transactions.

Use Industry Standard Firewalls

Install commercial anti-virus and desktop firewall software on all computer systems to ensure virus protection and update security software regularly. Free software may not provide the protection you may need. Also, avoid using an automatic login feature that saves username and password for online banking.

Extra Protection with ACH Positive Pay

ACH Positive Pay allows you to manage ACH debits and credits posting to your business account via filters and blocks. In the case of a discrepancy, you can choose how to be notified, so you can take the necessary steps to correct the problem.

Be Cautious

Even with controls in place, you and your employees should always be mindful of red flags for possible fraudulent intentions, including:

  • Pay attention to emails containing obvious spelling mistakes or even an added letter in places that might be hard to spot, such as a company name, domain or email address. For example, instead of [email protected], it may be coming from [email protected]. Also, remember that CommunityAmerica is always one word so if you see it as two in an email from us, consider it misspelled.
  • Remember that government agencies and legitimate companies — including CommunityAmerica — will never contact you asking for account details. If there’s any doubt, contact that organization through another trusted channel.
  • Be wary of scare tactics or other unusual behavior, such as urgent calls to action for payment. Another red flag is someone claiming they can only correspond by email or that they don’t have a call back phone number.

For more information about protections and how to report issues involving ACH and wire transfers, see Protect Your Business from Email Fraud.

If you notice any suspicious activity related to your CommunityAmerica accounts, please contact us as soon as possible via 913.905.7000 or [email protected].

Was This Article Helpful?
0 of 0 people found this article helpful
About the Author
roxanne doss
Roxanne Doss

Fraud Investigations Manager

Roxanne Doss has a Certified Identity Theft Risk Management Specialist (CITRMS) credential that helps CommunityAmerica and our members combat the increasing problem of identity theft. In 2016, she earned her CFE credential from the Association of Certified Fraud Examiners (ACFE).