How to Avoid ACH & Wire Fraud
ACH fraud is the theft of funds transferred through the Automated Clearing House financial transaction network. It can occur when there is fraudulent access of online banking credentials to obtain account numbers and vendor information.Payroll set up for direct deposits can also be vulnerable to ACH fraud.
Wire fraud is theft of funds moved using the wire transfer systems. This could include domestic or international wire transfer systems. Wire transfers are used by businesses because it is the quickest way to move funds, anywhere around the world, sometimes in just a few hours. Wire fraud occurs when someone is coerced or tricked into sending funds, or account information is obtained through phishing. Many times, fraud attempts occur through email where fraudsters coerce someone into sending funds under false pretenses.
When it comes to ACH and wire fraud, disputing the transfer can be difficult because once it’s sent, it’s gone. Electronic payments are great for members to use due to the swiftness however fraudsters take advantage of this as well. Most disputes end with funds at the receiving institution already being withdrawn. Therefore, nothing to return to the sending institution. Liability protections on checks and card transactions are not the same for ACH and wire transactions.
CommunityAmerica always wants to protect our members. It’s critical to have good fraud controls in place at your business, including well-trained staff, daily banking transactions reconciliation and strong callback procedures.
Strategies for Protecting Your Business
Here are a few of the best practices recommended for businesses, including controls and instances where caution should be taken.
Dual Approval Controls
To ensure protection from fraud, you can require users to get secondary authorization from another user before a transaction is approved. CommunityAmerica’s Mobile App allows selected users the ability to authorize transactions regardless of where they are - in the office or on the golf course.
Be sure to limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses. Employees with authorization for ACH transactions can become targets of email phishing scams. Employees who open file attachments or click on web links in suspicious emails could expose the system to malicious code that could hijack their computer.
Use a Stand-Alone System
The American Bankers Association recommends commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system solely used for online banking and not for mail, web browsing and file sharing. If achievable for your business, this control is particularly important for those members with a high value or large numbers of online transactions.
Use Industry Standard Firewalls
Install commercial anti-virus and desktop firewall software on all computer systems to ensure virus protection and update security software regularly. Free software may not provide the protection you may need. Also, avoid using an automatic login feature that saves username and password for online banking.
Extra Protection with ACH Positive Pay
ACH Positive Pay allows you to manage ACH debits and credits posting to your business account via filters and blocks. In the case of a discrepancy, you can choose how to be notified, so you can take the necessary steps to correct the problem.
Even with controls in place, you and your employees should always be mindful of red flags for possible fraudulent intentions, including:
- Pay attention to emails containing obvious spelling mistakes or even an added letter in places that might be hard to spot, such as a company name, domain or email address. For example, instead of [email protected], it may be coming from [email protected]. Also, remember that CommunityAmerica is always one word so if you see it as two in an email from us, consider it misspelled.
- Remember that government agencies and legitimate companies — including CommunityAmerica — will never contact you asking for account details. If there’s any doubt, contact that organization through another trusted channel.
- Be wary of scare tactics or other unusual behavior, such as urgent calls to action for payment. Another red flag is someone claiming they can only correspond by email or that they don’t have a call back phone number.
For more information about protections and how to report issues involving ACH and wire transfers, see Protect Your Business from Email Fraud.
If you notice any suspicious activity related to your CommunityAmerica accounts, please contact us as soon as possible via 913.905.7000 or [email protected].