Detect and Prevent ACH Fraud in Real-Time
Get a holistic, real-time view of transactions, empowering your business to tackle fraud with greater insights.
Demo RequestThe Automated Clearing House (ACH) network is a way of transferring money from one bank account to another. Supporting both credit and debit transfers, payments and withdrawals are sent to the clearing house where they await authorization before arriving at their final banking destination. In the US, this network is overseen by the National Automated Clearing House Association (NACHA).
ACH fraud occurs when funds are stolen through the ACH network. A criminal needs two things to carry out ACH fraud:
With this information, they can transfer money from the victim’s account, either as a lump sum or as recurring payments. They can also make unauthorized payments for goods or services. The time delay with ACH payments is a key vulnerability that financial criminals exploit.
Although not the most widespread fraud method, ACH scams are increasing. In 2021, the Association For Finance Professionals found that the percentage of survey respondents reporting fraudulent activity via ACH debits increased from 34 percent in 2020 to 37 percent in 2021.
ACH fraud tends to affect medium-sized banks, businesses, and schools. In September 2022, the Federal Bureau of Investigations (FBI) Cyber Division issued a notification relating to cybercriminals increasingly targeting healthcare payment processors to redirect victim payments. In one case, a large healthcare company lost $840,000 in an ACH scam, where a hacker impersonated an employee and changed the ACH instructions.
In addition to “insider employee fraud” typical examples of ACH scams include:
Many of these methods reveal other information that can lead to identity fraud and/or account takeover fraud. In fact, the Financial Crimes Enforcement Network (FinCEN) has frequently highlighted the connection between ACH fraud and identity fraud, with money being illegally transferred via ACH transfer to accounts that were set up with stolen or fake identities.
The impact of ACH fraud can be costly for organizations in terms of remediation time and money, both of which can negatively affect relationships with customers and prospects. Indeed, a 2020 merchant survey found that “avoiding organizations or services I don’t trust” was the top way consumers say they protect the privacy and security of their personal data online.
Furthermore, in our 2023 global compliance survey, more than one in three senior compliance professionals cited “reputational risk” as the factor most likely to drive change within their organization. This was a 6 percentage point rise from the previous year and was the only factor to see a year-on-year increase. And with global executives attributing 63 percent of their firm’s market value to its reputation, it’s easy to see why concern levels are so high.
ACH fraud also increases the likelihood of chargeback fraud, which occurs when a consumer requests a refund (or chargeback) from the card issuer despite having received goods from a merchant.
ACH fraud detection is essential for firms of all sizes across all sectors. Current trends in the ACH fraud detection space include:
When employing any of the above fraud detection solutions, firms must ensure they are calibrated in such a way that reflects their organization’s risk appetite. When adopting a risk-based approach, firms should consider the level of threat ACH fraud poses to their business and deploy solutions accordingly. Transaction monitoring tools should also be fine-tuned to detect specific ACH red flags, including:
ACH fraud prevention measures used by businesses may include:
Company employees need to be fully trained in how to prevent ACH fraud. Compliance and fraud professionals must stay on top of new typologies and trends, as well as regulatory updates and in-house know your customer (KYC) policies.
Firms should also have strong security measures in place, for example using data encryption when storing and sending customer credentials – including credentials given over the telephone where calls are recorded. This information should never be stored locally.
Get a holistic, real-time view of transactions, empowering your business to tackle fraud with greater insights.
Demo RequestOriginally published 20 March 2023, updated 15 April 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).