How Companies Can Mitigate ACH and Check Fraud
Companies are targets for ACH and check fraud. Here's how to help manage and prevent ACH and check fraud.
Check fraud and ACH fraud cost companies millions each year. However, with careful planning, company leaders can do a great deal to reduce their exposure to losses.
One of the primary challenges organizations face in preventing such fraud stems from the sheer number of transactions posted to their accounts. The larger the volume, the easier it is for criminals to hide a fraudulent transaction in a sea of legitimate activity.
Furthermore, to maximize their return and catch an organization unaware, criminals might bombard the company with thousands of fraudulent transactions over the course of several days. Additionally, a company might find itself facing multiple, sophisticated fraud attacks simultaneously.
It's critical for companies to be aware of the scope of the problem, the areas of their business that may be open to risk, as well as the steps they can take to protect themselves. Doing so could save money — and help to prevent damage to company reputation.
Understanding the Size of the Problem
So how big of a problem is check fraud? The American Bankers Association (ABA) 2019 Deposit Account Fraud Survey found that total attempted check fraud stood at $15.1 billion, while banks prevented $13.8 billion — or 91% of attempts — for a net loss of $1.3 billion.
In fact, according to the Association for Financial Professionals’ (AFP) 2020 Payments Fraud and Control Survey, 74% of companies that experienced attempted or actual payments fraud last year were victims of check fraud. Despite the risk, the AFP found that 42% of companies use checks for business-to-business payments.
Risks of Check and ACH Fraud
Given their ease of use, businesses will continue to use checks for the foreseeable future. Therefore, minimizing losses requires a willingness to use checks coupled with mechanisms to detect fraud as soon as it arises.
Common check fraud methods include the forging of signatures or endorsements, the alteration of payee names and dollar amounts, and the creation of counterfeit checks. Like other forms of financial crime, perpetrators look for companies that lack the people, processes and technology to prevent losses.
What about the threat associated with ACH fraud? In its 2019 report, the ABA noted that P2P, wire and ACH fraud generated losses of $265 million. While lower than the losses attributable to check fraud, for companies that experience an ACH fraud, the losses are just as damaging, nonetheless.
The AFP reports that 33% of organizations reported ACH debit fraud in 2019. The same number of companies reported ACH fraud as a problem in 2018.
However, the losses we will see in 2020 may look quite different from prior years. Given the number of employees working from home, some companies have fewer internal controls in place to stop fraud. Furthermore, employees might find themselves distracted in their home environment, and less likely to catch suspicious transactions connected to a fraud scheme.
If a criminal possesses a company's bank accounting and routing number, they can engage in ACH fraud by originating the transaction. Alternatively, instead of providing their bank account information to pay for a good or a service, the fraudster can provide the bank account and routing number for a company they wish to defraud.
And unlike consumers who have 60 days to notify their bank of an ACH fraud, businesses must do so within two days. To increase the chances of recovering the proceeds of a fraudulent ACH from the bank of first deposit, companies should notify their bank within 24 hours of seeing a fraudulent ACH post to their account.
How Companies Can Protect Themselves from Check and ACH Fraud
- Positive Pay – Identified by many anti-fraud experts as the most effective form of defense against check and ACH fraud, positive pay is a service offered by banks that helps automate the detection of fraud by matching checks presented for payment to a bank with a list of ACHs or checks issued by the company, and matching incoming ACH Debits to authorized debits. Using automation, the bank highlights exceptions. The company can then choose to authorize the red-flagged item or have the item returned. Positive pay can also help mitigate the risk of internal fraud by inserting someone else in the process to approve checks written by another employee. Fifth Third Check Positive Pay Services offer companies a range of options, including payee name verification, and teller-maintained positive pay. Companies can also use reverse positive pay, in which a company maintains control over its list of issued checks and assumes responsibility for detecting exceptions by reviewing checks issued versus those presented.
- Check Block – Using this method will block any checks from posting to an account. This allows companies to protect their account without having to play an active role in the process.
- ACH Blocks and Filters – Companies can also use an ACH Debit Blocking service which enables customers to specify which companies are authorized to post ACH debits to their accounts, blocking those that are not authorized.
- Bank Account Reconciliation – Once a fraudster uncovers a company’s weaknesses and succeeds in passing a bad check, they often repeat the process for as long as it proves successful. Performing daily reconciliation of accounts can substantially reduce check and ACH fraud by confirming the legitimacy of transactions posted against an account and highlighting anomalies quickly. Fifth Third Bank’s Account Reconciliation service provides fast, accurate account activity information. If a company chooses to reconcile their bank accounts in-house, to prevent internal fraud, those involved in the reconciliation should not be involved in issuing checks as well.
- Restrict Check Posting – Placing a “post no checks” restriction on accounts that do not need to accept check payments can reduce the potential for check fraud. To further protect these accounts with no need to process checks, companies can also request that their bank only process ACH transactions from these accounts instead of checks.
- Require Dual Approvals for Online (or Electronic) Payments –To help minimize the potential for payment fraud, a corporate policy should define which executives can issue and approve check and electronic payments. It should also detail the dollar limits of their authorization. Additionally, the policy should identify who can order new check stock. Once received, blank checks should remain in a secure limited location, with limited employee access.
- Designate Employees to Respond to Bank Enquiries – If a bank uncovers suspicious payment activity, bank employees may need to contact the company to confirm their suspicions. Selecting an individual to answer calls from the bank can help ensure the bank’s fraud detection team has the confirmation it needs to protect the company’s funds. Additionally, companies should provide employees with examples of forged, altered and counterfeited checks, and their role in helping prevent losses. For example, if a company accepts checks from the public, point of sale employees should receive training in how to spot a fraudulent check.
In addition to the above risk-mitigation strategies, one of the simplest ways to reduce check fraud is to reduce the number of checks issued. By moving to electronic payments, such as ACH, wire, or other forms of electronic payments, companies can minimize the number of checks in circulation with the potential to fall into a criminal's hands.
Fifth Third Bank’s ACH processing is an ideal solution for repeat payables such as payroll, reimbursements, dividends, taxes, and other items. Wire transfer services through Fifth Third use the latest security technology on front-end and back-end processing for fraud protection, with the ability to process larger-dollar transactions that require immediate settlement.
Contact your Treasury Management Officer, Relationship Manager or Find a Banker to determine the best fraud service for your organization.