The convenience of instantaneous information can blind us to technology’s drawbacks, including cyberattacks and data breaches. But there is another, lesser-known technology-enabled crime to watch for — Automated Clearing House (ACH) fraud.
What is it?
Consumers use the ACH network to make electronic payments directly from their checking or savings accounts to other parties’ accounts, eliminating the need to pay bills with paper checks or physical credit cards. Likewise, companies use it for business-to-business transactions and to pay their employees, contractors, and vendors.
Businesses of all sizes can become ACH fraud victims, but small to midsize ones may be most vulnerable. Even when they have substantial financial assets, these companies typically have fewer up-to-date information security measures in place.
How is it perpetrated?
Perpetrators need only obtain an account number and bank routing number to commit ACH fraud. This can be accomplished through:
- Phishing (tricking email recipients into divulging personal data)
- Legitimate but hacked websites
- Malware
- Account hijacking
For example, a thief might launch phishing attacks against a bank’s customers. When recipients click on the link in the fake email, they are taken to a phony bank website and prompted to enter their login information. Thieves capture that information and use it to access online banking accounts, and then initiate ACH payments to their own accounts at a different bank. Finally, the funds are transferred by wire to a third (in most cases, offshore) bank.
What can you do?
No single defense will protect every individual and business that uses the ACH, but some simple steps can reduce risk. First, install firewalls and antivirus, antispyware, and antimalware software on computers and keep these programs updated. Also, make sure that computers, smartphones, and networks require complex passwords that must be changed frequently. Finally, ignore unsolicited emails with attachments, links in the body of the message, and pop-ups that request personal information.
Using a separate browser for online banking purposes, checking bank accounts daily for unauthorized activity and accessing financial websites only by entering the URL also help. Consumers and employees should pay attention to computers that have slowed down or that repeatedly reboot. These issues can indicate the presence of malware or a virus.
Reducing vulnerability
With a bit of care, you can reduce the risk of ACH fraud and make sure your everyday transactions go forward unimpeded. Contact us for more information.