The convenience of instantaneous information can blind us to technology’s drawbacks, including cyber attacks and data breaches. But there’s another, lesser-known technology-enabled crime to watch for — Automated Clearing House (ACH) fraud.
What is it?
Consumers use the ACH network to make electronic payments directly from their checking or savings accounts to other parties’ accounts, eliminating the need to pay bills with paper checks or physical credit cards. Likewise, companies use it for business-to-business transactions and to pay their employees, contractors and vendors.
Businesses of all sizes can become ACH fraud victims, but small to midsize ones may be most vulnerable. Even when they have substantial financial assets, these companies typically have fewer up-to-date information security measures in place.
How is it perpetrated?
Perpetrators need only obtain an account number and bank routing number to commit ACH fraud. This can be accomplished through:
- Phishing (tricking email recipients into divulging personal data),
- Legitimate but hacked websites,
- Malware, and
- Account hijacking.
For example, a thief might launch phishing attacks against a bank’s customers. When recipients click on the link in the fake email, they’re taken to a phony bank website and prompted to enter their login information. Thieves capture that information and use it to access online banking accounts, and then initiate ACH payments to their own accounts at a different bank. Finally, the funds are transferred by wire to a third (in most cases, offshore) bank.
What can you do?
No single defense will protect every individual and business that uses the ACH. But some simple steps can reduce risk. First, install firewalls and antivirus, antispyware, and antimalware software on computers and keep these programs updated. Also, ensure that computers, smartphones and networks require complex passwords that must be changed frequently. Finally, ignore unsolicited emails with attachments, links in the body of the message and pop-ups that request personal information.
Using a separate browser for online banking purposes, checking bank accounts daily for unauthorized activity and accessing financial websites only by entering the URL also help. And consumers and employees should pay attention to computers that have slowed down or that repeatedly reboot. These issues can indicate the presence of malware or a virus.
With a bit of care, you can reduce the risk of ACH fraud and ensure your everyday transactions go forward unimpeded. Contact us for more information.