The Automated Clearing House (ACH) Network is used by a vast number of financial institutions to handle bill payments, cash transfers, and direct deposits. Virtually everyone has made an ACH transaction at some point, but unfortunately, a rising number of criminals have started using the Network to scam innocent individuals and take money directly out of their checking accounts.
ACH fraud can be committed in a number of ways. The most common way ACH fraud is committed is by obtaining banking information from targets via phishing emails and malware. The malware monitors keystrokes and can obtain passwords and saved forms from almost any device. ACH fraudsters only need two important pieces of information to gain access to a person’s bank account – a routing number and checking account number. This information is sometimes provided directly by the victim, and once the money is taken, the victim is usually on the hook by the bank for the drafted amount.
Sadly, as implied above, ACH fraud is becoming more and more common, and it is believed that fraudsters intentionally target certain types of individuals. According to the Federal Bureau of Investigation (FBI), ACH fraud has cost consumers and law enforcement agencies more than $100 million as of 2009. This figure is believed to be higher since many victims do not file police reports out of embarrassment.
How Does an ACH Scam Work?
Another way ACH fraud can be committed is when a network of fraudsters will pose as a “bank” or “lending company” in an attempt to gain financial information from a victim. The fraudsters will often send emails or letters stating the victim has been approved for a loan or credit card, but they must provide their checking account information so the bank will know where to deposit the money. These fraud attempts can be hard to spot, and more advanced criminals sometimes use the name of legitimate and well-known financial institution.
Fraud can also occur via web transactions. Such frauds use Trojan horses (malware programs) to attack a person’s device and obtain their financial information and passwords. Trojan horses are often obtained through infected websites, which often mimic the appearance of a legitimate website. Once the Trojan horse takes over, the fraudsters can access the accounts of an individual and carry out financial transactions using their personal information.
Other Types of ACH Scams:
• Work-from-home schemes
• Overseas money transfers
• Fake offers of free or significantly discounted products
Fraudsters engaging in oversee scams often promise to pay a person a large sum of money if they wire several smaller sums of money over time. As expected, the larger sum of money is never delivered, and the victim is often left thousands of dollars in debt. Advanced Fraud Solutions’ TrueACH® solution is built to help financial institutions spot these types of fraudulent transactions before too much money is moved.
Who is at risk for ACH fraud?
Many security professionals now believe ACH scammers target certain types of individuals and companies. In general, small to mid-sized companies tend to be more at risk than larger companies due to a lack of cyber security. Larger companies spend millions of dollars to protect their sensitive financial data, and smaller, mom-and-pop companies simply do not have the financial resources to invest in such extensive security measures.
It is also believed that lower-income individuals and those who frequently apply for loans online may be at higher risk as well. Scammers often profile certain neighborhoods and monitor email accounts to see if an account holder is frequently applying for loans or credit. They will then attempt to scam individuals who may be in dire need of funds.
Avoiding ACH Scams
Fortunately, there are measures your bank or credit union can take to fight back against ACH fraud. By taking the following steps, financial institutions can prevent ACH scams:
- Educate account holders about the dangers of ACH fraud.
- Immediately notify account holders of any suspicious account activity.
- Utilize multi-layer, multi-factor authentication security.
- Encourage customers to take advantage of transactions alerts.
- Warn account holders about popular ACH scams.
- Deploy TrueACH® from Advanced Fraud Solutions to stop ACH fraud BEFORE it happens.
Banks and credit unions should also encourage their account holders to update their passwords multiple times each year. A strong password should have at least ten characters and a unique combination of letters, special characters, and numbers.
Banks Can Combat ACH Fraud
ACH fraud may be on the rise, but by taking the advice above to heart, banks and other financial institutions can stop ACH fraud in its tracks and keep account holders safe. Protect your institution from ACH fraud – start by requesting a free demo of TrueACH® today!