September 2005, ACH:
The new wave of bank fraud
By Jeffery A. Dertz, CPA, Blackman
Kallick, Senior Manager, Insurance Practice
ACH, or the Automated Clearing House Network, has experienced a new wave of bank
fraud. An ACH transaction is an electronic funds transfer between bank accounts
using a batch processing system. It is most commonly used in direct deposit of
payroll and Social Security payments; many companies also use it for making
their tax payments to the IRS. ACH transactions are governed by NACHA, the
National Automated Clearing House Association.
How does ACH fraud occur?
ACH fraud can occur with little effort. An individual simply needs two pieces of
information: your checking account number and your bank routing number. This
information is used in various ways to initiate the fraud. In its simplest form,
the perpetrator uses your bank account and routing numbers to initiate a payment
for goods or to pay off debt by making a phone call and giving these numbers to
the desired vendor. This same scenario could also occur with Web-based
purchases.
How can you guard against ACH fraud?
The easiest way to prevent ACH fraud is to put ACH blocks on your bank accounts.
An ACH block allows the receiving party's bank to block all incoming ACH debits
and/or credits prior to any transaction posting to that party's account.
Although this block may not be possible for your business needs, you do have
some other options.
ACH receipt authorization allows business customers to notify their bank about
businesses that are authorized to initiate an ACH debit. If the source of an ACH
debit is not on the list of authorized users, the debit is rejected. This list
can be very specific as to dates and dollar amounts, as well as recurring and
one-time only uses. Another method is reverse positive pay, which allows
business owners to review the incoming ACH debits and decide whether to accept
or reject them. This decision, however, must be made the following day or the
debits are rejected. Another option is to limit the ACH activity to one account
and review it daily.
Where does ACH fraud occur?
About 80% of ACH fraud cases occur in transactions between consumers and
businesses; the remaining 20% involve transactions between consumers. In 2003,
SAS 99-Consideration of Fraud in a Financial Statement Audit-was implemented,
requiring auditors to interview various personnel throughout the organization.
Nearly every insurance client BK has interviewed has experienced some type of
ACH fraud or attempted fraud. The targets were the claim account and the payroll
account. Claimants were using the information on loss payment checks to attempt
the fraud. Former employees have also tried to use the payroll account to pay
bills. In these cases, the company put ACH blocks on the accounts after learning
of the fraud.
The following case offers an example of business-to- consumer ACH fraud. A
consumer purchased a one-year membership at a local health club, paying in full
by check. After the year ended, the consumer was no longer going to the health
club, but for the next three months, the club issued an ACH debit to his
checking account for the monthly dues. This ACH transaction was never
authorized; however, someone from the health club used the consumer's checking
account number and bank routing number to initiate the transaction.
What can you do if you detect a fraudulent ACH transaction?
If you detect a fraudulent ACH transaction, you have 60 days to notify your
bank-or only two days for a corporate account. If you report the fraud within
the allotted time frame, you will not be held responsible. Under ACH rules, the
originating bank must reimburse the victim and the victim's bank and then try to
recover the loss from its customer.
In addition to the preventive measures discussed earlier, a key step in
combating ACH fraud loss is to review and reconcile bank accounts on a timely
basis. Corporate accounts must be reviewed daily; thus, it saves time to limit
the number of accounts that allow ACH transactions to one or very few.
[Home] [Credit reports] [Understand Credit Report] [What does your FICO score mean?] [Frequently asked questions] [Sample credit report] [Computer security] [Identity theft] [Credit report permission law] [Protecting your credit rights] [Landlords complying with FCRA] [Phishing Scam] [Bank Fraud ACH] [Misleading check trick] [Nigerian money transfer scam] [Kenya religious fraud] [Email fraud supposedly from bank]
