18 Tips to Prevent ACH and Wire Fraud
- Verify by phone before you send funds. Always call the vendor, business partner, or colleague directly to verify the payment information. Use previously known numbers you know are correct — even across different time zones — and not the numbers provided in an email or text request. Never initiate any changes based only on email or text communication.
- If you originate your own ACH transactions, send prenotes for ACH transactions every time a change is requested. This helps in two ways --- verifies account information (though regulations do not require the name to match, a name different from that on the account may prompt the receiving financial institution to initiate contact with you and/or us) AND gives you a few days as a buffer to validate the request with the vendor or employee by a 2nd method. Prenotes must be sent a minimum of 3 business days before the first live transaction, per NACHA Regulation.
- Be cautious of new payment information. Beware of email requests instructing a routine ACH or wire payment to be sent to a new account.
- Match your payment to a legitimate invoice before paying. Quite frequently, fraudsters tend to pose as a trusted vendor requesting payment. Prior to sending payments, ensure the payment requested matches a legitimate invoice.
- Verify before clicking on a link or opening an attachment in an email or text. It may appear to be from someone you know, but it may be a fraudster phishing for your password, business bank account, or other sensitive information. (Extra caution: The link may contain malware.)
- Double-check the email address. Fraudsters are tricky and can create email addresses that look very similar to the legitimate account. They often find naming conventions for a company’s email accounts on its website and use those to fool you — inspect closely!
- Do not respond to emails as verification. Don’t reply to the requester by email. The fraudster either controls the spoof email account or has gotten access to the valid email account and can write back, making it look legitimate when it’s really not.
- Beware of a sense of urgency. Usually, fraudsters will indicate that the funds need to be wired or sent via ACH right away. These requests often ask that the client be contacted only through email instead of other channels.
- Know and trust who you are working with. Before doing business with a new company, search the company’s name online with the term “scam” or “complaint.” Read what others are saying about the company. Only purchase merchandise from reputable dealers or establishments.
- Be wary of using free, web-based email accounts for your business, which are more susceptible to being hacked. Make sure at least two-factor authentication is available
- Be careful when posting information to social media and company websites, as fraudsters may use this information to deploy new tactics.
- Keep the processing of your financial activities limited to as few machines as possible and limit the other activities such as web surfing on those machines, as well.
- Consider financial security procedures that include a two-factor authentication process or dual control for electronic funds transfers.
- Create intrusion detection system rules that flag emails with extensions that are similar to company email but not exactly the same (for example, .co instead of .com). If possible, register all Internet domains that are slightly different from the actual company domain.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
- Consider frequent and regular patching of your business systems.
- Use a quality next-gen antivirus solution — one that watches for behavior anomalies and not just signatures.
- Make it a priority to review your account transactions on a daily basis. If you find anything unusual, alert your bank immediately. Most fraudulent or unauthorized items are required to be returned by the bank within one business day from the transaction date, due to strict ACH regulations.
If you ever suspect you’ve been the victim of a scam or fraud, contact Baker Boyer Bank immediately. The sooner fraud is discovered, the more likely it is we are able to recover funds sent in error. However, NACHA regulations do not guarantee funds will be recouped, and the Business sending the transaction is ultimately liable for the loss.
If you’d like more information on establishing Dual Control or procedures for sending ACH Prenote transactions please contact Alexis Blackmore, Cash Management Advisor at firstname.lastname@example.org, with a CC to CMSupport@bakerboyer.com, or call (509)526-1339 or (509)525-2000.