How to Help Prevent ACH Fraud

Automated Clearing House (ACH) payments are electronic funds transfers made between banks. This process was originally implemented in the early 1970s to address the growing number of paper checks in the U.S. payment system. Fifty years later, ACH is used for all kinds of electronic funds transfers, including direct deposit of payroll checks and online bill payments. 

However, as the use of ACH payments has increased, so has the risk of fraud. Criminals use a variety of methods to exploit these systems, putting both businesses and consumers at risk. From phishing attacks to account takeovers, here’s how ACH fraud works and what you can do to protect yourself and your finances.   

 

Common ACH Payroll Fraud Schemes

ACH-related payroll fraud is a growing concern for businesses of all sizes. It occurs when criminals manipulate electronic payment systems to divert payroll funds to unauthorized accounts.

Payroll fraud can come in many forms, such as embezzlement, where employees manipulate payroll records for personal gain, or timesheet fraud, where employees overstate hours worked to receive extra pay.

Payroll fraud can include schemes such as:

• Ghost employees: Creating fake employees in the payroll system to divert funds.
• False expenses: Inflating or fabricating expense reports for personal gain.
• Commissions fraud: Manipulating sales numbers or commission structures for higher payouts
• Pay rate alteration: Altering an employee's pay so they receive a higher hourly rate.
• Third-party scams: When outsiders gaining access to payroll systems to redirect payments to their accounts.

Understanding ACH Payroll Fraud

While some forms of payroll fraud are internal, such as timesheet manipulation or embezzlement, ACH payroll fraud is typically an external threat. It occurs when cybercriminals gain unauthorized access to a company's financial systems with the specific goal of manipulating electronic payments and diverting payroll funds to accounts they control.

These third-party scams are a growing concern for businesses of all sizes because they exploit the speed and efficiency of the ACH network. By the time the fraud is discovered, the funds have often been transferred multiple times, making recovery difficult. Understanding the methods these criminals use is the first step toward building a strong defense.

 

How ACH Fraud Happens

Cybercriminals use several sophisticated tactics to exploit ACH systems and divert funds from businesses and individuals. These methods often involve a combination of social engineering, technical exploits, and insider knowledge.

Some of the most common ways ACH fraud occurs include:

• Account Takeover via Phishing and Malware: Criminals use fraudulent emails (phishing) or deploy malware to trick employees into revealing their login credentials. Once they have access, they can take over an employee's account or a company's payroll system to initiate unauthorized ACH transfers or alter payment details.
• Fraudulent Direct Deposit Changes: A common form of account takeover involves criminals hacking into an employee's email. They then impersonate that employee and send a request to HR to change their direct deposit information, redirecting paychecks to an account the criminal controls.
• System Breaches of Payroll Processors: Cybercriminals may target third-party payroll processing firms directly. By breaching their systems, hackers can infiltrate the accounts of multiple companies at once, altering employees' direct deposit details to siphon funds before anyone notices.
• Insider Threats: Employees or other trusted individuals with legitimate access can exploit their position to manipulate payments, create fake vendors, or divert funds for personal gain.
• Ghost Funding and Illegitimate Returns: Scammers may use fake or stolen bank account details to initiate ACH transactions without sufficient funds (ghost funding) or create unauthorized transactions that may go unnoticed until after the funds have been withdrawn (ACH returns).

 

Payroll Fraud Red Flags

Recognizing the warning signs of payroll fraud can help businesses detect and prevent unauthorized transactions before they escalate.

Common red flags include:

• Unexpected direct deposit changes. Requests to update payroll deposit information, especially without proper verification.
• Unusual account activity. Unauthorized changes to payroll records or employee status.
• Duplicate payments. The same employee receiving two payments in one cycle.
• Unauthorized access. Multiple failed logins or logins from individuals who do not typically handle payroll responsibilities.

 

How to Help Reduce Your Risk of ACH Payroll Fraud

Preventing ACH payroll fraud requires a multi-layered approach that combines strong internal processes, robust technical security, and comprehensive employee training. By creating a culture of awareness and implementing the right safeguards, businesses can significantly reduce their vulnerability.

Here are key strategies to protect your organization:

1. Implement Strong Internal Controls

Establish Dual Control and Approval Workflows: Require one authorized user to initiate a transaction and a different user to approve it. This separation of duties is one of the most effective ways to prevent fraudulent requests from being processed.

Always Verbally Verify Changes: Create a strict policy that requires verbal confirmation using a trusted, pre-verified phone number before any changes are made to direct deposit information. Never rely on email requests alone.

Limit and Control Access: Restrict access to payroll systems and the ability to initiate ACH transactions to only essential, authorized personnel. Regularly review who has access and remove permissions for former employees or those who have changed roles.

Monitor Transactions in Real Time: Set up automated alerts for unusual payroll activities, such as changes in pay amounts, new or modified employee bank account information, or high-value transactions that exceed a certain threshold.

2. Strengthen Technical Security

Keep All Software Updated: Outdated software is a primary target for cyberattacks. Regularly update your payroll, accounting, and operating system software to patch security gaps and address performance issues.

Enforce Strong Password Policies: Implement requirements for long, complex passwords (16+ characters with a mix of letters, numbers, and special characters). Crucially, forbid the reuse of passwords across multiple systems.

Encrypt and Secure Sensitive Data: Ensure that all payroll and banking details are encrypted both at rest (when stored) and in transit (when sent). All payroll-related communications should occur through secure, verified channels.

Develop a Backup and Recovery Plan: Regularly back up all payroll data to a secure, separate location and have a tested recovery plan in place. This ensures you can restore operations quickly after a potential breach without losing critical information.

3. Empower Your Employees Through Training

Conduct Regular Security Awareness Training: Your employees are your first line of defense. Conduct ongoing training sessions to educate them on how to identify phishing scams, social engineering tactics, and suspicious emails. Use real-world examples to show them what to look for. By making sure your staff is prepared to recognize suspicious activity and follow proper protocols, you create a powerful human firewall.

 

What to Do If You’re a Victim of ACH Fraud

If you find unauthorized ACH transactions, report them to your bank or financial institution immediately. If you're a City National client, visit our fraud center and call (800) 557-4262 immediately to report suspected fraud.

Next, take steps to secure your accounts and personal information:

• Change your login credentials for all affected accounts to prevent further unauthorized access. 
• Monitor your financial statements and credit reports for additional fraudulent activity. 
• Report fraud to the Internet Crime Complaint Center (IC3) and notify your local FBI office.