Publications
- 30 Second Ideas
- Accounting Updates
- Alerts
- Articles
- Business Surveys
- Construction Edge
- Healthcare Edge
- Insurance Edge
- Legal Talent
- Manufacturing Edge
- Not-for-Profit Edge
- Quick Links & Good Ideas
- SEC Edge
- Strategy Insights Blog
- Surviving the Upturn
- Tax Highlights
Article Keywords:
- audit and assurance
- China
- construction
- corporate finance
- economy
- education tax benefits
- energy-efficient credit
- fair value
- FAS 157
- FASB
- FIN 48
- fraud
- FUTA
- insurance
- international
- international tax
- inventory
- IRS
- legal staffing
- manufacturing
- not-for-profit
- public company
- recession resources
- SALT
- selling your business
- state and local tax
- strategic planning
- tax
- tax planning
- tuition
Article Author:
ACH: The New Wave of Bank Fraud
Jeffery A. Dertz, CPA
Partner, Insurance Practice
jdertz@BlackmanKallick.com, 312-980-3224
This Blackman Kallick article was published some time ago, but it has taken on new relevance in light of the changes in the U.S. economy and the corresponding increase in online fraud.
The Automated Clearing House Network (ACH) has experienced a new wave of bank fraud. An ACH transaction is an electronic funds transfer between bank accounts using a batch processing system. It is most commonly used in direct deposit of payroll and Social Security payments. Many companies also use it to make their tax payments to the IRS. ACH transactions are governed by NACHA—The Electronic Payments Association.
How does ACH fraud occur?
ACH fraud can occur very easily. An individual simply needs two pieces of information: your checking account number and your bank routing number. This information is used in various ways to initiate fraud. In its simplest form, the perpetrator uses your bank account and routing numbers to initiate a payment for goods or to pay off debt by making a phone call and giving these numbers to the desired vendor. This same scenario could also occur with Web-based purchases.
How can you guard against ACH fraud?
The easiest way to prevent ACH fraud is to put ACH blocks on your bank accounts. An ACH block allows the receiving party's bank to block all incoming ACH debits and/or credits prior to any transaction posting to that party's account. Although this block might not be possible for your business needs, you do have some other options.
ACH receipt authorization allows business customers to notify their bank about businesses that are authorized to initiate an ACH debit. If the source of an ACH debit is not on the list of authorized users, the debit is rejected. This list can be very specific as to dates and dollar amounts as well as recurring and one-time-only uses.
Another method of fraud prevention is reverse positive pay, which allows business owners to review the incoming ACH debits and decide whether to accept or reject them. This decision, however, must be made the following day or the debits will be rejected.Another option is to limit the ACH activity to one account and review it daily.
Where does ACH fraud occur?
About 80% of ACH fraud cases occur in transactions between consumers and businesses; the remaining 20% involve transactions between consumers. In 2003, SAS 99, “Consideration of Fraud in a Financial Statement Audit,” was implemented, requiring auditors to interview various personnel throughout the organization.
Nearly every insurance client Blackman Kallick interviewed had experienced some type of ACH fraud or attempted fraud in either a claim account or payroll account. Claimants were using the information on loss payment checks to attempt fraud. Former employees also tried to use the payroll account to pay bills. In these cases, the company put ACH blocks on the accounts after learning of the fraud.
The following case offers an example of business-to-consumer ACH fraud. A consumer purchased a one-year membership at a local health club, paying in full by check. After the year ended, the consumer was no longer going to the health club and no longer wished to be a member. However, for the next three months, the club issued an ACH debit to his checking account for the monthly dues. This ACH transaction was never authorized. Someone from the health club used the consumer's checking account number and bank routing number to initiate the transaction.
What can you do if you detect a fraudulent ACH transaction?
If you detect a fraudulent ACH transaction, you have 60 days to notify your bank—two days for a corporate account. If you report the fraud within the allotted time frame, you will not be held responsible. Under ACH rules, the originating bank must reimburse the victim and the victim’s bank and then try to recover the loss from its customer.
In addition to the preventive measures discussed earlier, a key step in combating ACH fraud loss is to review and reconcile bank accounts on a timely basis. Corporate accounts must be reviewed daily, as suspected fraud must be reported within two days of its occurrence. Therefore, it saves time to limit the number of accounts that allow ACH transactions to one or very few.
Questions about ACH fraud?
Contact Jeff Dertz at 312-980-3224.
This publication is part of Blackman Kallick’s marketing of professional services, and is not written tax advice directed at the specific facts and circumstances of any person and/or entity. Contents of this publication are of a general nature, and you should not act on this information without obtaining professional advice from your business advisor that is appropriately tailored to your individual needs and circumstances. This written advice is not intended or written to be used, and cannot be used by any taxpayer, for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.
Follow @BlackmanKallick on Twitter
Follow Blackman Kallick on LinkedIn