ACH transactions are prime targets for fraudsters. Find how you can protect your business

In the 1970s, the Federal Reserve created the Automated Clearing House (ACH) system to process payments electronically and lessen dependence on paper checks.

Now, with an average of 29.1 billion electronic fund transfers (EFTs) per year, ACH transactions—which include payroll, direct deposit, and services like PayPal and Venmo—are prime targets for fraudsters looking to quickly reroute large sums into their pockets.Disclosure 1

Key concepts

In this article, we’ll explore:

  • What ACH fraud is and how it happens
  • Suggested strategies to prevent ACH fraud
  • How Truist can help protect your business against fraud

Video: An introduction to ACH fraud

Component ID : "accordionGridLayout-1172309357"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: ACH fraud] [Truist logo]

[ACH fraud: ACH fraud is one of the fastest-growing types of fraud. Find out how we can help you stay one step ahead.]

Narrator: ACH fraud is one of the fastest-growing types of deception techniques, especially as criminals create more sophisticated scams and use the latest technology to their advantage. A common trick is to infiltrate a vendor’s contact information and respond to a previously sent message so it appears to be part of the same chain or thread.

Some even use details from social media to make the email, text, or online message seem like it’s coming from a trusted contact.

One of the best ways to prevent fraudulent transactions is to have close relationships with vendors.

Check in with them to verify any unusual or first-time requests, changes in contact information or remittance addresses, or changes in wiring or ACH instructions. Whenever possible, confirm any change with two sources.

Monitoring incoming ACH payments is just as critical. Truist offers fraud prevention services that allow you to block or review ACH debit transactions before they deposit to your account.

We also offer a Universal Payment Identification Code, which gives you masked account numbers for receivables to help prevent unauthorized charges to your account.

It can be good to remind everyone in your organization that time spent reviewing ACH transactions upfront can reduce time spent rectifying problems later.

[Establish strong defenses against cyberattacks.]

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo, and Truist Purple are service marks of Truist Financial Corporation.

[end transcript]

How does ACH fraud happen?

ACH fraud occurs when fraudsters use the ACH network to steal funds via unauthorized transactions. Examples include:

  • Unauthorized transfers from a victim’s bank account
  • Payment for goods and services scammers have sent to themselves
  • Withdrawals using stolen debit card numbers
  • Scheduling automatic bill payments to a fraudster’s account

ACH fraud relies on social engineering scams such as corporate phishing and business email compromise. Fraudsters pose as trusted employees, associates, financial institutions or federal agencies. They trick employees into sharing corporate bank account details they can use to move company funds into their accounts.

Scammers tend to direct ACH fraud scams at midsize and smaller businesses, believing they’re less likely than larger companies to have strong cybersecurity programs.

Hackers may also breach your systems using compromised passwords to steal your ACH information and any ACH information you have on file about your partners, vendors, and clients.

Good news: ACH debit fraud reports are trending down.

In an annual fraud survey, respondents reporting a fraudulent debit charge from an ACH transaction dropped by 7 percentage points between 2021 and 2022 (from 37% to 30%).Disclosure 2 Although the drop is welcome news, other forms of ACH fraud still pose sizable risk, meaning companies must remain vigilant.

Did you know? ACH Blanket Block stops all ACH debit attempts.

ACH Blanket Block is a fraud control solution we offer here at Truist. If there’s an account you don’t use for ACH transfers, you can ask to put an ACH Blanket Block on it. If anyone tries to debit money from the account, their request will automatically bounce back—no monitoring required. Talk to your Truist relationship manager to learn more about ACH Blanket Block.

Best practices and prevention

You can mitigate the risk of ACH fraud by being proactive with a strong defense plan. Here are some strategies that can help you and your team prevent ACH fraud at your organization.

Prioritize employee training.
Teach your staff how to spot password theft and social engineering fraud, two of the most common scams used to obtain ACH information. Stress the importance of keeping company information private. Running a mock phishing campaign can help your IT team identify weak points in your defenses—and give your employees more confidence to handle a real-world scenario.

Update protective protocols.
Layering protocols can multiply their protective effect. Consider implementing transaction limits, review periods, and dual controls (where two or more employees must approve each transaction). You could even opt to use a credit-only account that accepts deposits but doesn’t permit debits. For updates on the latest ACH news and risk management tools, you can subscribe to Nacha’s ACH Network newsletter.

Boost your tech defenses.
On the macro level, you’ll want to update every employee’s antivirus software regularly to help block malware and spam. On the micro level, you can require multifactor authentication for all ACH payments. For an extra layer of security, ask your Truist relationship manager about a Universal Payment Identification Code (UPIC), an account number alias you can distribute to your partners.

Talk to Truist.
Are you taking advantage of all the fraud control options available to you? Contact your Truist relationship manager to learn about our ACH fraud control solutions, including ACH Blanket Block and UPIC. These tools can help your employees reduce risk, make informed decisions, and act quickly to stop or minimize losses.

FAQ on password theft

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Yes. While both are electronic forms of fraud, funds stolen via wire transfer are sent directly from party to party without passing through the ACH network and its layer of fraud protection.

We provide several solutions that can help reduce the risk of ACH fraud for your business. These include ACH Fraud Control, ACH Blanket Block, and UPIC. Ask your Truist relationship manager or treasury consultant to explore your options and find the right solutions for your business.

Truist’s ACH Fraud Control helps prevent unauthorized and erroneous transactions. You can set parameters for transactions (such as upper limits), customize your protections, and receive detailed reports on ACH account debits.

Truist’s ACH Blanket Block prevents all ACH activity on one or more accounts of your choosing. Any attempted debit or credit transaction would be returned to the originator automatically—without ever touching your account.

A UPIC, or Universal Payment Identification Code, is a unique code you can give to partners, vendors, and suppliers. It allows them to send you electronic payments without using your actual bank account details. This reduces the risk of your account number being exposed in a data breach.

To report ACH fraud related to a Truist account, you can call us at 844-4TRUIST (844-487-8478). You can also contact your relationship manager or treasury consultant. Learn more about reporting fraud at Truist.

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Purple PaperSM

The power of partnership

Uncover the value of Truist Business Lifecycle Advisory.

Related resources

    {0}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Helpful links



    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option