Common Issues in ACH PaymentsTax Professionals' Resource
October 12, 2012 — 1,530 views
Common Issues in ACH Payments
Companies have suffered to the tune of $100 million in losses from ACH fraud, an FBI report from 2009 states. The sophisticated phishing techniques and other intricate online scams have made small and mid-size businesses vulnerable to these security risks.
ACH fraud and payroll risks
The payroll departments for most companies face the biggest risks when it comes to ACH-related fraudulent activity. The risks come from employees responsible for handling certain ACH transactions for payroll processing. When emails sent to employees are opened via a method called “spear phishing,” the employee is guided to a website that is infected. The link downloads a key logger application onto the person’s desktop and all account-related activities are exposed. The account login information makes it possible for corporate financial data to be transferred from the account.
Employee fraud in ACH
Unfortunately, some companies grapple with internal risks from their own employees. An employee can be entrusted with overseeing every aspect of a transaction from start to finish. This means that the employee can approve transactions and the release of any funding for paying any expense, authentic or otherwise in any amount as many times as desired. This is common among companies who have no checks and balances procedures in place.
Companies can conduct periodic training for employees and remind them of best practices for handling suspicious emails. Semi-annual training can reduce risks for ACH fraud with some companies. Employees should be encouraged to immediately discard any suspicious email content that arrives in their inbox and resist the urge to open or forward the content. No personal information should be submitted for any reason if prompted by a suspicious email received. When conducting any work-related or personal activity on the company’s computer, the security credentials of each site should be noted. All software should be pre-approved by an IT contact or all downloads should be managed by an IT resource.
Checks and balances
Companies can also institute policies that incorporate frequent auditing processes. Breaking up the ACH transaction activities by involving two parties for the reconciliation or verification process can lower risk of internal employee fraud. Computers that are dedicated to handling these types of processes should be checked more often for vulnerabilities.
Employee training and stringent internet security policies all work together to protect the computer from unnecessary risks. Taking these additional steps can prevent ACH fraud activities from internal and external risks.