Stop a New Type of Payment Fraud
A simple solution shows you how.September 3, 2009
by Mary Schaeffer
Electronic payment fraud is growing by leaps and bounds at various organizations. Whether or not your company makes electronic payments is irrelevant. Fraudsters can get you either way. Have you put an Automated Clearing House (ACH) block on all accounts in which you do not permit ACH debits? If not you may have opened the door to the newest type of payment fraud. This article reviews the payment mechanisms, explains the fraudster’s latest trick and divulges a simple solution.
Electronic payments made through the ACH have been around for decades. The most common — ACH credits — involve the deposit of funds into another’s bank account. Popular examples include direct deposit of payroll and direct deposit of Social Security payments. Now, companies everywhere use this payment mechanism to pay vendors. Its sister tool is the ACH debit in which money is deducted from a bank account. The most common example of this is a homeowner whose monthly mortgage payments are debited from their bank account. Some organizations use this mechanism to pay preferred vendors, sales tax or others.
By now, most organizations are using positive pay. With this fraud deterrent, companies submit a file to the bank every time they do a check run. It contains a listing of all checks issued. The data provided is the dollar amount and check number. When a check is presented for payment, the bank checks its files and if the check is not on the listing, it is rejected. Similarly, if the check has been paid, it is also rejected.
The criminal elements aren’t stupid so they have been changing the payee name, leaving the dollar amount and check number the same. This has caused some banks to develop a new product called payee name positive pay that includes this vital piece of information.
So what the fraudsters have been doing is taking the positive pay rejects and resubmitting them as ACH debits. Since positive pay only works with checks, the ACH debits are getting through. This fraud works even against organizations that do not make any sort of electronic payment.
Put an ACH block on any account in which you do not permit ACH debits. For many organizations, this is all their accounts. Talk to your banker to implement this change — and do it quickly. What this development demonstrates is that we can never let our fraud guard down. As quickly as the banking and business community develops a protection, hacksters find a new way around it. It is sure to be an ongoing problem and one that we will continue to cover for Corporate Finance Insider readers.
Rate this article 5 (excellent) to 1 (poor). Send your responses here.
Mary S. Schaeffer is the author of over a dozen business books including Travel & Entertainment Best Practices (2007 John Wiley & Sons) and Fraud in Accounts Payable: How to Prevent It (2008 John Wiley & Sons). She serves as the editorial director of Accounts Payable Now & Tomorrow, a newsletter for professionals interested in payment issues, writes a free weekly ezine e-AP News, speaks at accounts payable webinars, seminars and conferences and directs the organization’s consulting practice. She notes that this year, most of her speaking invitations are to talk about fraud or T&E issues.