ACH Fraud

Automated Clearing House (ACH) transactions are widely used for payroll, vendor payments and recurring bills; but their convenience also makes them a popular target for cybercriminals. ACH fraud occurs when unauthorized transactions are made from a business’s bank account, typically through stolen credentials, social engineering or compromised internal processes. ACH fraud is a growing threat to businesses of all sizes. The Association for Financial Professionals (AFP) 2025 Payments Fraud Report found that 79% of organizations were victims of payments fraud attacks/attempts in 2024. So, how does it work?

Most ACH fraud starts with stolen login credentials or account details. Cybercriminals may obtain this information through phishing emails, malware or key loggers installed on company devices. In some cases, fraudsters trick employees into voluntarily providing sensitive information by posing as trusted vendors, executives or even financial institutions. Once they gain access, they initiate unauthorized transfers, often to accounts that quickly disperse the stolen funds, making recovery difficult.

In other cases, fraudsters may manipulate internal systems or impersonate a vendor by submitting fraudulent payment instructions. Because ACH transfers typically process quickly, fraudulent payments can move through undetected unless businesses have strong controls in place.

Businesses should watch for the following red flags:

  • Unusual ACH transactions outside normal payment schedules
  • Changes to vendor banking information, especially when received via email
  • Duplicate payments or payments to unfamiliar accounts
  • Notifications of failed or reversed ACH transactions you did not initiate
  • Requests for urgent or last-minute ACH transfers, particularly from executives or vendors

There are several ways businesses can mitigate the risks of ACH fraud, including:

  • Use Dual Authorization: Implement controls that require two people to approve ACH transfers, especially those involving new or changed payment instructions
  • Implement Payment Controls: Set dollar limits, daily thresholds, and approval tiers for ACH transactions. MidFirst Bank can help configure these safeguards
  • Verify Payment Requests: Before changing vendor account details or processing new ACH requests, confirm the request through a known, independent contact method; not the contact provided in the request
  • Use ACH Fraud Protection Services: Services like ACH Positive Pay are used to review and approve outgoing ACH transactions before they’re processed. Contact MidFirst Bank for information about enabling this service
  • Educate Employees: Train staff on phishing techniques, social engineering scams, and the importance of verifying payment instructions. Awareness serves as the first line of defense
  • Monitor Accounts Daily: Set up real-time alerts for ACH activity and reconcile accounts regularly. The chance of recovery increases when unauthorized activity is identified quickly

ACH fraud can happen quickly, and quietly, but with strong internal processes, layered digital security and the right banking tools in place, businesses can significantly reduce their risk. Partnering with MidFirst Bank to implement proactive controls is one of the best ways to safeguard accounts and maintain peace of mind.