ACH fraud refers to the unauthorised use or manipulation of the Automated Clearing House (ACH) network to debit or credit bank accounts fraudulently. This activity often involves exploiting stolen account details, synthetic identities, or phishing attacks to initiate illicit transactions.

What is account takeover fraud?

It is a form of cybercrime where fraudsters exploit stolen credentials or hacked accounts for financial gains, potentially resulting in identity theft or monetary loss.

How does ACH fraud happen?

ACH fraud typically occurs when fraudsters gain access to bank account information through methods like phishing, social engineering, or data breaches. They use these credentials to initiate unauthorised debits or credits, often targeting weaknesses in verification processes or taking advantage of batch delays in ACH processing.

How common is ACH fraud?

ACH fraud has risen with the increased use of digital banking and payment systems. The FBI reports billions in annual losses linked to business email compromise (BEC) and payroll fraud, which often exploit ACH systems. Common targets include businesses and vendors processing high-volume payments.

What is the difference between ACH debit fraud and ACH credit fraud?

ACH debit fraud involves unauthorised withdrawals from a victim’s bank account, such as stealing payroll or siphoning funds from businesses. ACH credit fraud, on the other hand, involves fraudulent transfers where stolen funds are deposited into mule or fraudulent accounts, often as part of money-laundering schemes.

What are the warning signs of ACH fraud?

Key red flags include unusual or high-frequency payment retries, new bank account details immediately linked to transactions, mismatches in account owner data, and transfers to unknown or unverified beneficiaries. Sudden changes to a vendor or employee bank account information should also raise suspicion.

How do banks detect ACH fraud digitally?

Banks use a combination of rule-based systems and advanced fraud detection software involving behaviour analysis and machine learning. These tools flag anomalies in transaction patterns, detect irregular amounts, and leverage account verification to assess risks before payments are cleared.

What is ACH fraud detection?

ACH fraud detection is the process of identifying unauthorised or suspicious transactions within the ACH network. It utilises mechanisms like transaction monitoring, real-time alerts, and risk evaluation models to identify potential fraud early and minimise its impact.

What is ACH fraud prevention?

ACH fraud prevention involves implementing measures to block unauthorised or fraudulent transactions before they occur. This includes strict access controls, multi-level authentication, real-time monitoring, and meticulous validation of bank account details and transactional data.

How can businesses help prevent ACH fraud?

Businesses can prevent ACH fraud by implementing strict controls over who can initiate payments, validating bank details regularly, and reconciling accounts daily. They should also educate employees on recognising phishing or fraud attempts and employ multi-factor authentication for payment approvals.

How do you protect a business from ACH fraud?

To protect a business from ACH fraud, establish strong internal controls, such as dual approval systems for payments. Invest in fraud monitoring solutions, enforce access control policies, and regularly review and update internal processes to address emerging fraud tactics.

What controls reduce ACH fraud risk before pulling funds?

Pre-funding risk can be reduced by validating account details before initiating payments, ensuring real-time authentication for high-risk transactions, and setting velocity controls to limit the frequency of debits from accounts. Maker-checker procedures further deter unauthorised activities.

What is an ACH fraud filter?

An ACH fraud filter is a security feature that banks and businesses use to screen ACH transactions. It allows only pre-authorised debits or credits to process, while flagging or blocking any unauthorised activity outside predefined parameters.

Who is liable for ACH fraud?

Liability for ACH fraud depends on the transaction type and applicable regulations. For consumer transactions, banks usually bear liability if the fraud is reported promptly. For business accounts, liability terms typically depend on the contracts between the business and its bank, emphasising the importance of having fraud detection measures in place.

What is ACH fraud recovery and how does it work?

ACH fraud recovery involves requesting a reversal or return of an unauthorised transaction through the ACH network, based on reporting timelines. Working with the bank promptly, providing evidence, and freezing compromised accounts are crucial steps. However, recovery success depends on how quickly the fraud is detected.

What should you do if you suspect unauthorised ACH activity?

If you suspect unauthorised ACH activity, immediately notify your bank or payment provider to halt further transactions. Also, conduct an internal assessment to determine the breach source, tighten account access controls, and monitor for other suspicious activity. File necessary fraud reports with financial authorities if applicable.

ACH Fraud: Threats to Bank Transfers

ACH fraud involves the unauthorised or deceptive use of the Automated Clearing House (ACH) network to debit or credit bank accounts. The ACH network is a system used for processing various types of digital payments in the United States, including payroll deposits, mortgage payments, and direct debits.

This type of fraud frequently takes two main forms:

Unauthorised ACH debits: Fraudsters withdraw funds directly from a victim’s bank account without their consent.
Fraudulent ACH credits: Funds are transferred to illicit accounts, such as money mule or synthetic identity accounts to enable money laundering.

High-Level Flow

ACH payments are processed in batch runs, making them distinct from instant payment methods like wire transfers. Here’s how a standard ACH transaction flows:

A customer or business initiates an ACH debit or credit.
Payment instructions undergo batch processing, typically assembling multiple transactions for efficiency.
Funds settle between bank accounts.

Fraud Implications

Timing gaps: Since ACH processing often occurs in batches, there is lag time that enables fraud to take place before malicious activity is flagged.
Dependency on account details: ACH payments rely on accurate bank details - exploiting any errors opens doors for unauthorised debits.

For example, fake vendor accounts can use incorrect bank routing details to infiltrate business payments.

ACH fraud manifests in several forms, including:

Unauthorised ACH debits: Stolen bank account credentials allow a fraudster to initiate payments.
Business compromise fraud: A fraudster infiltrates a company’s systems, such as the payroll department, to reroute workers’ direct deposits.
Vendor payment redirection: Fraudsters manipulate official correspondence to get businesses to update payee details to fraudulent accounts.
Synthetic identity fraud: Fraudulent entities create new identities to bypass standard checks and initiate payments.

Real-world example:

In many cases, attackers exploit phishing emails to access banking credentials and initiate large ACH transactions, especially targeting payroll funds transferred on Fridays.

Identifying ACH fraud early can save businesses significant losses. Warning signs may include:

New bank accounts with immediate debit activity: Suspicious transfers from newly added or flagged accounts.

Unusual payment “velocity”: High-frequency or iterative payment attempts often signal automated fraud.

High-risk transfers to unverified third-party accounts: Mismatched account ownership details and recent changes in beneficiary data can prompt alerts.

Duplicated settings across accounts: Multiple user accounts exhibiting similar behaviour could be an indication of synthetic identity fraud.

LSEG Risk Intelligence solutions leverage real-time data monitoring to detect anomalies and atypical funding patterns that might bypass simple rule-based checks. This minimises exposure to fraud.

Detection Approaches

Rule-based analysis:
Transaction velocity limits
Trigger alerts for high-value or non-compliant debit amounts
Machine learning models: Advanced behavioural analysis flags patterns inconsistent with historical data.

LSEG Risk Intelligence’s fraud intelligence tools incorporate these approaches into solutions like Global Account Verification, combining real-time monitoring with identity validation to intercept anomalies proactively.

For Businesses

Implement robust maker-checker workflows to prevent unauthorised fund withdrawals.
Conduct quick, same-day reconciliation, and raise exceptions for unmatched debits.
Restrict ACH initiator accounts (minimise permissions for non-critical employees).

For Payment Providers

Strengthen account verification protocols pre- and post-transactions.
Real-time fraud hold/review systems can mitigate risks for flagged debits.
Conduct training for employees to recognise phishing or impersonation tactics.

LSEG Risk Intelligence solutions help businesses and banks implement step-up authentication and user behaviour risk scoring into their monitoring systems.

Liability in ACH disputes:

The Electronic Fund Transfer Act (EFTA) in the United States typically holds banks liable for unauthorised consumer transactions if the fraud is reported promptly. Business transactions, on the other hand, depend largely on the presence of fraud detection mechanisms.

Recovery process:

Rapid response: Immediately contact your bank upon suspicion to enact stops or recalls on fraudulent transactions.
Document trails: Maintain a secure log of conversations, transaction records, and forensic analyses to help investigations.

Contain the breach: Lock access to compromised systems, passwords, or credentials.
Investigate root cause: Engage your internal IT or fraud team early to assess the entry point (data compromise vs. malicious account takeovers).
Notify partners/suppliers: Especially for vendor fraud, raising partner awareness is crucial to shared risk reduction.

LSEG Risk Intelligence offers comprehensive solutions to help mitigate fraud risks in digital payment systems:

Fraud mitigation across the workflow: Using tools such as real-time bank account verification coupled with identity validation.
Compliance alignment: Their integration-ready APIs further simplify ACH fraud compliance measures like government mandates on Payment Service Providers (PSPs).

ACH fraud refers to the unauthorised use or manipulation of the Automated Clearing House (ACH) network to debit or credit bank accounts fraudulently. This activity often involves exploiting stolen account details, synthetic identities, or phishing attacks to initiate illicit transactions.
It is a form of cybercrime where fraudsters exploit stolen credentials or hacked accounts for financial gains, potentially resulting in identity theft or monetary loss.
ACH fraud typically occurs when fraudsters gain access to bank account information through methods like phishing, social engineering, or data breaches. They use these credentials to initiate unauthorised debits or credits, often targeting weaknesses in verification processes or taking advantage of batch delays in ACH processing.
ACH fraud has risen with the increased use of digital banking and payment systems. The FBI reports billions in annual losses linked to business email compromise (BEC) and payroll fraud, which often exploit ACH systems. Common targets include businesses and vendors processing high-volume payments.
ACH debit fraud involves unauthorised withdrawals from a victim’s bank account, such as stealing payroll or siphoning funds from businesses. ACH credit fraud, on the other hand, involves fraudulent transfers where stolen funds are deposited into mule or fraudulent accounts, often as part of money-laundering schemes.
Key red flags include unusual or high-frequency payment retries, new bank account details immediately linked to transactions, mismatches in account owner data, and transfers to unknown or unverified beneficiaries. Sudden changes to a vendor or employee bank account information should also raise suspicion.
Banks use a combination of rule-based systems and advanced fraud detection software involving behaviour analysis and machine learning. These tools flag anomalies in transaction patterns, detect irregular amounts, and leverage account verification to assess risks before payments are cleared.
ACH fraud detection is the process of identifying unauthorised or suspicious transactions within the ACH network. It utilises mechanisms like transaction monitoring, real-time alerts, and risk evaluation models to identify potential fraud early and minimise its impact.
ACH fraud prevention involves implementing measures to block unauthorised or fraudulent transactions before they occur. This includes strict access controls, multi-level authentication, real-time monitoring, and meticulous validation of bank account details and transactional data.
Businesses can prevent ACH fraud by implementing strict controls over who can initiate payments, validating bank details regularly, and reconciling accounts daily. They should also educate employees on recognising phishing or fraud attempts and employ multi-factor authentication for payment approvals.
To protect a business from ACH fraud, establish strong internal controls, such as dual approval systems for payments. Invest in fraud monitoring solutions, enforce access control policies, and regularly review and update internal processes to address emerging fraud tactics.
Pre-funding risk can be reduced by validating account details before initiating payments, ensuring real-time authentication for high-risk transactions, and setting velocity controls to limit the frequency of debits from accounts. Maker-checker procedures further deter unauthorised activities.
An ACH fraud filter is a security feature that banks and businesses use to screen ACH transactions. It allows only pre-authorised debits or credits to process, while flagging or blocking any unauthorised activity outside predefined parameters.
Liability for ACH fraud depends on the transaction type and applicable regulations. For consumer transactions, banks usually bear liability if the fraud is reported promptly. For business accounts, liability terms typically depend on the contracts between the business and its bank, emphasising the importance of having fraud detection measures in place.
ACH fraud recovery involves requesting a reversal or return of an unauthorised transaction through the ACH network, based on reporting timelines. Working with the bank promptly, providing evidence, and freezing compromised accounts are crucial steps. However, recovery success depends on how quickly the fraud is detected.
If you suspect unauthorised ACH activity, immediately notify your bank or payment provider to halt further transactions. Also, conduct an internal assessment to determine the breach source, tighten account access controls, and monitor for other suspicious activity. File necessary fraud reports with financial authorities if applicable.

Email sales
Call sales

First name

Last name

Email address

Phone number

(numerals only; no dashes)

Country/territory

City (optional)

Company

Job title

Area of interest: Help us connect you to the right expert(optional)

All countries (toll free): +1 800 427 7570
Brazil: +55 11 47009629
Argentina: +54 11 53546700
Chile: +56 2 24838932
Mexico: +52 55 80005740
Colombia: +57 1 4419404

Europe: +442045302020
Africa: +27 11 775 3188
Middle East & North Africa: 800035704182

Australia & Pacific Islands: +612 8066 2494
China mainland: +86 10 6627 1095
Hong Kong & Macau: +852 3077 5499
India, Bangladesh, Nepal, Maldives & Sri Lanka:
+91 22 6180 7525
Indonesia: +622150960350
Japan: +813 6743 6515
Korea: +822 3478 4303
Malaysia & Brunei: +603 7 724 0502
New Zealand: +64 9913 6203
Philippines: 180 089 094 050 (Globe) or
180 014 410 639 (PLDT)
Singapore and all non-listed ASEAN Countries:
+65 6415 5484
Taiwan: +886 2 7734 4677
Thailand & Laos: +662 844 9576

Get help through MyAccount

Find your nearest LSEG office

ACH Fraud: Threats to Bank Transfers

What is ACH fraud?

How ACH payments work and why fraud here is unique

Common ACH fraud scenarios

Red flags and warning signs of ACH fraud

How banks and businesses detect ACH fraud

How to prevent ACH fraud (practical controls)

Who is liable, and how does ACH fraud recovery work?

Steps to take when ACH fraud is suspected

Integration of LSEG solutions

FAQs

What is ACH fraud?

What is account takeover fraud?

How does ACH fraud happen?

How common is ACH fraud?

What is the difference between ACH debit fraud and ACH credit fraud?

What are the warning signs of ACH fraud?

How do banks detect ACH fraud digitally?

What is ACH fraud detection?

What is ACH fraud prevention?

How can businesses help prevent ACH fraud?

How do you protect a business from ACH fraud?

What controls reduce ACH fraud risk before pulling funds?

What is an ACH fraud filter?

Who is liable for ACH fraud?

What is ACH fraud recovery and how does it work?

What should you do if you suspect unauthorised ACH activity?

Request details

Email your local sales team

Call your local sales team

Americas

Europe, Middle East, Africa

Asia Pacific (Sub-Regional)

Help & Support

Already a customer?

Office locations

Contact LSEG near you