Skip to content

Business Guidance

Strategies to Prevent ACH and Check Fraud

By Matt Haas | Johnson Financial Group

4 minute read time

All businesses are vulnerable to fraud, especially when cash is in motion. Business owners can't always monitor their accounts daily, let alone multiple times a day. Most need to strengthen their business's defenses—which is easier said than done when you’re focused on other aspects of your enterprise.

For most businesses, the place to start is preventing automated clearing house (ACH) and check fraud. At the risk of seeming overwhelming, here are some common threats to be aware of:

  • Common Types of ACH and Check Fraud
  • ACH Fraud Prevention Strategies
  • Check Fraud Prevention Strategies


MicrosoftTeams-image (57).png

Common Types of ACH and Check Fraud

ACH Fraud

    • Unauthorized Direct Debits: Fraudulent entities setting up unauthorized ACH withdrawals from a business account.
    • Account Takeover: Hackers gaining unauthorized access to a business’s online banking credentials and initiating fraudulent ACH transactions.
    • ACH Reversal Fraud: Fraudulently requesting a reversal of an ACH payment after goods or services have been received.
    • Fraudulent Payroll Transactions: Setting up fake employee accounts or diverting payroll funds through ACH manipulation.
    • Vendor Impersonation: Fraudsters posing as legitimate vendors requesting payment via ACH to fraudulent accounts.
    • Business Email Compromise (BEC): Using compromised email accounts to request fraudulent ACH payments.


Check Fraud

    • Check Forgery: Unauthorized individuals endorsing and cashing or depositing a check.
    • Stolen Checks: Theft of physical checks to be altered or cashed fraudulently.
    • Counterfeit Checks: Creating fake checks using a business’s account and routing information.
    • Check Washing: Erasing information on a check and rewriting it to divert funds.
    • Altered Check Amounts: Modifying the written amount on a check for a larger sum.
    • Duplicate Check Fraud: Using mobile deposit for a check, then depositing or cashing the same check at a bank. 




For both categories, there are both external and internal threats. External bad actors run the gamut from mail thieves to sophisticated cyber attackers. One office manager I know fell victim to a phishing scam and, unfortunately, wired $15,000 in response to what she thought was a legitimate request. The funds were lost. Far worse, though, is the case of an internal bad actor I’m personally aware of … an office manager who padded her own paychecks with overtime pay for years. Against both internal and external threats, you need robust preventative measures.

Here's a brief overview of best practices for preventing ACH and check fraud, from both internal and external threats.

ACH Fraud Prevention Strategies

Internal ACH Fraud Prevention (e.g., Dishonest Employees)

    • Transaction Limits: Implement software that automatically flags transactions above a preset limit.
    • User Permissions: Use digital banking platforms to allow custom role-based access and dual authorization controls.
    • Audit Trails: Adopt accounting software with comprehensive logging of all transaction activities for later review.
    • Vigilant Monitoring: Use financial monitoring services to provide real-time alerts on account activities.
    • Information Security: Regularly train employees on data privacy and secure document handling.
    • Secure Communication: Use end-to-end encrypted communication channels for financial discussions.

External ACH Fraud Prevention (e.g., Mail Theft, Hacking)

    • Cybersecurity: Implement network security measures like VPNs, next-generation firewalls, and intrusion detection systems.
    • Multi-Factor Authentication: Require biometric verification or physical tokens in addition to passwords.
    • Monitoring Alerts: Set up online or mobile banking alerts to notify you of unusual transactions or triggers.






Check Fraud Prevention Strategies

Internal Check Fraud Prevention (e.g., Dishonest Employees)

    • Secure Check Stock: Utilize checks with watermarking, microprinting, and other anti-forgery features.
    • Check Control: Store checks in a locked and monitored location, with access logged.
    • Dual Authorization: Establish a policy where checks of significant value require electronic or physical co-signing.
    • Employee Screening: Conduct background checks and reference verification for new hires in financial roles.
    • Ethical Culture: Implement an anonymous reporting system for unethical activities.
    • Regular Audits: Schedule both surprise and regular audits, using external auditors periodically.


External Check Fraud Prevention (e.g., Mail Theft, Hacking)

    • Mail Security: Use trackable, secure mailing services for sending checks.
    • Electronic Alternatives: Migrate to electronic payment systems like direct deposits or online bill pay.
    • Check Tampering Prevention: Invest in checks with special ink and other features that show signs of tampering.
    • Vigilant Monitoring: Use financial monitoring services to provide real-time alerts on account activities.
    • Information Security: Regularly train employees on data privacy and secure document handling.
    • Secure Communication: Use end-to-end encrypted communication channels for financial discussions.

Stay vigilant about email fraud

Business email compromise (BEC), including impersonation, is a primary means for external perpetrators to direct fraudulent ACH activity. Your email provider may offer built-in protections against impersonation, such as banners that appear when you receive messages from people you don’t regularly hear from (even if they look like ones you do). Talk to your IT professionals, as there may be defenses available at no extra charge that you just need to turn on.

Most importantly, train your staff to be on the lookout for fraudulent emails. Ensure individuals are aware of the importance of asking questions and not assuming that anything unusual, such as an urgent request from you to change payment instructions, is acceptable. Emphasize the need for caution and thorough verification before proceeding with any requests that may deviate from the norm. Consider creating formal company policies such as verbal confirmations for all financial requests by email.

Next steps to consider

It may not be feasible to tackle all of these strategies right away, but prioritizing these steps is crucial to safeguarding your business and finances against fraud. Contact us today to learn more about how we can assist you with advice and solutions to protect your business.

Loans are subject to credit and property approval, bank underwriting guidelines, and may not be available in all states. Other loan programs and pricing may be available. Certain conditions, terms, and restrictions may apply based on the loan program selected. The term of the loan may vary based upon program chosen. Property insurance is required; if the collateral is determined to be in an area having special flood hazards, flood insurance will be required.