ACH Fraud Trends to Keep an Eye On

ACH Fraud Trends

Created as a fantastic alternative to slower check processing and funds transfers in the 1970s, Automated Clearing House (ACH) transactions accounted for $1.2 Trillion in funds moved between bank accounts using same-day transfers in the first half of 2023 alone, according to a press release from ACH governing body, NACHA. With such a staggering amount moving through the system, a focus on security can help prevent fraudsters from taking advantage of identity theft or exploiting weaknesses to steal money. 

We’ve rounded up a few fraud trends for you to be aware of. While strategies like kiting go back to the days when checks were being written as the primary means of depositing funds with a payee, other strategies make use of wholly new areas such as social payment systems like Venmo, PayPal, CashApp, and Zelle. 

Imposter Scams

The Federal Trade Commission reports on imposter scams by subcategories. Imposters pose as individual friends or family, businesses, charities, and governmental organizations. In one type of payroll scam, the imposter will pose as an employee.

Rigorous payroll policies and procedures could help guard against this scam to divert funds from a payee’s account into one designated by an online scammer. In this scam, an imposter sends an email to a payroll department pretending to be an employee and requesting direct deposit through ACH. The imposter will include a routing and account number with their request for payroll to direct funds there immediately. 

Educated, experienced payroll professionals will require a signed ACH authorization before entering a new payee’s bank information into the system, defaulting to a paper check payment while waiting on the change if necessary. However, reaching out to the employee to confirm may provide the best check, which in the case of very large businesses, may not always be possible. 

Due diligence on the part of the payroll department is crucial in thoughtfully considering any employee pay changes and mitigating this risk.   


Relying on the lag time between banks to process a check or ACH transfer, kiting is a scheme that is mitigated by quicker processing and shorter lag time. Kiting is still a common offense, however. In this type of ACH fraud, someone will move money between insufficiently funded bank accounts, increasing the balance in the account but withdrawing the funds before the transfer can clear. 

ACH kite schemes can be as small scale as one person cashing insufficiently funded checks in a bank or retail outlet in a cycle or as large as an organized scheme to defraud many companies into making payments to an ACH account over a short period of time. A lag time between payers submitting a fraud claim or trying to call back the money will allow the defrauder to withdraw those funds while more stream in, making the account look legitimately funded. 


Phishing operations can work via email. A simple link may take the reader to a website which then infects their computer with malware that can be used to log keystrokes on the receiver’s computer. Now the individual’s private information, such as passwords to bank accounts, is available. Transfers can now be made using all the information mined this way.

Preventive Measures Against ACH Fraud

To protect against ACH fraud, remember to guard your bank account and routing information. Do not send out routing or account numbers via email. 

Consumers may consider setting up ACH blocks through their bank to specifically identify payees they will allow money to be credited to and manually review the transactions where payments are not regularly timed and are easy to anticipate. ACH blocks can even be set up to allow only transactions up to a certain amount without triggering an alert. 

Businesses can also set up fraud filters to approve transactions that are legitimate and reject anything else. 

Two-factor authentication is another helpful tool for businesses and individuals to utilize when accessing sites for important financial transactions, whether banks, payroll processing, or others. Instead of signing in with just a username and password, two-factor authentication will require a second code obtained via registered contact via phone or email. 

Learn More About ACH 

The Noggin Guru ACH Certification is a fantastic way to learn about ACH risk management and assessment, as well as fraud trends. A dedicated module on fraud trends reviews common types of attacks and best practices for mitigating risk. Learn about such fraud risks as corporate account takeover, kiting, man-in-the-middle, and how to provide great customer service to legitimate clients while thwarting criminals. 

You’ll build on a module covering fundamental knowledge around the entities who regulate, process/settle, and develop rules for payment collection systems, then learn about ACH originating and receiving basics, exception item handling, federal payments processing, and legal and compliance considerations too.

More Posts