ACH fraud: Why criminals love this con

Deb Geister of LexisNexis explains why ACH fraud is growing and how you can prevent and detect this scheme

By , Senior Editor

August 16, 2010CSO

Fraud involving the Automated Clearing House (ACH—hence the term ACH fraud) Network, which is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals, is becoming an increasingly popular way for hackers to siphon money out of the bank accounts of unsuspecting victims.

Fraudsters only need two pieces of information to pull off ACH fraud; a checking account number and a bank routing number. They typically obtain the information with a targeted phishing email that tricks the victim into running malicious software which then allows criminals to install keylogging software and steal bank account passwords.

How pervasive is this crime? According to a report late last year from the FBI, there has been approximately $100 million in attempted losses due to ACH fraud as of October 2009. The FBI reports it is seeing several new victim complaints and cases opened every week.

What is involved in ACH fraud? How is this crime perpetrated and how can businesses and individuals protect their information? CSO spoke with Deb Geister, director of fraud prevention and compliance solutions at LexisNexis, for more information about this growing problem.


[Also see ACH fraud: Cyber attackers empty business accounts in minutes]



CSO: What exactly is ACH fraud and how does ACH fraud happen?
Deb Geister: ACH, of course, stands for Automated Clearing House network. An ACH transaction is an electronic funds transfer between bank accounts using a batch processing system. Simply defined, ACH fraud is any unauthorized funds transfer that occurs in a bank account. ACH fraud, unfortunately, is very easy to execute. All the fraudster needs is an account number and a bank routing number to execute the fraud. In the simplest form, the fraudster uses your bank account and routing numbers to initiate payments for purchases or to pay debt by giving these numbers to the desired vendor.

This type of fraud can occur over the phone or through web transactions. More complex ACH fraud, perpetrated by rings, begins with a computer Trojan that fraudsters seek to place on a computer, usually through some type of "phishing" attack launched through email or through an infected website. Once the Trojan is in place, the fraudsters then log keystrokes, looking for logins for bank accounts. They use this information to create their own login and transfer funds out of the accounts or apply payments through the accounts. Many larger schemes use "mules," which are hired accomplices, usually through work-at-home schemes to either knowingly or unknowingly move funds on their behalf, to move the funds to their overseas accounts.

RESOURCE CENTER