Business

Inventory checklist of fraud controls

Man on phone in woodshop

All participants in the ACH network will be required to have fraud controls in place. If you’re unsure where to begin, take a look at the checklist below and document all the controls you have available.

Effective date: March 20, 2026

1. Authentication and access controls

  • User access management: Restrict access to ACH origination systems based on job roles and responsibilities.
  • Session Timeouts: Automatically log out users after periods of inactivity.
  • IP Address Whitelisting: Allow access only from approved IP addresses.

2. Fraud detection and monitoring systems

  • Transaction monitoring: Implement systems to monitor transactions in real time or near real time for anomalies.
  • Velocity controls: Set thresholds for the number or value of transactions allowed within a specified time frame.
  • Geolocation monitoring: Detect transactions originating from unusual or high-risk geographic locations.

3. Customer validation and account verification

  • Pre-notification entries (pre-notes): Send zero-dollar test transactions to verify account details before initiating live payments
  • Micro-deposits: Send small test deposits and require customers to confirm the amounts to verify account ownership

4. Data security and encryption

  • Data encryption: Encrypt sensitive data in transit and at rest, including account numbers and personal information.
  • Network segmentation: Isolate ACH systems from other parts of the network to reduce vulnerability to cyberattacks.

5. Fraud alerts and notifications

  • Threshold alerts: Automatically trigger alerts for transactions exceeding predefined thresholds.
  • Suspicious activity alerts: Notify administrators of unusual activity patterns or failed login attempts.
  • Customer alerts: Inform customers of initiated transactions and allow them to confirm or dispute them.

6. Training and awareness

  • Employee training: Train employees on fraud risks, red flags, and compliance requirements for ACH origination.

7. Incident response and reporting

  • Fraud incident response plan: Develop and maintain a documented plan for responding to suspected fraud incidents.
  • ODFI communication: Establish protocols for reporting fraudulent transactions to us promptly.
  • Customer notification: Notify impacted customers of suspected fraudulent activity and provide steps to mitigate risks.
  • Post-incident review: Conduct a root-cause analysis of fraud incidents and update controls to prevent recurrence.

8. Audit and testing

  • Regular audits: Perform periodic internal and external audits of fraud controls and ACH origination processes and adjust as necessary.

Leave a Reply

Your email address will not be published. Required fields are marked *

FINANCIAL WELLNESS

Learning Center

Go beyond banking with news and resources to learn how to make informed financial decisions.

Woman photographing art for business with male coworker overlooking
Business

A guide to accounts payable fraud

Asian man online seller confirming orders from customer on the phone. E-commerce male business owner looking at the phone in store warehouse.
Business

6 steps to protect your business’s financial data

Man in gray shirt packing shoe order
Security

Sell safe: How to secure your online store