How to Protect Your Business From ACH Fraud

Set up ACH fraud controls, monitor transactions, and establish recovery protocols to protect your business banking.

1. Enable ACH blocks and positive pay. Contact your bank to activate ACH blocks on all accounts that don't need ACH transactions. For accounts that do, set up ACH positive pay — you pre-authorize transactions and the bank rejects everything else. Most business banks charge $15-50 monthly for positive pay services.
2. Set transaction limits and approval workflows. Configure daily ACH limits at 110-120% of your largest legitimate transaction. Require dual approval for ACH transactions above $5,000 or your monthly average, whichever is lower. Set up email and text alerts for all ACH activity regardless of amount.
3. Monitor accounts daily with automated alerts. Check bank balances every morning before 10 AM. Configure real-time alerts for all debits, credits, and failed transactions. Most fraud gets caught within the first 24-48 hours when you're watching actively.
4. Establish a fraud response protocol. Create a written protocol: who calls the bank, what documentation to gather, and which transactions to dispute. Keep your bank's fraud hotline number saved in multiple phones. Under Regulation E, you have 60 days to report unauthorized ACH transactions for business accounts.
5. Segregate accounts by function. Use separate accounts for payroll, vendor payments, and operating expenses. Keep your main operating account balance at 2-3 days of expenses maximum. Transfer larger amounts daily from a protected savings account that has ACH blocks enabled.
6. Review and update access quarterly. Audit who has ACH authorization quarterly. Remove access for former employees within 24 hours of termination. Change online banking passwords every 90 days and use multi-factor authentication on all business bank accounts.