Fraud attempts are on the rise.
ACH fraud in 2025 has been characterized by high attack rates, sophisticated social engineering and tech-enabled schemes. 79% of organizations experienced attempted or actual payments fraud in 2024 and this trend persisted into 2025. ACH-related fraud is a large contributor to these numbers; ACH debit fraud affected 38% of organizations, while ACH credit fraud impacted 20% in 2024, showing continued vulnerability in 2025.
If you have any questions or would like additional information on fraud prevention, please call us at 833-774-6897.
Know the common types of business fraud
Business email compromise (BEC)
Still the top attack method, now increasingly targeting ACH credits. Fraudsters impersonate vendors or executives to redirect payments. Emails often look legitimate and attackers use urgency or authority to bypass normal verification.
Account takeover
Driven by phishing, malware, credential stuffing and enabling unauthorized ACH transfers. Once criminals gain access, they initiate ACH transactions that appear authorized. Fraudsters will often combine account takeover attempts with social engineering techniques by calling victims and posing as a representative from their bank and then requesting the employee provide their password or one-time passcode.
Social engineering & authorized push payment scams
Attackers manipulate victims into willingly sending money via ACH, often by posing as a supplier, internal department or bank representative.
Ransomware & payroll diversion
Criminals compromise systems to alter ACH payroll files or lock operations.
Deepfake-enabled scams
Criminals use AI-generated voice or video to impersonate executives during calls or video meetings, authorizing fraudulent ACH transfers. This threat continues to emerge as deepfake technology becomes more accessible and convincing.
Synthetic identity fraud
Expected to grow significantly, leveraging AI and stolen data to create fake identities using real and fabricated data to open accounts and initiate ACH transactions.
Fraud-as-a-service
Organized crime groups offering scalable ACH fraud kits and infrastructure to other fraudsters, presenting increased sophistication and additional fraud pressure.
How to prevent ACH fraud
To better protect against falling victim to some of the more common fraud schemes, the following recommendations and best practices should be considered:
Implement risk-based monitoring
Nacha’s 2026 rules require businesses to adopt risk-based processes to identify suspicious ACH entries. Review and update these processes annually to keep pace with evolving fraud tactics.
Strengthen authentication & access controls
Enforce multi-factor authentication (MFA) for ACH initiation and approval. Apply least privilege access and regularly audit user permissions. Use secure portals for ACH file uploads and approvals.
Validate account information
Use account verification tools (e.g., micro-deposits, API-based validation) before processing new payees. Confirm changes to vendor or payroll accounts via out-of-band verification (a phone call to a known contact).
Monitor transactions in real time
Watch for velocity spikes, large-dollar transfers to new accounts and geographic anomalies. Set threshold alerts for high-risk transactions.
Create an action plan to respond to any suspicious activity. Establish rapid contact protocols with your bank for ACH returns and reversals.
Employee training & awareness
Conduct quarterly training on phishing, BEC (business email compromise) and social engineering. Simulate fraud scenarios (e.g., payroll diversion) to test readiness. Educate staff on emerging threats like deepfake-enabled scams. Train staff to be vigilant of inbound phone calls—if there is ever a question or concern, hang up and call the bank directly using a trusted number.
Use ANB fraud prevention tools
Leverage services like ACH Positive Pay and ACH blocks. Enable dual approval workflows for ACH origination.
American National Bank is committed to helping our customers minimize the impact of fraud on the success of their business. If you would like to learn more about fraud prevention best practices or available services we offer, please don’t hesitate to reach out to us.