Mary Schaeffer
Mary Schaeffer

Fraud Alert: Corporate Account Takeovers

How they can lead to falsified and often unrecoverable transactions and five tips in curbing them.

September 8, 2011
by Mary Schaeffer

It sounds like something out of the latest espionage novel and yet it is something that every organization needs to be concerned about. I’m talking about account takeovers. Automatic clearing house (ACH) fraud is a topic we are passionate about as the damage can be done in a relatively short period of time. Organizations have 24 hours to identify fraudulent transactions and report them to their financial institution. Wait any longer and not only are your funds gone, but your bank cannot be held responsible! Needless to say, you are not alone in your concern. Even the FBI has issued an alert and NACHA, the electronic payments organization, issued an ACH Operations Bulletin to its members titled Corporate Account Takeovers Can Lead to Fraudulent Transactions. Its members are mainly financial institutions. The report contained much useful information and offered specific advice for banks to give their customers.

Specifically it said:

Financial institutions should inform their business customers about prevention, detection and reporting measures. The top issues a business can do include:

  1. Initiate ACH and wire transfer payments under dual control. For example:
  • One person authorizes the creation of the payment file;
  • A second person authorizes the release of the file;
  1. Ensure that all anti-virus and security software and mechanisms for all computer workstations and laptops that are used for online banking and payments are robust and up-to-date;
  2. Restrict functions for computer workstations and laptops that are used for online banking and payments:
  • For example, a workstation used for online banking should not be used for general Web browsing and social networking;
  • A better solution is to conduct online banking and payments activity from a dedicated computer that is not used for other online activity, and/or is not connected to an internal network;
  1. Monitor and reconcile accounts daily. Many small business clients do not reconcile their bank accounts on a daily basis, and therefore may not recognize fraudulent activity until it is too late to take action.
  2. Utilize routine and “red-flag” reporting (i.e., alerts about unusual activity) for transactional activity.


The financial community takes this issue very seriously. It is working to develop products. At this point a number of banks have offerings and it is highly recommended that you talk to your bank about their fraud deterrent products. Pay close attention to their description of what their products do. As this market evolves, not all the products are the same, so don’t assume the product being offered by Bank A offers the same protection as a similar sounding one offered by Bank B. Read the descriptions closely to ensure you are getting the protection you want.

Many companies don’t take this issue seriously until they have been victimized. Don’t be part of that group. Seriously consider reconciling bank accounts on a daily basis. Remember, you only have 24 hours to identify and report a fraudulent transaction. And while that time frame takes legal holidays into account, it does not take into account other times when your office is not fully staffed, like the day after Thanksgiving.

Rate this article 5 (excellent) to 1 (poor). Send your responses here.

Mary S. Schaeffer is the author of over a dozen business books including Controller & CFO’s Guide to Accounts Payable and Fraud in Accounts Payable: How to Prevent It. She writes a free weekly ezine, e-AP News and is a frequent speaker at accounts payable webinars, seminars and conferences and directs the organization’s consulting practice.