When payment fraud hits businesses’ checking or savings accounts, it can be challenging to determine the next steps. How do you mitigate the risks and losses including operations, legal, and monetary? Like many business owners, you may presume you have the same business bank account protections against liability as consumers do, but this is just not the case.

Electronic payments include automated clearinghouse (“ACH”) transactions, wire transfers, and debit card transactions. If you are a business account holder, you have much less time than consumers to report cases of fraud. You also have more liability and less protection as compared to consumer account holders. For example, personal account holders have upwards of 60 days to report any case of electronic payment fraud to their financial institution; businesses have only 24 hours to report fraudulent electronic payment fraud, including unauthorized ACH transfer.

Are banks just tougher with businesses and business bank account protection? No, personal and business bank account protection are governed by different rules and restrictions. Consumer electronic transactions are governed under Federal Reserve Regulation E (12 C.F.R. Part 205) and National ACH Association (“NACHA”) rules. According to Regulation E, the consumer is not liable for an unauthorized ACH (debit) transfer transaction in their business bank account unless the consumer fails to dispute it within 60 days of the bank sending the statement showing the unauthorized transaction.

Under the NACHA rules, if a consumer disputes an ACH transfer transaction within 60 days of the settlement date, the bank (as the receiving depository financial institution) must recredit the consumer and may return the transaction to the originating depository institution. Even though Regulation E and NACHA rules start the clock at different times (the date the statement is sent versus the settlement date), both indicate that the consumer will not be liable for an unauthorized transaction if that consumer disputes the transaction within a reasonable timeframe. This ensures the consumer is reimbursed for lost funds due to fraudulent activity or unauthorized ACH transfers.

Identify and Dispute Unauthorized ACH Transactions Immediately 

Business clients do not have the protections of Regulation E. Federal protection for businesses that experience ACH fraud falls under the Uniform Commercial Code (“UCC”). The burden is on the business to notify the financial institution immediately if there is a disputed transaction. Within 24 hours, all the liability for fraudulent transactions shifts from the financial institution to the business. As a result, for ACH fraud protection First Business Bank recommends you reconcile your accounts and review online activity daily to catch fraud quickly and reduce your risk of losing money and time to remediate the fraud.

Checks are the Most Common Fraud Target 

The 2020 AFP Payments Fraud and Control Survey found that checks are the payment type most often targeted by fraudsters. Among the surveyed firms, 74 percent of organizations experienced check fraud in 2019 — up from 70 percent in 2018. Additionally, 33 percent of businesses experienced unauthorized ACH (debit) transfer transactions in their business account.

What to Look For in Your Banking Partner

Many financial institutions, including First Business Bank, have Commercial Client Standards of Care language within the terms and conditions of their Deposit Account Agreements. Commercial Client Standards of Care generally state that the bank offers products and services and security procedures that serve as precautions that the business must take to decrease the risk of unauthorized transactions and are designed to detect and/or deter fraud. These services may include ACH Debit Block, Positive Pay, Payee Positive Pay, and ACH Positive Pay. The terms and conditions also note that,  should a commercial client fail to take reasonable precautions to mitigate the risk of fraud, they hold the bank harmless and assume all liability resulting from any losses or damages that could otherwise have been prevented by such security procedures or precautions, including, without limitation, losses or damages resulting from any unauthorized, altered, counterfeit, or fraudulent check or unauthorized ACH transfer.

How to take a proactive role in dealing with fraud risks, including unauthorized ACH transactions:

  • Learn about your bank’s business bank account protection and fraud mitigation services and consider enrolling in them.
  • Review and understand the provisions of your Deposit Account Agreement.
  • Contact your bank immediately if you suspect business bank account fraud.
  • Enroll in online banking and monitor your accounts daily for unusual transactions or unauthorized ACH transfers.
  • Set up fraud alerts to notify you immediately via email or text message.
  • Review your liability insurance policy and consider adding coverage for loss due to account fraud.
  • Check out our fraud protection checklist for other best practices to mitigate payments fraud.

For more about business bank account protection and preventing payment fraud in your business, view or listen to our Managing Payment Fraud Risk episode of the First Business Bank Podcast.