Here is something that is incredibly common among many B2B transactions: a PDF that instructs your payee to send money to a routing and account number that you own. While this may seem innocuous in practice, this can actually set you up as a target for fraud. Here's why.

The only thing a malicious actor needs to pull money out of your bank account is, you guessed it, your routing and account number. Not only that, but since the limit for an ACH transaction is $1,000,000. It is possible for a bad actor to move out a LOT of money from the bank account details that you're sending out.

Although these transactions are reversible, imagine the headache that can occur because it can take up to a week to reverse the ACH transaction. What if payroll is due?

The Rise of Financial Fraud

In recent years, we've seen a notable increase in the sophistication and frequency of financial fraud. The FBI's report underscores not just the financial toll but also the growing complexity of scams. Here's how they could potentially cause harm:

Creating Counterfeit Checks: Using your stolen information, they can create counterfeit checks that resemble legitimate ones. They may attempt to cash these fake checks at banks, stores, or other businesses, hoping they go unnoticed.

Unauthorized ACH Transfers: With your routing and account number, a thief could attempt to initiate unauthorized ACH transfers from your bank account to their own. This is especially risky if they have additional information like your name and address, which can be used for social engineering to bypass verification steps.

Fraudulent Bill Payments: Malicious actors might use your bank details to set up recurring payments to fraudulent entities, siphoning money out of your account over time.

Filing fraudulent tax returns: In some cases, stolen bank account information can be used to file fake tax returns and claim tax refunds that are deposited into the thief's account.

Part of a larger identity theft scheme: Stolen bank information might be combined with other personal details like your Social Security number to build a complete identity profile that can be used for various fraudulent activities

How to protect your business

• Be mindful of sharing personal information: Don't share your bank account details online or over the phone unless you're absolutely certain of the recipient's legitimacy.
• Monitor your bank statements regularly: Regularly review your bank statements for any unauthorized transactions and report them immediately to your bank.
• Choose reputable financial institutions: Select banks and platforms with robust security measures and a proven track record of protecting customer information.
• Use multiple bank accounts: Use separate bank accounts for your account receivables. This way, the impact if you do get attacked is minimal.
• Block ACH Debits: Some banks allow you to block ACH debits unless from accounts you authorize, using this can drastically reduce the likelihood of fraud, however can result in unexpected ACH returns if you try paying out of that bank account.