A few months ago Guardian Analytics did a study working in conjunction with the Ponemon Institute, and found that small and medium sized businesses (SMBs) are growing more upset with the account takeovers from ACH fraud (Automated Clearing House), and the subsequent loss of funds.

Image

The study stated that about 40% of the businesses are moving their banking to other institutions, likely based on the the prevalence of these attacks, and their trust in a bank’s fraud prevention processes is waning. Not only do 73% of these fraud attacks end with the money getting transferred, but in 61% of attacks, the funds are lost. Whether the banks absorb some of that cost or not, it’s still a heavy hit.

Because most businesses hold the bank responsible for the security of their account, the reputation of the financial institution is at stake when attacks like these happen. So, what can both businesses and banks do in order to keep themselves safe?

An article from CSO Online states that one of the best things that businesses can do is monitor their accounts. Early detection can keep a business’s loss from hitting that 6, 7, 8 figure mark. Also, as these attacks are often able to get account credentials by utilizing phishing schemes, it’s best that policies are set in place at a business to educate employees and hopefully circumvent someone opening a malicious email.

Many of the standards that comprise a PCI compliant institution can potentially help with these attacks as well. As outlined within our white paper regarding PCI compliance, things like having and appropriately updating antivirus software or tracking and monitoring all access to network resources and cardholder data are required to be compliant, but they can also help stop an attack, or mediate quickly and effectively if an attack has taken place.