From Checks to ACH: A Proactive Approach to Preventing Fraud

Imagine this: You issue a check to a local vendor for $4,850. Somewhere along the way, the check is intercepted, altered, and deposited—for $14,850.

Scams like this that affect commercial organizations are increasingly common, along with cybersecurity threats you already may be aware of, such as phishing and ransomware attacks.

In recent years, fraud losses across the United States have climbed to historic levels. According to Business Wire, nine out of 10 companies¹ reported experiencing fraud in 2024 alone. And the Federal Trade Commission estimates those losses totaled roughly $12.5 billion²—a 22% increase over the previous year.

The FBI reports check fraud, in particular, is on the rise³, with criminals physically or digitally altering checks left in residential mailboxes or USPS collection boxes. This uptick is in addition to ongoing scams related to electronic payment (known as ACH payments) crimes, where fraudsters gain access to financial information and initiate unauthorized ACH withdrawals.

Take a moment before you take action

When it comes to defending your organization from threats like these, you don’t have to go it alone. For more than 100 years, we’ve looked out for the needs of the organizations we partner with, and today that means helping protect them against cybercriminals and account fraud.

One of the biggest preventive measures you can use against cyberattacks is encouraging employees to take a moment to think before they act. Cybercriminals use “social engineering” to create a sense of urgency and manipulate people into giving up sensitive information.

Attackers use trust, fear, and even curiosity to get victims to click malicious links or attachments that can give them access to sensitive data or entire internal systems. According to the U.S. Department of the Treasury, banks and other financial institutions tracked losses of $2.1 billion in ransomware incidents between 2022 and 2024.³

Small details that signal big risks
 

To stay vigilant against malicious emails, check the sender’s email address by hovering over it without clicking links—this can reveal misspellings or unfamiliar addresses.

Cybercriminals may also use vishing, where they call pretending to be IT staff or financial representatives, or smishing, which uses fake texts from banks or agencies. Clicking links or replying to these texts is risky.

Encourage your team to pause and verify urgent requests via official websites, apps, or contact numbers, as advised by Fraud Watch Network.⁴

Preventing fraud before it impacts your organization

While attackers stay up to date on the latest ways to scam unsuspecting victims, we stay one step ahead and leverage the latest technology to give the institutions who rely on us an advantage when it comes to preventing fraud.

Our Positive Pay product suite provides an advanced layer of security for commercial organizations of all sizes, allowing them to identify and stop unauthorized transactions, before they impact your bottom line.

 
Check Positive Pay

For organizations that mainly issue checks, Check Positive Pay offers protection against counterfeit checks, altered checks, and duplicate payments. The automated-matching feature compares checks presented for payment against a preauthorized list of criteria determined by each institution, such as the check number, date, amount, and account. If a detail doesn’t match, the check in question is flagged and the owner, director, or bookkeeper decides whether to pay or return it.

ACH Positive Pay

The ACH Positive Pay feature offers greater visibility and control over incoming electronic transactions, allowing commercial organizations to establish rules, and create originator lists, blocks, and even dollar thresholds. Then, any ACH debit that falls outside of these parameters is flagged for review, so suspicious electronic withdrawals are stopped before they post. This can be especially helpful for institutions that manage recurring vendor payments, payroll processing, or grant disbursements.

You can also opt to combine both our Check Positive Pay and ACH Positive Pay for more comprehensive protection, with our Fraud Prevention Bundle. This layered approach addresses both traditional paper-based fraud and electronic scams, for a holistic defense strategy.

Helping you stay secure today and prepared for tomorrow

Unfortunately, payment fraud isn’t just about financial inconveniences. It can also disrupt operations, strain vendor relationships, and lead to unexpected liquidity challenges. One unauthorized ACH debit or altered check can lead to cash flow disruption, wasted time resolving disputes, and even reputational harm.

Implementing Positive Pay is one way you can shift from a reactive approach to payment scams, to a preventative one. And for nonprofits and purpose-driven institutions, that stability helps you deliver on your mission.

At Amalgamated Bank, we believe prevention starts with awareness and access to the right tools. Together, we can take proactive steps to safeguard your accounts and support the long-term success of your organization.

Learn more about how Positive Pay can help protect your organization from fraud or fill out the form on the Fraud Prevention page to connect with a team member.

Sources:
¹ BusinessWire: Ninety Percent of U.S. Companies Experienced Cyber Fraud in 2024, According to New Trustpair Research
² Federal Trade Commission: New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024
³ Financial Crimes Enforcement Network: FinCEN Issues Financial Trend Analysis on Ransomware
⁴ Fraud Watch Network: How to spot and stop scams: New approach from fraud expert in Oklahoma