Safeguarding Your ACH and Wire Transactions While Enjoying the Benefits

It’s easy to capture card-not-present transactions in inconvenient, insecure, and more costly ways – but it’s important to securely request, collect, and process all payment types to protect your business, revenue, and clients’ personal information.  

Push payments, such as ACH transaction and wire transfers, have long been used by hotels for events and catering sales. These payments have lower processing fees, are less likely to contain errors, and are generally a secure way for clients to pay.   

While there are many advantages, we still find most hotels providing an unsecure “bank letter” or other document containing their ACH and wire transfer instructions to payers. These documents are usually treated with almost no care for security at rest or in-flight and often fall into the hands of fraudsters.  

PCI regulations have led us to encrypt data in storage and in-flight, yet many hotels are still sharing their banking information upon request and storing those documents insecurely. In just the recent weeks, I have been in several meetings with customers and heard several who had their ACH/wire transfer instructions compromised either in-flight or on a company desktop or server. 

In either case the story is the same: the fraudster simply edits the document, replacing the hotel’s account and routing numbers with their own. Payers have no way to validate the information other than the document they received from the establishment, in turn unwittingly sending money to the false party. For one establishment, this meant $500,000 in a single transaction. 

Normally, we wouldn't even consider sending payment information in an email, saving it in a Word document, or even a PDF, so the treatment of ACH and wire information should be no different. It's clear that fraudsters have discovered how valuable your ACH information is to them, and it’s time we take control and implement a new way of doing things. 

With a payment solution like Sertifi, you no longer need to share highly sensitive payment information using avenues where it can fall into the wrong hands. You simply send an ACH payment request to the payer, and they input their information directly into an encrypted online form. Bank accounts and routing numbers are validated before processing, and you are no longer opening the door for the bad guys. You can even charge event overages and refund directly without having to cut checks or ask for a new payment.