Ask the Accounting Community

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Original Message:
Sent: 5/12/2021 4:38:00 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Thanks Joseph--good point...we ended setting up both a push was well as the pull for nonrecurring charges.
~Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Original Message:
Sent: 05-13-2021 07:26 AM
From: Joseph Corio
Subject: risks of paying vendors via ACH

Why not just set it up where your company initiates the payments rather than allow someone else just take the money from your company's bank account when they want to.

 

Joseph D. Corio

Accounting Manager

Magnetic Analysis Corporation

103 Fairview Park Drive

Elmsford, NY 10523-1544

V 914-530-2000

F 914-703-3790

<maskemail>jcorio@...</maskemail>

www.mac-ndt.com

<maskemail>info@...</maskemail>

Join us on Facebook

Disclaimer: This email and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply email and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of, or reliance on, this email is strictly prohibited and may be unlawful.

 

Original Message:
Sent: 5/12/2021 4:38:00 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

There are several ways to mitigate this risk. 
1. Set up ACH on your end and pay them pro actively based on invoices, not passively by having them draw funds from your account. (There may be a couple more steps needed with your bank, but worth it and then you can do this with other vendors.)

------------------------------
Caterina Bartha
Director/Manager
New York NY
United States
------------------------------

Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Thanks Caterina--good points on the info to get from the vendor...very much appreciate it!
~Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Original Message:
Sent: 05-13-2021 08:22 AM
From: Caterina Bartha
Subject: risks of paying vendors via ACH

There are several ways to mitigate this risk.
1. Set up ACH on your end and pay them pro actively based on invoices, not passively by having them draw funds from your account. (There may be a couple more steps needed with your bank, but worth it and then you can do this with other vendors.)

2. Collect their w-9 and banking info and do not share yours.
3. Collect a voided check or letter from their bank to confirm banking info

4. Confirm this info verbally with their accounting department.

------------------------------
Caterina Bartha
Director/Manager
New York NY
United States

Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

I set up a new checking account to handle vendor ACH payments and limit the amount of funds in the account. Our main checking account has DEBIT block feature so no ACH payments can be processed. Same with customers making payments - they can pay us via ACH but are blocked if they decide (for whatever reason) to try and pull back funds. 

In the ACH account, I signed up for POSITIVE PAY and DEBIT block features with our bank.  The ACH Positive feature will flag each new vendor ACH and I need to approve the first time payment or the payment will be rejected. I receive text and email messages when a new ACH is posted to our account. Software also allows me to sent dollar limit for each vendor. 

We use Positive Pay features with our operating account: each check run must be loaded into the bank software. If a check is presented that does not match a check number issued it is rejected by the bank. We receive an email warning first before the check is returned. We implemented this feature when a fraudster appeared at a local bank with "fake checks" that looked almost exactly like our company issued checks including the 2 signatures on the check.

Hope this helps,
Denise

------------------------------
Denise Baker
Vice President- Finance
FIL-TEC Inc
Maryland, USA

------------------------------

Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Denise -
Excellent point...didn't know about the block that I can request from our bank.
Also, appreciate the lessons learned from the "fake checks" experience.
All the best,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Original Message:
Sent: 05-13-2021 09:09 AM
From: Denise Baker
Subject: risks of paying vendors via ACH

I set up a new checking account to handle vendor ACH payments and limit the amount of funds in the account. Our main checking account has DEBIT block feature so no ACH payments can be processed. Same with customers making payments - they can pay us via ACH but are blocked if they decide (for whatever reason) to try and pull back funds.

In the ACH account, I signed up for POSITIVE PAY and DEBIT block features with our bank.  The ACH Positive feature will flag each new vendor ACH and I need to approve the first time payment or the payment will be rejected. I receive text and email messages when a new ACH is posted to our account. Software also allows me to sent dollar limit for each vendor.

We use Positive Pay features with our operating account: each check run must be loaded into the bank software. If a check is presented that does not match a check number issued it is rejected by the bank. We receive an email warning first before the check is returned. We implemented this feature when a fraudster appeared at a local bank with "fake checks" that looked almost exactly like our company issued checks including the 2 signatures on the check.

Hope this helps,
Denise

------------------------------
Denise Baker
Vice President- Finance
FIL-TEC Inc
Maryland, USA


Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Hi Mark,

Below are the recommendations 

1. Include the banking details as the part of the Contract/ Agreement.
2. You can establish an independent banking verification process wherein the vendor setup group will send out an email to the verified vendor email I'd and seek confirmation before payout.
3. As most of the communications are done via email - verification of email I'd is key.  You can use domain verifier to check the creation / modification of the domain.  This will mitigate phishing to a large extent.
4. Additional you can seek cancelled check or bank authorisation letter.

hope this helps.

------------------------------
Sriram Sivaramakrishnamurthy CMA
Director/Manager
Hyderabad
India
------------------------------

Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Thanks Sriram--those are very helpful recommendations...very much appreciate them!
Best,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------

Original Message:
Sent: 05-16-2021 02:40 AM
From: Sriram Sivaramakrishnamurthy
Subject: risks of paying vendors via ACH

Hi Mark,

Below are the recommendations

1. Include the banking details as the part of the Contract/ Agreement.
2. You can establish an independent banking verification process wherein the vendor setup group will send out an email to the verified vendor email I'd and seek confirmation before payout.
3. As most of the communications are done via email - verification of email I'd is key.  You can use domain verifier to check the creation / modification of the domain.  This will mitigate phishing to a large extent.
4. Additional you can seek cancelled check or bank authorisation letter.

hope this helps.

------------------------------
Sriram Sivaramakrishnamurthy CMA
Director/Manager
Hyderabad
India

Original Message:
Sent: 05-12-2021 04:38 PM
From: Mark Haerr
Subject: risks of paying vendors via ACH

Hello -
I'm helping a mid-sized non-profit that has engaged an IT firm to provide monthly technology services (e.g., hosting, computer support for employees, etc.).  The firm wants to be paid via ACH.  Before giving them the bank routing and account number, best I do due diligence--what are the risks of ACH payments?  e.g., higher probabilities of breaches, who is liable, etc.  Does anybody have any experiences & lessons learned regarding ACH vendor payments going awry?  Any recommendations before giving them access to the bank account?
Regards,
Mark

------------------------------
Mark Haerr CMA, CFM
Unemployed
Plano TX
United States
------------------------------