ACH Fraud Statistics and Trends in 2024

Attention finance leaders: The 2024 AFP Payments Fraud and Control Survey Report is out, and it’s packed with eye-opening fraud statistics and trends. Spoiler alert: cybercriminals aren’t slowing down, and they’re getting craftier by the minute. Let’s dive into what this means for you and your organisation’s financial security.

Author’s Top Picks

  • A staggering 80% of organisations fell victim to fraud attempts or actual fraud.
  • We've seen our biggest fraud spike in 5 years.
  • ACH credits are the new prime target.
  • The most common BEC tactic involves spoofed emails.
  • Nearly two-thirds of surveyed organisations dealt with attempted or actual check fraud.

2024 AFP Payments Fraud and Control Survey Report: 17 key findings

1. A staggering 80% of organisations fell victim to fraud attempts or actual fraud.

That’s up from 65% the year before.

2. We've seen our biggest fraud spike in 5 years.

We’re almost back to the 2018 peak when 82% of organisations were hit.

3. Where there's smoke, there's fire.

About 1 in 4 (26%) of financial professionals saw an uptick in fraud activity last year.

4. ACH credits are the new prime target.

47% of respondents said they’re the most exploited payment method in BEC attacks, up 13 percentage points from 2022.

5. Wire transfers are still a prime target, but they've taken a backseat.

39% of respondents report wire transfers as the top target, down six percentage points from 2022.

6. Checks and ACH debits remain the top payment methods for fraud in 2023.

Checks and ACH debit fraud affected 65% and 33% of organisations, respectively.

7. Corporate / commercial credit card fraud saw a notable decrease.

Corporate/commercial credit card fraud dropped from 36% in 2022 to 20% in 2023.

8. On the ACH debit front: fewer scammers are using them in email scams.

We saw a 6% drop in ACH debit email scams compared to last year.

9. Overall, fraud via ACH debits is up slightly.

ACH debit fraud rose from 30% to 33% between 2022 and 2023.

10. ACH credit fraud took a nosedive.

ACH credit fraud dropped from 30% in 2022 to just 19% in 2023.

Business email compromise (BEC): a persistent threat

11. Despite a slight decrease from 2022, BEC continues to pose a significant risk.

63% of organisations experienced BEC attacks in 2023.

12. The most common BEC tactic involves spoofed emails.

77% of attacks use spoofed emails to deceive recipients into believing they are interacting with a trusted source.

Does size matter when it comes to fraud?

13. If you're a big player with annual revenues over $1 billion, be wary.

83% of these organisations in this segment faced attempted or actual payments fraud in 2023.

14. For the same segment above ACH credits came in second...

Half of the companies surveyed saw attempts on ACH credits.

15. ...Wire transfer fraud takes third place...

Wire transfers were targeted in 30% of cases.

16. ...and ACH debits weren't far behind.

23% of these companies faced fraud attempts.

The persistent vulnerability of paper checks

17. Nearly two-thirds of surveyed organisations dealt with attempted or actual check fraud.

That’s more than any other payment method in 2023.


The 2024 AFP Payments Fraud and Control Survey Report makes one thing clear: financial crime is always evolving. While some old-school fraud methods are declining, new vulnerabilities are popping up, especially in electronic payment systems. To stay safe, organisations need to stay on their toes, keep security measures up to date, train employees, and adapt their fraud prevention strategies.

As fraudsters get smarter, so do our defences. Many organisations are turning to cutting-edge tech like AI and machine learning to spot weird transaction patterns. Multi-factor authentication is becoming the norm, especially for big-ticket transactions. There’s also a growing trend towards real-time payment monitoring and fraud detection systems that can flag suspicious activities on the spot.

The fintech industry is stepping up with innovative solutions. They’re exploring blockchain for its potential to create tamper-proof transaction records. Biometric authentication methods, like fingerprint and facial recognition, are being built into payment systems. And tokenisation is gaining traction as a way to keep sensitive financial data safe during transactions.
In the B2B world, specialised fraud prevention platforms are emerging as powerful tools. For example, Eftsure offers real-time verification for vendor and supplier payments. These platforms add an extra layer of security to existing financial systems, helping organisations defend against sophisticated fraud attempts, including business email compromise (BEC) attacks and other social engineering tactics.

Governments and financial regulators are stepping up their game too. They’re introducing new rules to make financial institutions and payment service providers beef up their security. There’s also more focus on international teamwork to tackle cross-border fraud. Regulators are pushing for better reporting systems to track and respond to new fraud trends.

Here are some examples of how different countries are tackling fraud:

In the US, the Federal Reserve’s FedNow Service includes fraud detection for real-time payments.
Australia’s New Payments Platform (NPP) has built-in fraud prevention for real-time payments.
The EU’s Revised Payment Services Directive (PSD2) requires strong customer authentication for electronic payments.
In the UK, the Financial Conduct Authority (FCA) is pushing banks to step up their fraud prevention game.

With ACH fraud on the rise, organisations are tightening controls. Best practices for preventing ACH fraud include:

  • Use dual control for ACH initiation
  • Set up transaction limits
  • Use ACH positive pay services
  • Regularly reconcile accounts

With BEC still a major threat, employee training is crucial. Organisations are investing in regular training programs to teach staff how to spot phishing attempts, double-check payment requests, and stay skeptical of urgent or unusual demands. Some companies are even running simulated phishing exercises to keep their employees on their toes.

Some companies are also exploring dedicated fraud insurance policies to mitigate potential losses from ACH fraud.

Checks remain the most fraud-prone payment method, with 65% of organizations reporting they experienced fraud attempts targeting checks in 2023.

ACH fraud is evolving. Are your defences?
A new generation of cyber-threats calls for a new approach to protecting your organization's finances. The 6th edition of our guide shows you how.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.