This week, Time & Pay’s management met with our ACH processing center to discuss best practices in regards to security and controls for protecting the integrity of ACH files. The computer hacking community works 24 hours a day on trying to make life miserable for those folks who work hard at making an honest living. Businesses must be vigilant.  Time & Pay is constantly working at setting up systems and controls to make sure the integrity of our ACH data is not compromised. Our ACH processing center assured us they were very confident in the systems, controls and procedures we are using to maintain the required safety and security of our data.

One of the key areas banks are focused on is verifying the integrity of the data they process. And one of the means that the data can be compromised is by hackers who obtain the ability to clandestinely read the key strokes of a user’s computer. Viruses, such as the one currently called the Zeus virus, allow hackers to virtually read all the key strokes a user is keying. Thus, once the virus is installed on a user’s computer, when the user enters their log-in and password to a secure site, such as their on-line banking site, the hacker can be on the other side of the globe easily learning how to get into that user’s banking system. Our ACH processor sited numerous examples of how hackers, once they obtained the ability to get into a businesses banking system by monitoring key strokes, would create multiple bogus ACH transactions that funneled 10’s of thousands of dollars out of that business’s bank account into multiple accounts all over the world.

These key stroke  reading viruses are usually sent via email denoting some urgent message, usually related to a money transaction, that tells the reader to click on a link to learn more about a recent money transaction issue. It may be a credit card message noting that some, supposedly, recent transaction was not able to be processed, or some payment such as bank bill-paying transaction, that was not able to be processed.  Never click on those links. Your bank, your credit card company, PayPal, all the legitimate financial institutions you work with are very concerned about fraud and well aware of how hackers operate. They understand the lack of security in the email process. They will never send you an important message relating to your account via email.  If you receive an email of this nature, never click on the links inside that email. If you are concerned there may be an issue with your account, call the party instead to confirm if there is an issue. Always act on the side of caution. A careless click on a questionable email link may end up being a very costly mistake.

While your bank is doing all they can to protect your assets, you must always be vigilant. Even a good antivirus software system, which often can’t keep up with the computer underworld, won’t offer 100% protection from this kind of attack.  If you would like to talk to us more about this topic, give our operations dept. a call.