Payments Insider 3rd Quarter 2025
The inside scoop on payments for businesses of all sizes.
by Marcy Cauthon, AAP, AFPP, APRP, NCP, Senior Director, On-Demand Education
While many think paper checks have vanished into the shadows, they still represent about one-third of all business-to-business (B2B) transactions, according to the Association of Financial Professionals.
Unfortunately, we are seeing a chilling surge in check fraud schemes, with check fraud being the largest source of illicit proceeds in the United States, according to the Financial Crimes Enforcement Network (FinCEN). Therefore, it’s critical that your business recognizes the red flags before they come to light, especially when it’s too late.
Check fraud happens when criminals produce fake checks or steal mail containing personal checks, business checks and any government checks. These checks are then altered or counterfeited, physically or digitally, to allow different payees or larger amounts.
It’s important to understand the difference between an altered check and a counterfeit one. It states in the Uniform Commercial Code (UCC) that an alteration “must” occur on the original paper check that your business issued. For example: your business issues a check, a criminal gets hold of it, washes it with chemicals and then writes or types new information on it. Conversely, a counterfeit happens when a criminal uses information from a legitimate check your business issued to create new checks on different check stock. While there are many types of check fraud, alterations and counterfeits are two of the most common.
To keep your business from being spooked by check fraud, watch for these common red flags:
Check fraud is a spooky reality. While there are steps to recover funds after it occurs, prevention is always the best defense. Some measures to consider include:
Protect your business from the ghouls and goblins of check fraud with these suggested precautions:
Trying to recover funds after check fraud is like navigating a haunted maze—complicated, frustrating and full of unexpected twists. That’s why reconciling your accounts regularly and often is key. If you suspect check fraud, acting quickly gives you the best chance of recovery. Notify your financial institution immediately if something is amiss. Keeping thorough records of transactions, especially if payments were prompted by an email or phone call, can also provide valuable evidence if the situation escalates to legal action.
If you’d like more information on what options are available to your organization to reduce fraud, reach out to your financial institution.
Tricksters aren’t just for Halloween—they target businesses like yours year-round. Don’t let fraudsters creep in and steal your hard-earned money. Positive Pay helps detect discrepancies, prevent losses and secure your check payments. Contact your financial institution today to implement Positive Pay and banish fraud before it strikes!
by Shelly Sipple, AAP, AFPP, APRP, NCP, Senior Director, Certifications & Continuing Education
If your business originates ACH payments, you may have come across something called a “Notification of Change,” or NOC, and thought, “Not Our Concern.” But beware—ignoring NOCs can come back to haunt you, and here’s why.
NOCs are messages sent through the ACH Network to alert you that something in your payment instruction needs to be updated, such as an incorrect routing number, account number or transaction code. These updates help ensure your payments continue to process correctly and on time, keeping you from being haunted by failed transactions.
Let’s walk through a common scenario: You send an invoice to a customer, and they authorize you to pull the payment from their account via ACH. You initiate the transaction, but when it arrives at the customer’s financial institution, it hits a snag. Maybe you coded the payment for a checking account, but the customer only has a savings account.
At this point, the receiving financial institution (called the RDFI) has two choices:
The second option is more customer-friendly and ensures you get paid. But it also means you have to take action.
According to the ACH Rules, your financial institution must notify you within two banking days of receiving an NOC related to one of your payments. Notification may come by telephone, secure email or as a report in your online banking portal. Once notified, you must make the specified change(s) within six banking days or before you send your next ACH entry for that customer, whichever comes later.
If you don’t expect to send another payment to that customer, no need to worry. But if they’re a repeat customer (and hopefully they are!), you need to update the information in your system to avoid future issues.
Ignoring NOCs can turn into a nightmare. Responding to NOCs isn’t just about compliance; it’s smart business. Keeping your payment information up to date helps you:
And let’s face it—no one wants to chase down failed transactions or deal with late payments lurking like a shadow.
To stay compliant and efficient, follow these best practices:
Reach out to your financial institution or visit epcor.org/corporateuser for more compliance resources tailored to corporate ACH users. Don’t let NOCs haunt your business—stay proactive and keep your payments running smoothly.
by Trevor Witchey, AAP, APRP, NCP, Senior Director, Payments Education
By March 20 or June 19, 2026 (Phase 1, starting March 20, 2026, applies to non-consumer originators and third-parties with 2023 ACH origination volume of 6 million or more. Phase 2, starting June 19, 2026, applies to all remaining non-consumer originators and third parties), ACH Originators must establish and implement risk-based processes and procedures reasonably intended to identify ACH Entries initiated due to fraud. This is part of Nacha’s new Origination Fraud Monitoring Rule, designed to keep fraudsters from initiating ACH payments due to unauthorized access or inducing an Originator to send something under false pretenses. If you’re unsure how the requirements apply to your organization, check with your financial institution for guidance.
These procedures should be tailored to your role in authorizing and transmitting entries and must be reviewed and updated at least annually to keep pace with evolving fraud risks.
Most ACH payments are sent to the same Receivers, such as payroll, vendors, utilities, etc., so concentrate your controls on atypical situations that could hide fraud, such as:
According to the FBI’s IC3 2024 report, business email compromise was the second most common fraud type (behind investment fraud, which has escalated recently). Meanwhile, a Center for Payments survey identified “Authorized User was Manipulated” as the top emerging threat. Regardless of size, Originators must document and follow clear procedures to meet the Rule’s requirements and reduce fraud exposure.
Reach out to your financial institution to discover the tools they offer to strengthen your fraud defenses. Having more than one set of eyes makes it much harder for fraudsters to succeed—don’t let invisible threats haunt your payments.
Catch the ghouls before they strike! Watch EPCOR’s Monitoring for Fraud Did You Know video for bone-chilling tips on spotting unauthorized activity and be sure to subscribe to EPCOR’s YouTube channel, EPCORPymnts, to stay in the know and keep your payments safe from hidden threats.
Our team of dedicated professionals are here to support you.