Kotapay Insights

Protect Yourself from Holiday Email Scams

Protect Yourself from Holiday Email Scams

December 7, 2022

With the holiday season approaching, Kotapay is reaching out to businesses we serve to be on the lookout for email scams. Fraudsters often take advantage of the holiday season to gain information from social media or “out of office” messages from company employees. Once employees are away from work and enjoying time with friends and family, fraudsters use the compromised email account to send emails that direct employees to send money or gift cards, or to update payment instructions.

According to the FBI, there were $2.4 billion in losses due to these types of business email compromise frauds in 2021. And payments experts estimate that these numbers are likely underreported and undercounted due to the difficulty of recovering funds when the fraud is reported. Also, many businesses and individuals do not report this type of fraud because of embarrassment or reputational risk.

Awareness and education are the best way to stop these fraud attempts. We hope that as businesses and employees prepare for the holiday season, they take the recommended steps below to protect themselves. If a business or its employee does become a victim of one of these scams, contact Kotapay’s Risk/Fraud team immediately for additional information.

Kotapay recommends businesses follow these steps to protect themselves from business email compromise:

• Educate and train employees to recognize, question, and independently authenticate changes in payment instructions, payment methods (e.g., ACH to wire), or when pressured to act quickly or secretively.

• Be old-fashioned! Verbally authenticate any changes via the telephone.

• Review accounts frequently.

• Initiate payments using dual controls.

• Never provide passwords, usernames, authentication credentials or account information when contacted.

• Don’t provide nonpublic business information on social media.

• Avoid free web-based email accounts for business purposes. A company domain should always be used in business emails.

• Consider registering domains that closely resemble the company’s actual domain to make impersonation harder.

• Do not use the “reply” option when authenticating emails for payment requests. Instead, use the “forward” option and type in the correct email address or select from a known address book.

Nacha Operating Rules & Guidelines

Nacha Operating Rules & Guidelines

November 17, 2022

What Are the Nacha Operating Rules?

In the past month have you been paid via Direct Deposit? Or paid a bill electronically? For a good number of us, the answer is yes. With the prevalence of the ACH Network, it is necessary to ensure consumers, businesses, credit unions, banks, and government entities all have well-defined roles and responsibilities for every ACH payment.

In 1974, Nacha, the National Automated Clearinghouse Association, created the Nacha Operating Rules to ensure that millions of payments occur smoothly and securely each day. The Rules are an ever-evolving document that strives to be thorough, inclusive, and responsive. They make sure all ACH payments are handled on a level playing field.

How Are the Rules Made?

Since the Nacha Operating Rules & Guidelines are constantly evolving, the first step to enacting a change comes when an idea is submitted to the Rules and Operations Committee for review. The committee consists of Nacha Direct Members, community banks, credit unions, and liaisons from the ACH Operators, U.S. Treasury, and the Federal Reserve Board of Governors – as well as representatives from companies who use the ACH Network. If the idea is accepted, a proposal is created. The Software Information Exchange and ACH Operator Technical Group makes sure the rule can be implemented and finally, a request for comment is issued. For a more detailed explanation of how the Rules are made, watch Nacha’s “How ACH Rules Are Made” video or visit Nacha's website.

Additional Resources

Copies of the Nacha Operating Rules & Guidelines can be purchased in the Nacha Online Store.

What is a Paycard?

What is a Paycard?

October 10, 2022

Kotapay has recently partnered with Fintwist to offer paycards, a type of payment especially useful for non-traditional workers such as those who work multiple gig jobs or manage their finances outside of banks. A paycard (also known as payroll card) is an alternative to a traditional bank account or paper check that allows any employee to be paid electronically via direct deposit. By implementing Fintwist’s digital payment solution, employees get access to bill pay, online purchases, money management tools, and P2P transfers at no cost to the employer.

Click here to learn more!

Connecticut Releases Advisory on Money Transmission

Connecticut Releases Advisory on Money Transmission

August 26, 2022

With the Connecticut Department of Banking’s recent advisory on money transmission and statewide licensing requirement, it’s important to understand which payments-related services are subject to money transmission regulation.

In our experience, the most common type of transaction that triggers a licensing requirement for payroll processors are tax impound transactions where a payroll processor holds clients’ tax monies in the processor’s account until the taxes are due and makes payments on behalf of their client.

However, this is just one example; money transmission laws cover all impounded funds, not only taxes. Non-compliance with your state’s guidelines can result in cease and desist orders or fines, and in some cases, retroactive fines can be levied for non-compliant transactions dating back years.

At this point, you may be asking, what can I do as a payroll processor?

- Stop impounding client funds. With a high potential of penalties and legal headaches, a number of entities have discontinued impounding funds. While this solution is simple if you are only impounding for a few clients, it will not work for everyone.

- Become a licensed money transmitter. Attaining a money transmitter license can be costly and burdensome. If you are doing business in more than one state, you may be required to obtain a license in each of those states bringing application fees into the thousands.

- Kotapay may be able to help. Kotapay has received confirmation from several state Departments of Banking affirming our solution has allowed the processor to fall under our financial institution exemption by setting the Processor up with a For Benefit Of (FBO) account.

This solution may not cover all states and it not intended to be legal advice, please work with your legal counsel.

For more information, view our white paper or contact the Kotapay team.

Combating Fraud

Combating Fraud

June 1, 2021

Six tips to help you stay protected

Payroll fraud is often overlooked but can be a serious threat to businesses and their employees. Fraudsters are constantly coming up with new ways to steal money from businesses, and it’s up to us to stay vigilant. Creating written procedures and diligently following them cuts down on the risk to your organization. Here are six tips you can put in place to help you stay protected:

Confirm account changes with a phone call. Never take payroll change requests via email. When reaching out to the employee who made the request, make sure to use the contact information on file and not what was given in an email. It’s easy for fraudsters to falsify written information. For that reason, we also don’t recommend accepting payroll files from clients via email.

Request verification of all bank accounts. Confirm the account name and account type by taking a look at a voided check and bank statement or bank letter.

Validate all 1099 requests. This should especially be done when the request is for a large dollar amount.

Obtain employee authorizations prior to processing any payrolls. Create your own authorization form or use Kotapay’s to collect employee authorizations.

Until you are comfortable with a new client, set them up for wire or wire drawdown . If you can’t meet the client in person, it’s best to take precautions. After establishing a positive business relationship with them, consider a more traditional funding window.

Contact us if you have any doubts about whether or not a new client application is valid. In cases of fraud, the more information shared with Kotapay the better as we can deter others from becoming victims to future fraud.

If you have any questions or would like to discuss improving your security procedures, please contact the Kotapay Risk Department at (800) 378-3328.

Kotapay Named to Nacha's Top ACH Originators by Volume List

Kotapay Named to Nacha's Top ACH Originators by Volume List

April 21, 2021

Kotapay ranked #41 on annual Top ACH Originators List

Kotapay, First International Bank & Trust’s payment department, was recently named to Nacha’s Top 50 ACH Originators List for 2020. This recognition marks our first appearance on the annual list.

“It’s a tremendous honor to be included on Nacha’s Top 50 ACH Originators list alongside such distinguished national and international organizations,” said Jim Haug, Director of Kotapay. “Kotapay processed $83 billion dollars through our organization in 2020, showing the importance of electronic payments.”

Nacha’s full Top 50 list

Preventing Payroll Fraud

Preventing Payroll Fraud

March 25, 2021

Steps you can take to protect yourself and your clients from payroll fraud

Payroll fraud is on the rise and shows no signs of slowing down. Kotapay has seen an uptick in fraudsters taking over customer email accounts by using spearfishing attempts where they gain control of your client’s email and use that account to request fraudulent payrolls. Your client won’t know this is happening until after money has been taken out of their account, so it’s important to stay diligent.

All it takes is one fraudulent transaction to expose you and your customer to losses. Ask yourself, do you know if the information your customer sent is accurate? Do you have systems in place to validate the information? Following these recommendations could save you and your customers thousands of dollars.

  • Use Caution: If you are receiving email requests from your clients regarding their payroll, take a moment to stop and think if the request is unusual. Are the requested dollar amounts or pay dates out of the ordinary?
  • Validate Files: We encourage you to have a process in place to validate transaction data before sending it to Kotapay. This important step should only take a few minutes but may pay off big dividends for you and your customers.
  • Out-of-Band Authentication: You can reduce the risk of processing fraudulent transactions by using out of-band authentication. If you receive information via email, you should have a validation process in place that uses another method to contact the customer that is different than how you received it. For example, a phone call, fax, or text.
  • Data Security: It’s important to have a data security policy in place to protect your confidential information. The policy should be followed by all employees. If you would like help writing a security policy, please visit the Better Business Bureau’s website.

Implementing these tips could help your company from becoming a statistic. Review your current processes to verify you are doing everything possible to protect from losses that could have been stopped. If you have any questions or would like to discuss improving your security procedures, please contact the Kotapay Risk Department at (800) 378-3328.

ACH Network Experiences Record Growth in 2020

ACH Network Experiences Record Growth in 2020

February 26, 2021

Two billion new payments processed in one year

Largely due to the global pandemic, 2020 was a year of record growth for the ACH Network. The United States as a whole saw an accelerated shift toward electronic payments which resulted in an 8.2% increase in the number of payments made on the ACH Network. Not only were the number of payments up, the value of those payments increased 10.8%, rising to $61.9 trillion. The two billion payments made on the ACH Network in 2020 mark the sixth consecutive year in which the number of payments increased by more than one billion.

Many of the core ACH payment categories also experienced major growth in 2020:

Person-to-person payments and transfers increased 42%

Direct deposit of salaries, wages, benefits, and assistance payments increased 12%

Internet-initiated consumer payments for bills, account transfers, and other payments increased 15%

Business-to-business payments increased by almost 11%

Same-Day ACH payment volume rose 39%

This snapshot on ACH Network growth provides a detailed look at the evolving economy and reinforces the value the ACH Network has on the daily economic life of American residents and businesses.

Source: https://www.nacha.org/news/ach-network-sees-record-growth-2020-268-billion-payments

Managing Risk During this Uncertain Time

Managing Risk During this Uncertain Time

March 20, 2020

We are all navigating through uncharted waters with COVID-19 (Coronavirus) and its impact on businesses. I want to assure you that we have taken measures to continue business as usual with some team members working remotely.

We realize that every industry will be impacted by COVID-19 and we are asking you to be extra cautious during this time of uncertainty. Make sure you are taking the necessary steps to know your customer and mitigate risk for your organization. Be mindful and consider whether you should take on new clients or if some of your existing clients should remain on direct deposit at this time. You know your customers, their industry, and their unique situations.

Are you concerned about client NSF’s? Ask yourself if this client is still a good candidate for direct deposit and will they have sufficient cash flow during this uncertain time? If not, a few things to consider:

Place clients on longer funding windows. A 5 day processing window ensures funds are collected before sending to employees.

Wire or Wire Drawdown. We will initiate the wire transfer on your behalf for next day settlement.

Same Day ACH. The limits are increasing from $25,000 to $100,000 per transaction on Friday, March 20th.

Issue paper checks for the time being

Temporarily, we are offering a new prefunding solution for payroll that allows for cleared funds to be sent within a 4 day time period, similar to a 5 day window. What does that look like?

What are the Benefits of the Premium 4 Day Window prefunding solution?

We are made aware of any returns before sending out the same day credits. We will then compare the payroll file with cleared funds and make any adjustments needed.

Compared to the 5 day window, this solution allows you an additional day to receive the payroll file from your client, send to us by 10pm CT, and get employees paid on payday

If you’re interested in the Premium 4 Day Window, please give us a call at 800-378-3328 and we’ll help get you started.

We are committed to providing uninterrupted processing and the same level of service you deserve and expect from us. Please let us know if we can help in any way. Thank you for the trust you’ve put in the team at Kotapay, we appreciate the opportunity to earn your business every day.

Kotapay Statement Regarding Coronavirus

Kotapay Statement Regarding Coronavirus

March 12, 2020

Kotapay takes the well-being of our customers and employees seriously. With the growing concern over COVID-19 (Coronavirus), rest assured we’re taking the necessary steps to ensure the health of our employees and processing your transactions without interruption.

Kotapay is committed to providing you with the services you’ve come to expect and rely upon. We realize the critical and important role that Kotapay plays in processing transactions for you and your clients. We want to ensure you that we are taking the necessary steps to prepare in the event that Kotapay will need to operate with essential staff only. Kotapay’s contingency plan will go into effect which will provide for uninterrupted processing for you and clients by giving employees access to work remotely.

As of March 12th, the state of North Dakota has minimal cases of COVID-19 and Kotapay is encouraging employees to stay home when ill, wash their hands frequently, and have provided hand sanitizer at workstations. Additional measures in place include restricting unnecessary travel, practicing social distancing and enhancing our cleaning procedures. We are monitoring the situation closely and keeping in contact with State and Federal officials for guidance.

Below are a few links to the Centers for Disease Control to provide you with the most current information available.





Please reach out if you have any questions or concerns.