I developed some software which processes ACH payments. I am concerned about the overall security of ACH because the customer can make changes to the account (acct #, routing etc.). I was wondering if someone could share some guidance on the best way for a company like mine to protect itself from financial liability.
I have considered enhanced auditing, time delays for changes and two-factor for changes. Consider the use case of a small shop where there are only one or two people at the company. We also process for large companies. Just trying to cover the bases and show due care. What works best to cover my company and my customer from fraud as well?