Upcoming NACHA Rules Changes: Implications for Originators and Merchants

Upcoming NACHA Rules Changes

Implications for Originators and Merchants

As a payment compliance specialist, it is critical to stay abreast of the latest NACHA (National Automated Clearing House Association) rule changes. Two sets of amendments are set to take effect this year—on June 21 and October 1, 2024. Some of these changes will impact originators and merchants significantly, emphasizing the need for proactive adjustments to compliance and operational strategies.

June 21, 2024: Minor Rules Topics

The first wave of changes focuses on minor rule topics. Minor changes to the Rule have little to no impact on ACH participants and no significant processing financial impact.

  1. General Rule /Definition of WEB Entries– The updated NACHA rule clarifies the use of WEB entries, which are transactions initiated by a consumer over the internet or a wireless network. The new definition eliminates confusion by specifying that all consumer-to-consumer credits must use the WEB SEC code, regardless of the internet or wireless network being the method of initiation.
  2. Definition of Originator– The updated rule provides a clearer definition of an Originator, stating that it is the party authorized by the Receiver to credit or debit the Receiver’s account at the RDFI (Receiving Depository Financial Institution). This clarification helps in precisely identifying the responsible entity in a transaction, thus reducing ambiguities and potential disputes between parties involved in ACH transactions
  3. Originator Action on Notice of Change– This rule requires Originators to take prompt action upon receiving a Notice of Change (NOC) from the RDFI. The NOC indicates necessary corrections to the information within an ACH entry. Originators must make the specified changes within six banking days or before the next entry, whichever is later.
  4. Data Security Requirements– The updated rule extends the data security requirements to all non-consumer Originators, Third-Party Service Providers, and Third-Party Senders.
  5. Use of Prenotification Entries– The revised rule on prenotification entries provides clarity on their use and the handling of responses from RDFIs. Prenotification entries are optional but recommended for verifying account information before initiating live transactions. Originators can use these entries to ensure that account details are correct, reducing the risk of errors and rejected transactions. If an RDFI responds to a prenotification with a NOC, the Originator must address the indicated issues promptly
  6. Clarification of Terminology – Subsequent Entries– The rule clarifies the term “Subsequent Entries,” referring to entries that follow an initial authorization. These can be initiated by the consumer through actions such as phone calls or online requests. The updated rule allows greater flexibility in the use of Standard Entry Class (SEC) codes for these subsequent entries, accommodating various methods of initiation and ensuring that authorization requirements are met appropriately

October 1, 2024: Risk Management Topics

The second set of changes, effective October 1, centers around risk management, reflecting NACHA’s ongoing efforts to enhance the security and reliability of the ACH Network:

  1. Codifying Expanded Use of Return Reason Code R17– The updated rule codifies the expanded use of Return Reason Code R17 to enhance the identification and management of fraudulent activities. This rule includes the following specifics:
    • R17 + “QUESTIONABLE”: The addition of the word “QUESTIONABLE” in the return addenda record signifies a potential fraud alert on the receiving bank account. This helps financial institutions quickly identify transactions that may require further scrutiny for fraud
    • Impact on Unauthorized Return Rates: These returns will not be counted in unauthorized return rates, thus not affecting the metrics used to evaluate the frequency of unauthorized transactions
    • This new Rule also includes references to a newly defined term, False Pretenses: The inducement of a payment by a Person misrepresenting (a) that Person’s identity, (b) that Person’s association with or authority to act on behalf of another Person, or (c) the ownership of an account to be credited.”
      This definition covers common fraud scenarios such as Business Email Compromise (BEC), vendor impersonation, payroll impersonation, and other payee impersonations, and complements language on “unauthorized credits” (account takeover scenario). It does not cover scams involving fake, non-existent or poor-quality goods or services.
    • Expanded Use of ODFI Request for Return/R06–This rule expands the circumstances under which an Originating Depository Financial Institution (ODFI) can request a return of an entry using Return Reason Code R06 (Return per ODFI’s Request). This expansion aims to provide more flexibility and tools for ODFIs to manage erroneous or problematic entries, ensuring better correction of mistakes and reducing potential risks associated with such entries
    • Ensure your loan management and payment processing systems are updated for NACHA’s new R17 rule. This rule allows RDFIs to use Return Reason Code R17 with the descriptor “QUESTIONABLE” in the Addenda Information field to flag transactions that may be suspicious or fraudulent. Updating your systems will help differentiate these returns from routine account errors and maintain compliance with NACHA’s standards.
  2. Additional Funds Availability Exceptions– The rule introduces new exceptions to the funds availability requirements, allowing RDFIs more time to investigate suspicious transactions before making funds available to the account holder. This extension is critical in scenarios where there is a high likelihood of fraud, enabling RDFIs to ensure that the transaction is legitimate before releasing the funds. This change aims to reduce the risk of fraudulent withdrawals and losses for both the financial institution and the account holder
  3. Timing of Written Statement of Unauthorized Debit (WSUD)– The rule modification allows for greater flexibility in the timing of signing a WSUD. Specifically, it permits the WSUD to be signed and dated by the Receiver on or after the date the unauthorized debit entry is presented, even if the debit has not yet posted to the account. This change simplifies the process for receivers to dispute unauthorized debits and facilitates quicker resolution of such issues​
  4. RDFI Must Promptly Return Unauthorized Debit– This rule mandates that Receiving Depository Financial Institutions (RDFIs) must promptly return any unauthorized debit entries once they are identified. This requirement ensures that unauthorized debits are addressed quickly, minimizing the impact on the account holder and reducing the potential for further fraudulent activity. It emphasizes the responsibility of RDFIs to act swiftly in protecting their customers’ accounts from unauthorized transactions

For further details on these rule changes, visit NACHA’s official website on minor rules topics and risk management topics.

Preparing for Compliance

For originators and merchants, preparation is key to ensuring compliance with these new rules:

  • Review and Update Systems: Ensure that all payment processing systems are updated to align with the new data specifications and validation requirements.
  • Train Staff: Conduct comprehensive training sessions for relevant staff to familiarize them with the new rules and their implications.
  • Enhance Fraud Detection: Invest in advanced fraud detection and prevention technologies to meet the updated standards.
  • Audit Third-Party Relationships: Conduct thorough audits of third-party sender relationships to ensure compliance with the new risk management requirements.

By proactively addressing these changes, originators and merchants can mitigate risks, ensure compliance, and continue to facilitate secure and efficient ACH transactions.

June 4, 2024

About Averee Jimenez, AAP, APRP, NCP

She is a seasoned Payments Risk and Compliance Professional with a proven track record in navigating the complex landscape of financial regulations and risk management. With 11 years of experience in the field, she brings a wealth of expertise in mitigating risks, implementing robust compliance frameworks, and driving strategic initiatives to safeguard payment systems.

Bigger Possibilities Await.

Contact Us


Read More

Demystifying Payment Processing: A Comprehensive Guide

Demystifying Payment Processing

A Comprehensive Guide

In today’s digital world, the process of making payments has evolved significantly. Payment processing is a complex yet essential aspect of modern commerce, enabling seamless transactions between buyers and sellers. Whether you’re buying groceries, booking a flight, or shopping online, understanding how payment processing works is crucial. In this article, we will demystify the intricacies of payment processing, shedding light on the various steps involved in facilitating secure and efficient transactions.

Step 1: Initiating the Transaction

The payment process begins when a customer initiates a purchase by providing their payment information, such as credit card details, debit card numbers, or other digital payment methods. This data is encrypted to protect it from unauthorized access during transmission.

Step 2: Authorization Request

Once the payment information is entered, the merchant or seller sends an authorization request to the payment gateway. The payment gateway acts as an intermediary between the merchant’s point of sale system and the payment processor. It securely transmits the customer’s payment data to the payment processor for further authentication.

Step 3: Authentication and Verification

The payment processor receives the authorization request and forwards it to the customer’s bank (issuing bank) for authentication. The issuing bank verifies the customer’s account details, checks for sufficient funds, and assesses the risk associated with the transaction. If the transaction is approved, the issuing bank sends an authorization code back to the payment processor via the payment gateway.

Step 4: Transaction Settlement

With the authorization code in hand, the payment processor notifies the merchant’s point of sale system about the successful transaction. At this stage, the payment is not yet transferred to the merchant’s bank account.

Step 5: Clearing and Settlement

Once a day, the payment processor batches together all authorized transactions and sends them to the acquiring bank (merchant’s bank) for clearing and settlement. During clearing, the funds are transferred from the customer’s bank to the acquiring bank. The settlement process involves the actual transfer of funds from the acquiring bank to the merchant’s bank account.

Step 6: Payment Reconciliation

After the settlement is complete, the acquiring bank sends the payment data to the payment processor for reconciliation. The processor ensures that all transactions are accurately accounted for and calculates the fees to be deducted for their services.

Step 7: Merchant Receives Funds

Finally, the merchant’s bank account is credited with the settled funds, completing the payment processing cycle. The merchant can then access the funds and utilize them for business purposes.

Security Measures in Payment Processing

Throughout the payment processing journey, various security measures are employed to safeguard sensitive customer information and prevent fraudulent activities. Encryption, tokenization, and secure socket layer (SSL) protocols are utilized during data transmission to protect against unauthorized access. Additionally, the Payment Card Industry Data Security Standard (PCI DSS) sets rigorous guidelines for handling payment information, ensuring the highest level of security compliance.

Conclusion

Payment processing is a sophisticated ecosystem that allows businesses to accept payments seamlessly and customers to shop conveniently. From the moment a customer initiates a transaction to the settlement of funds into the merchant’s account, multiple parties collaborate to make the process smooth, secure, and efficient. Understanding how payment processing works is essential for both businesses and consumers, as it fosters trust and transparency in the digital marketplace. As technology continues to advance, payment processing will undoubtedly evolve, enabling even more seamless and secure transactions in the future.

March 23, 2023

About Adam Garrett

He has spent almost 20 years building successful merchant acquiring programs and is a proven sales leader who brings his expertise in team management, business development, and strategic planning to Viking Payments. He received his MBA from the University of Texas at Dallas, and his BS at Missouri State University.

Bigger Possibilities Await.

Contact Us


Read More