Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network

Search BankersOnline
using Google


    Agency Road Maps

    Alphabet Soup

    Compliance Tools





    Lending Tools




    Check 21

    Operations Tools

    SAR Resrch Guide



    Bank Robbery


    ID Fraud/Phishing

    Security Tools


    Info Security

BOL Archives

BOL Blogs

Briefing Archive


Court Watch

e-Card Exchange

Examiner's Corner

Executive Briefing

HR Corner


Launch Pad

Regulator Roadmaps

Risk Management

Site Map

Site Orientation

Top Stories

~ ~ ~

Em@il Education

ID Verification

~ ~ ~

Banker Store

Bankers Info Ntwk


Career Connect

Learning Connect

Guru Central


Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms


BOL Recipes

eCard Exchange


About Our Sponsors
About Us

Print Friendly! Email This Article! Discuss NOW!

NACHA Rules on Internet ACH Debits
by Mary Beth Guard
Guru Bios

An amendment to the NACHA operating rules which took effect March 16, 2001 is designed to enhance security for ACH debits initiated through the Internet. Internet-originated ACH debits are thought to pose special risks due to the anonymity of the medium. The amendments increase the warranties that accompany the transmission of certain Internet-initiated ACH entries by an originating depository financial institution (ODFI) to a receiver's account with a receiving depository financial institution (RDFI).

A debit entry initiated pursuant to an authorization obtained through the Internet to effect a transfer of funds from a consumer account will need to bear a unique new Standard Entry Class (SEC) Code, WEB;
  • WEB entries must be further identified as either recurring entries or nonrecurring entries; RDFIs are permitted, but not required, to identify Internet-initiated entries for appropriate treatment;
  • Originators of WEB entries (e.g., merchant customers of banks) are required to do several things:
    • Employ commercially reasonable fraudulent-transaction detection systems to screen the entries in order to minimize the risk of fraud related to Internet-initiated payments. For example, they must use a commercially reasonable security technology providing a level of security that, at a minimum, is equivalent to 128-bit encryption technology.
    • Use commercially reasonable procedures to verify that routing numbers are valid.
    • Establish a secure Internet session with each receiver prior to the key entry by the receiver of any banking information.
    • Conduct an annual audit to ensure that the financial information obtained from receivers is protected by security practices and procedures that include, at a minimum, adequate levels of (1) physical security to protect against theft, tampering, or damage; (2) personnel and access controls to protect against unauthorized access and use; and (3) network security to ensure capture, storage, and distribution of financial information. The first audit must be completed by December 31, 2001!
ODFIs are required to
  • Ensure that originators are in compliance with the above requirements on a continuing basis. Under the amendment, ODFIs that transmit WEB entries warrant that originators have conformed to those new requirements.
  • Conform with an additional warranty, in the case of a WEB entry initiated by an originator that is not a natural person, that the ODFI has:
    • Used a commercially reasonable method to establish the identity of the originator;
    • Established procedures to monitor the creditworthiness of the originator on an ongoing basis;
    • Established an exposure limit for the originator and implemented procedures to review that exposure limit periodically;
    • Implemented procedures to monitor entries initiated by the originator relative to its exposure limit across multiple settlement dates.
Originally appeared in the Oklahoma Bankers Association Compliance Informer.

First published on 6/18/01

Privacy Policy    Disclaimer   Recommend This Site !   Contact Us

BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.