Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network
 


MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

e-Card Exchange

Examiner's Corner

Executive Briefing

HR Corner

Infovault

Launch Pad

Regulator Roadmaps

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification


~ ~ ~
SHOP 

Banker Store

Bankers Info Ntwk

CONNECT 

Career Connect

Learning Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 


60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 


About Our Sponsors
About Us






Print Friendly! Email This Article! Discuss NOW!


NACHA Rules on Internet ACH Debits
by Mary Beth Guard
Guru Bios


An amendment to the NACHA operating rules which took effect March 16, 2001 is designed to enhance security for ACH debits initiated through the Internet. Internet-originated ACH debits are thought to pose special risks due to the anonymity of the medium. The amendments increase the warranties that accompany the transmission of certain Internet-initiated ACH entries by an originating depository financial institution (ODFI) to a receiver's account with a receiving depository financial institution (RDFI).

A debit entry initiated pursuant to an authorization obtained through the Internet to effect a transfer of funds from a consumer account will need to bear a unique new Standard Entry Class (SEC) Code, WEB;
  • WEB entries must be further identified as either recurring entries or nonrecurring entries; RDFIs are permitted, but not required, to identify Internet-initiated entries for appropriate treatment;
  • Originators of WEB entries (e.g., merchant customers of banks) are required to do several things:
    • Employ commercially reasonable fraudulent-transaction detection systems to screen the entries in order to minimize the risk of fraud related to Internet-initiated payments. For example, they must use a commercially reasonable security technology providing a level of security that, at a minimum, is equivalent to 128-bit encryption technology.
    • Use commercially reasonable procedures to verify that routing numbers are valid.
    • Establish a secure Internet session with each receiver prior to the key entry by the receiver of any banking information.
    • Conduct an annual audit to ensure that the financial information obtained from receivers is protected by security practices and procedures that include, at a minimum, adequate levels of (1) physical security to protect against theft, tampering, or damage; (2) personnel and access controls to protect against unauthorized access and use; and (3) network security to ensure capture, storage, and distribution of financial information. The first audit must be completed by December 31, 2001!
ODFIs are required to
  • Ensure that originators are in compliance with the above requirements on a continuing basis. Under the amendment, ODFIs that transmit WEB entries warrant that originators have conformed to those new requirements.
  • Conform with an additional warranty, in the case of a WEB entry initiated by an originator that is not a natural person, that the ODFI has:
    • Used a commercially reasonable method to establish the identity of the originator;
    • Established procedures to monitor the creditworthiness of the originator on an ongoing basis;
    • Established an exposure limit for the originator and implemented procedures to review that exposure limit periodically;
    • Implemented procedures to monitor entries initiated by the originator relative to its exposure limit across multiple settlement dates.
Originally appeared in the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 6/18/01






Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.