That's correct. If they tell you it's unauthorized, you would have them complete a WSUPP and return it as "R10- Customer Advises Not Authorized" for consumer SEC transactions; "R29 Corporate Customer advises not Authorised" for corporate SEC transactions.
But there are some return timeframes involved. On consumer entries, they must be returned by the 60th day after settlement. If a customer notifies you after the ACH return deadline, you may still have some liability under Reg E. The timeframes are much shorter on Corporate entries. Unauthorized entries must be returned by the 2nd business day after settlement. For this reason, several RDFIs have filters which only allow authorized entries to post. Even after the return deadlines, there are still warranties in place from the Originating Financial Institution concerning authorizations, so you may be able to seek other remedies.
For more information on the warranties, see pages OG 44-46 of the 2009 NACHA Rulebook. I would also suggest checking with your regional payment association for additional training. We belong to WESPAY, and they offer both archived and live seminar broadcasts on ACH Basics and RDFI Risk Management.
Last edited by BetsyS; 10/15/09 12:49 AM.
_________________________
Let's start at the very beginning; A very good place to start...