Hi folks,
I'm new to the forum and I'm an IT guy, so bear with me with my silly finance-related questions.
In one deparment, we plan to offer e-check services from our POS (Point of Sale) terminals (SEC POP codes) to process checks.
In a different department which I also support, we submit salaries payments and we collect taxes payments via ACH transactions from different systems.
Now, someone raised the flag as we are the originators for ACH credit and debit transactions that we must be NACHA compliant.
I started researching about it and I even got the "2013 NACHA Operating Rules & Guidelines" e-book in PDF format. I read some tech-related articles about it and they all mention "tips" to protect fraud ACH transactions.
However, I cannot find a sole resource which lists how a particular type of entity as ours, a merchant and a finance department being the originator and receiver of ACH transactions, can meet all NACHA requirements to be compliant.
Now, I am also driving the PCI compliant efforts in these departments, but PCI does provide a specific set of requirements we must meet to be compliant, see the "PCI DSS v2" document from the link below.
PCI DSS https://www.pcisecuritystandards.org/sec...ociation=pcidssQuestions...
#1. Is there something similar in NACHA where it lists all requirements we need to meet from an IT perspective (network, software, hardware and security policies) in order to be NACHA compliant?
#2. In PCI, a QSA (Qualified Security Assessor) certifies an entity is PCI compliant. In NACHA, I believe it is the AAP (Accredited ACH Professional) who certifies an entity as NACHA compliant correct?
If so, I wonder what checklist they use to perform his assessment.
Your support and advise is greatly appreciated.
Thanks,
...Alex
Previous Thread
Index