ACH (Automated Clearing House) is a nationwide computer-based network that electronically processes transactions between financial institutions, such as banks, that participate in it. ACH is one of the fastest and most reliable ways for people and companies to transfer funds directly from one bank account to another. ACH transfers are considered to be one of the safest methods of secure money transfer because they are backed by federal law.
As with any type of financial transaction, such as checks, credit cards and debit cards, various security measures must be used with ACH to ensure against fraud. These are required by NACHA (the National Automated Clearinghouse Association), the organization that administers ACH payments.
Here is an overview of the security requirements that we employ while processing ACH payments.
- NACHA requires that all participants in the ACH process implement protocols and controls to protect sensitive data. This includes merchants’ financial information as well as other sensitive information such as Social Security numbers.
- NACHA requires that any transmission of banking information, such as a customer’s bank account and routing number, be encrypted using “commercially reasonable” encryption technology if transmitted via an unsecured network, like the Internet.
“Commercially reasonable” merely means that these means are up to par with security best practices to thoroughly protect information. This means that an ACH participant is not allowed to send bank account information via non-encrypted email or to place it on an insecure web form. Accordingly, any third-party software solutions for ACH must use reliable encryption.
- NACHA requires that anyone originating a transaction must use “commercially reasonable” steps to ensure the validity of the routing numbers that are entered into the ACH network. Typically, a small business will not need to implement this type of solution itself, as many reputable third-party solutions like VeriCheck will include this type of validation.
- NACHA requires that the originator must use “commercially reasonable” means to verify the identity of the customer for any transactions initiated over the phone or from the Web. There are several ways in which a merchant can verify the identity of a customer, including the use of a Social Security number, a driver’s license, or a combination of a user ID, password and known IP address.
- NACHA requires that the originator of a transaction use “commercially reasonable” methods of identification in advance in order to prevent fraudulent transactions from being submitted for ACH processing.
While there are a variety of methods used in order to secure the ACH process, a number of best practices have been put into place by NACHA. The implementation of such practices and protocols allows for organizations such as VeriCheck to ensure security and confidence in any and all transactions made.
Contact us directly for more information.