VeriCheck’s PCI Compliance in ACH Payment Processors

February 19th, 2021

There is currently a widespread misconception that only companies with massive processing capabilities should be concerned with security, which is no longer the case. With so much e-commerce and fraud on the rise, today’s merchants have sensitive information that needs to be protected, regardless of size. Adhering to PCI standards can make the best ACH payment processors more secure.

Preventing Fraud in ACH Payment Processors

ACH payments are typically low risk due to automation, making fraud harder to detect. Making matters even more challenging, business accounts have only three days to reverse a fraudulent ACH transaction.

Although not mandated for ACH transactions, if PCI standards were to be followed consistently in the ACH environment, fraud could potentially drop considerably. Following PCI guidelines for safe ACH payment processor use is a wise strategy.

These include:

  • Implement a security policy
  • Maintaining a firewall
  • Ensure virus protection is current
  • Using encryption when transferring sensitive data


Network Administration Fees help financial institutions maintain the NACHA Network—one of the two largest networks responsible for money movement in the U.S. The Rules set the governance of all ACH transactions to ensure smooth and secure operations.

While most people are unaware of the seamless operation of money movement, NACHA Operating Rules impact millions of people daily via:

  • Direct Deposit
  • Electronic bill payments and eCheck processing
  • Online purchases
  • And so much more…

NACHA (National Automated Clearing House Association) Rules also provide exact guidelines for securely accessing, storing, and transmitting sensitive customer data. Additionally, merchants are required to be NACHA compliant and must be certified annually.

How PCI Helps Prevent Fraud to ACH Processors

PCI compliance was initially introduced to reign in fraud losses. However, not all entities comply with the recommended standards—a study by the American Bankers Association (ABA) has revealed that, despite best-efforts, retail data breaches continue to occur.

These breaches are made possible due to insufficient security protection, making the banking industry’s job more difficult. However, not all parties involved in the payment environment are equally concerned with security and fraud prevention–losses continue to rise.

Maintaining constant application of PCI standards makes it significantly more difficult for fraudsters to hack your ACH payment processing.

The Payment Card Industry Data Security Standard (PCI-DSS) is considered the foremost authority in security for the credit card processing industry. PCI sets the security standards on how credit card payments are processed, as well as the protection of sensitive data associated with ACH payment processors, making it an invaluable asset to the payment card industry.

PCI requires businesses that process, transmit, or store credit card information to preserve a secure environment. Remaining PCI compliant also helps to protect your organization from cyber threats.

The fees associated with PCI compliance are major pain points for merchants and ISVs (Independent Software Providers). Fees range from $35 — $99 annually, and non-compliance fees average $20 per month.

E2E (End-to-End Encryption) ensures that only you and the person you’re communicating with are able to read or listen to what is sent on a transmission. E2E Payment data is encrypted at the POS (Point of Sale) and removes all liability while increasing security.

If an ISV provides tokenized encryption of payment data, the encryption reduces the scope and liability of PCI for the merchant.

No PCI Network for ACH

While the Credit Card industry has PCI oversight, ACH does not have such a network. However, by leveraging new technologies, ACH transactions can be processed in much the same manner as POS Encryption, E2E, and Tokenized bank data providing protection for their customers, brand liability, and the merchants themselves.

Hosted Payments with VeriCheck

If you are looking to add payment functionality to your website, VeriCheck can help you accomplish this by adding a Hosted Payment Page with tokenized payment data—a checkout page that handles credit and debit card payments.

Once the checkout process is completed, the transaction is encrypted and stored in the merchant’s payment gateway (virtual terminal).

Or, if you prefer to use Direct Email Invoices, VeriCheck can assist you with that, as well. An email that contains an invoice attachment is an Invoice Email, which includes a custom branded URL that directs the customer to a unique payment page which collects payment data, then saves that encrypted payment data for future use by the merchant. VeriCheck uses REST API and Accept.Blue‘s payment gateway to process these types of transactions.

Grow your Business with VeriCheck

VeriCheck’s many platforms can help you grow your businesses. We are one of the best ACH companies in the industry with capabilities that encompass far more than just ACH payment processing and ACH check conversion.

  • If you are an ISV (Independent Software Vendor), VeriCheck can show WHY we can be a selling point for your services.
  • If you are a company of any size or type that collects payments, VeriCheck can help you build the best payment platform to do this in a secure environment.
  • We service many industries, such as:
    • Auto dealers,
    • Nonprofits, gyms
    • Fitness clubs,
    • E-commerce brands,
    • Health insurance providers,
    • Pension fund,
    • Parking facilities,
    • Professional services,
    • Property managers,
    • Government organizations,
    • Universities,
    • And any other business that need recurring payments

Call VeriCheck today to learn more about our services and what we can do for you.