Businesses that accept Automated Clearinghouse (ACH) payments from their customers are subject to the operating rules of the National Automated Clearinghouse Association (NACHA). The rules and requirements of this organization apply to every ACH payment and are intended to ensure the secure storage, access and transmission of sensitive information. Even if businesses use third-party payment processing systems, it’s still important to understand ACH rules and ensure compliance.

What are NACHA’s operating rules?

NACHA’s Rules of Operation are updated annually. Issued by a nonprofit agency that works closely with the US Treasury, Federal Reserve, and state banking agencies, they apply to all sensitive customer information. In this case, sensitive information may include both financial data such as bank account and routing numbers and personally identifying information such as social security numbers and driver’s license numbers. Anyone interested in learning more about the types of data subject to NACHA’s operating rules can learn more here.

The Importance of NACHA Compliance

NACHA enforces its rules through a formal system that includes both warnings and fines, but according to, the fact that companies can expect to be warned before being fined doesn’t mean they shouldn’t pay attention to the rules, to start with. The rules were implemented for a good reason, and breaking them can lead to not only fines, but also reputational damage. With Nacha Certified Status Renewed for Paycor, for example, the company must now seek to rebuild its reputation.

Secure transmission and storage of sensitive information

The best way to ensure compliance with NACHA rules regarding the secure transmission and storage of sensitive information is to work with a company like TokenEx that takes NACHA compliance seriously.

Companies must also encrypt all sensitive information sent, received or stored online. That said, encryption should only be one part of a multi-pronged NACHA compliance strategy.

Clear data security policies

Every business that accepts ACH payments should have a set of clearly written policies that govern the protection of sensitive data. The policy should address how sensitive data is transmitted, stored and accessed to protect it from unauthorized use and cyber threats. Where appropriate, this security policy should also include standards for secure storage of hard copies of customer data.

Customer Identity Verification

NACHA requires businesses to take reasonable steps to verify the identity of customers. This rule applies to online and telephone transactions. Simple ways to comply with this rule include:

Using a third-party verification service

Verification of driver’s license numbers

Depositing small test amounts to clients’ bank accounts

Checking user IDs and passwords

Don’t Underestimate the Importance of NACHA Compliance

Businesses of all sizes that accept ACH payments are subject to NACHA’s rules and operating guidelines. So don’t assume they only apply to large companies. The best way to ensure compliance is to work with a third-party online payment optimization service, but that won’t eliminate all possible compliance failures. Companies should also maintain clear and detailed security policies and ensure that their staff know how to follow them. Not all the rules of the organization have been described above, so it is better to read the rules in full or work with an expert.

Media Contact
Company Name:
Contact person: Media Relations
E-mail: Send an email
Call: 407-875-1833
Country: United States