ACH Authorization Requirements (NACHA)
Within are applicable excerpts from the NACHA guidelines. You can find resource links to purchase the full list of NACHA requirements and regulations at NACHA.org.
Rights and Responsibilities of ODFIs, Their Originators, and Third-Party Senders
Originator Must Obtain Authorization from Receiver
An Originator must obtain authorization from the Receiver to originate one or more Entries to the Receiver’s account, except for credit Entries for which the Originator and Receiver are both natural Persons.
An authorization must comply with applicable Legal Requirements, be readily identifiable as an authorization, and have clear and readily understandable terms. A purported authorization for an Entry that is not clear and readily understandable as to its terms, or that is otherwise invalid under applicable Legal Requirements, does not satisfy the requirements of this section.
Originator will always be the merchant from ACH perspective. Payrix is the third party service provider who provide payment services to merchants.
Debit Entries to Consumer Accounts
The Originator of a debit Entry to a Consumer Account of the Receiver must obtain a written authorization that is signed or similarly authenticated by the Receiver, except as otherwise expressly permitted by these Rules.
In addition to the general requirements for an authorization, an authorization for a debit Entry to Consumer Account of the Receiver must, at a minimum, include:
Language regarding whether the authorization obtained from the Receiver is for a Single Entry, Recurring Entries, or one or more Subsequent Entries initiated under the terms of a Standing Authorization;
The amount of the Entry/Entries or a reference to the method of determining the amount of the Entry/Entries;
The timing (including the start date), number, and/or frequency of the Entries;
The Receiver’s name or identity;
The account to be debited;
The date of the Receiver’s authorization; and
Language that instructs the Receiver how to revoke the authorization directly with the Originator (including the time and manner in which the Receiver’s communication with the Originator must occur). For a Single Entry scheduled in advance, the right of the Receiver to revoke the authorization must afford the Originator a reasonable opportunity to act on the revocation prior to initiating the Entry.
With respect to a Standing Authorization, these minimum standards for a consumer debit authorization may be met through a combination of the Standing Authorization and the Receiver’s affirmative action to initiate a Subsequent Entry.
Where these Rules provide that authorization for an Entry may be obtained by notice to the Receiver, the Receiver’s authorization may also be obtained by a signed, written authorization that meets the requirements of this subsection.
Originating PPD Entries
Prior to originating a PPD debit Entry to a consumer account, an Originator must:
Provide the Receiver with a written authorization that is readily identifiable as an ACH debit authorization and contains clear and readily understandable terms that meet the minimum authorization requirements.
Obtain the Receiver’s agreement to the terms of the authorization via his signature or electronic signature equivalent (i.e., the authorization must be similarly authenticated).
When originating a PPD Entry for a Return Fee Entry to a consumer account, an Originator must:
Obtain the Receiver’s authorization for a Return Fee Entry originated using the PPD Standard Entry Class Code by either (1) obtaining the Receiver’s written authorization, or (2) providing the Receiver with the required notice.
When originating a PPD credit Entry to a consumer account, an Originator must:
Obtain an authorization from the Receiver that is readily identifiable as an authorization and has clear and readily understandable terms. Authorization for a PPD credit entry is not required to be in writing.
For detailed information on Return Fee Entries and authorization requirements, within the Special Topics section of these Guidelines.
Originating CCD Entries
Prior to originating a CCD Entry to a non-consumer account, an Originator must:
Obtain the corporate Receiver’s authorization to originate entries to the Receiver’s account that meets the minimum authorization requirements and
Obtain the corporate Receiver’s agreement to be bound by the NACHA Operating Rules.
Originating WEB Entries
Prior to originating a debit WEB/Mobile Entry to a consumer account, an Originator must:
Obtain written authorization from the Receiver that meet the minimum authorization requirements (1) via the Internet or a wireless network, except for an oral authorization via a telephone call ; or (2) in any manner permissible under the Rules, if the Receiver’s instruction for the initiation of the debit entry is designed by the Originator to be communicated, other than orally via a telephone call , via a wireless network.
Use a fraudulent transaction detection system to screen each debit WEB entry that, at a minimum, validates the account to be debited for the first use of the account number, and for any subsequent change to the account number.
Verify the Receiver’s identity.
Verify that the routing number is valid.
Conduct annually an audit of data security practices for Receivers’ financial information.