The National Automated Clearinghouse Association (NACHA) issues out operating rules yearly for businesses that accept ACH payments. This body governs all aspects of ACH payments and offers regulations on how to store, access, and share client data.
Knowing this, is your business compliant with NACHA security rules? You need to familiarize yourself with NACHA security rules for the sake of your business as well as your clients. Please be aware NACHA releases new publications every year. Make a habit of reviewing the rules from time to time so that you are not left behind.
An Overview of NACHA Security Rules for Merchants
You are probably aware of how vulnerable the internet can be. Agencies such as NACHA strive hard to make it a safe place for customers and business owners to transact online. These NACHA rules for merchants are designed to help secure your clients’ sensitive financial data. It also ensures secure and smooth transactions when it comes to online payments.
If you are running a business and you do accept ACH payments, then you definitely will collect and store sensitive information belonging to your clients. This includes bank account and routing numbers amongst others. As such, it is mandatory for your business to comply with NACHA requirements.
Below are the key NACHA security rules for merchants:
Secure Transmission and Safe Storage of Electronic Data
According to NACHA, every time you send or store data, it must be encrypted. Using unencrypted emails or web forms could expose your clients’ details to scammers. To adhere to this rule, you can make use of tools such as the Microsoft Office Message Encryption. Alternatively, for businesses that use cloud-based software to accept payments, confirm their database features robust encryption. This will ensure the safe storage of electronic data.
Safe Storage of Hard Copy Documents
If your business collects customer data in the form of hard copy, it is your responsibility to ensure this data is stored safely. Invest in a quality safe that can secure your customers’ information. Additionally, you should restrict employee access to these documents.
Validation of Routing Numbers
NACHA requires before entering routing numbers into the ACH Network, you need to ensure they are valid. If you use a reputable ACH processing system, double-check to ensure their validation function fulfills this requirement. You can also validate routing numbers by checking its format or looking it against a database of valid routing numbers.
Verification of Client Identity
Before proceeding with any transaction, NACHA rules require merchants to verify the identification of the customer. This is irrespective of whether the transaction has been authorized via phone or online. To confirm the customer’s identity, you can refer to forms received from the customer authorizing ACH payments. Alternatively, several third party sites offer customer verification. For businesses that have a reliable payment processing system, the verification is built into the software to eliminate your responsibility for this task.
Be Cautious about Fraud
Always be vigilant when initiating ACH transactions. Ensure that there is no fraud involved. Counter check all duplicate and suspicious activity. Flag any signs of fraud. One of the benefits of having a payment processing system is that it will detect any fraudulent activities.
Implement and Outline a Clear Security Policy
Finally, NACHA requires all originators to not only implement but also outline a detailed security policy. In the policy, you should state measures you have undertaken in ensuring secure transmission, storage, and protection of confidential data. Don’t forget to include a section describing how you verify the identity of your clients.
Complying with NACHA requirements goes a long way in improving the relationship you have with your customers. That aside, it helps safeguard important client information. You should always adhere to these regulations and follow the best practices for ACH transactions. We hope the above overview gives you insight on the NACHA security rules for merchants and how to be compliant.
Whether or not you are currently accepting ACH payments, Payment Savvy can help you create a payment acceptance plan built around your exact business needs. As always, our solutions are PCI Level-1 and NACHA compliant. Ready to experience a better way? Our savvy team is ready to show you how we do payments better. Reach out to us today to learn more.