Nacha Operating Rules Updates


Questions? Call Treasury Management Services Support.


Mon-Fri, 7:30AM – 8:00PM ET
Sat, 8:00AM – 4:00PM ET
Sun, 11:00AM – 3:00PM ET

Or, contact your Treasury Management Officer


Account validation requirement for WEB initiated debits (Enforcement)

Enforcement begins March 18, 2022
  • WEB (Internet Initiated ACH Payments) will specifically require an additional "account validation" screening as part of a "commercially reasonable fraudulent transaction detection system."
    • The supplemental requirement would apply to the first use of an account number, and changes to an account number previously used.
    • The requirement is non-specific with regard to the method or technology to validate account information.
  • Customers who create WEB transactions using their own software, or with that of software provider or other vendor must ensure this validation is in place.
  • If your organization originates WEB entries, please act now to ensure you'll have account validation functionality in place before this change becomes effective.
    • Please see Nacha.org for additional information

Note: Customers that use TD Bank's TD eBill service to originate WEB transactions is compliant with this requirement by the effective date.

Data Security Requirements for Non-Financial Originators, Third-Party Service Providers, and Third-Party Senders

Effective June 30, 2022 – Phase 2 – Updated Implementation Date
  • Initially, this rule change was slated for June 30, 2021 but changed to June 30, 2022.
  • Phase 2: Any Originator, Third-Party Service Providers, and Third-Party Senders that originates 2 million or more ACH transactions in calendar year 2020 will need to be compliant by June 30, 2022.
  • This rule expands the existing ACH Security Framework to explicitly require large, non-financial institution Originators, Third-Party Service Providers, and Third-Party Senders to protect account numbers used in the initiation of ACH entries by rendering them unreadable when stored electronically.
  • The rule aligns with existing language contained in PCI requirements; thus, industry participants are expected to be reasonably familiar with the manner and intent of the requirement.
  • The rule applies only to account numbers collected for or used in ACH transactions and does not apply to the storage of paper authorizations.

Micro-Entries

Phase 1: Effective September 16, 2022; Phase 2: Effective March 17, 2023
  • Micro-Entries are a generally accepted method in the marketplace for an ACH Originator to test the validity of a Receiver’s account
  • The overarching purpose of these Rules is to further define Micro-Entries in the ACH Network by:
    • Define “Micro-Entries” as ACH credits of less than $1, and any offsetting ACH debits, used for the purpose of verifying a Receiver’s account
    • Standardize the Entry description and Company Name requirements for Micro-Entries
    • Establish other Micro-Entry origination practices
    • Apply risk management requirements to the origination of Micro-Entries

Phase 1: September 16, 2022
  • Definition of Micro-Entries
    • A Micro-Entry would be “a credit or debit Entry used by an Originator for the purpose of verifying a Receiver’s account or an individual’s access to an account.”
    • A credit Micro-Entry must be in the amount of less than $1.00
    • One or more debit Micro-Entries must not exceed, in total, the amount of the corresponding credit Micro-Entries
  • Standardize Formatting for Micro-Entries
    • In the Company Entry Description field, the Rule would require the use of “ACCTVERIFY”
    • The Company Name must be readily recognizable to the Receiver, and be the same or similar to the Company Name that will be used in future Entries
  • Origination Requirements for Micro-Entries
    • An Originator that is using debit Micro-Entry offsets must send the debits and the corresponding credit Micro-Entries simultaneously for settlement at the same time
    • The total amount of the credit Micro-Entry(ies) must be equal to or greater than the value of the debit Micro-Entry(ies)
    • An Originator using Micro-Entries may initiate future Entries to the Receiver’s account as soon as the Originator’s process for validating the amounts of the Micro-Entries has been completed

Phase 2: March 17, 2023
  • Risk Management Requirements for Micro-Entries
    • An Originator of Micro-Entries must conduct commercially reasonable fraud detection on its use of Micro-Entries, including by monitoring of forward and return volumes of Micro-Entries
  • Although not part of this Rule, ACH participants should understand how other provisions of the Nacha Rules apply to Micro-Entries
    • Although Micro-Entries are often referred to as test transactions, they are actual “live” ACH Entries that result in the movement of money
    • ODFI warranties apply to these Entries, including the warranties that they are authorized and contain accurate information
  • Please see Nacha.org for additional information

back to top