Adhering to Nacha’s fraud risk management and monitoring rules

As of March 18, 2022, Nacha’s account validation rule requires ACH originators of WEB entries to use a commercially reasonable fraud detection system to verify the first time a consumer checking account is used for an electronic (ACH) payment, if the payment is initiated over an online channel, the account number must be validated first. WEB debit entries, by definition, are debits to consumers’ accounts where authorization is communicated via the internet or a wireless network. Nacha does not require a specific method to be used for account validation but has provided examples of acceptable forms of validation.

The addition of Nacha’s account validation rule supplements existing guidance which simply required the originator—the creator or sender of the payment—to use a “commercially reasonable fraudulent transaction detection system.” The purpose of this rule is to clarify that a commercially reasonable fraud detection system must have the capability to validate accounts. This means that, before a WEB entry is processed, Nacha will require validation that the account it originated from is, in fact, a valid account for that financial institution and that it is able to accept an ACH transaction.

Appropriate Account Validation Methods

The account validation requirement applies to the first use of an account number or change to the account number. Several methods are available to comply with the new rule. Please note, the methods can be used as part of a waterfall methodology.

 

continue reading »