Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            NACHA FAQs

            Modified on Thu, Jul 18, 2024 at 3:25 PM

            Overview 

            Aline utilizes Jack Henry as its merchant service account vendor, usually referred to as a MSP, for the Aline Payment solution within our suite of products. 


            A MSP serves as a mediator between banks, customers, and merchants to provide payment transactions. However, there are different types of merchant service providers. This means that Aline customers who want to employ the Aline Payment solution, will undergo an underwriting process to establish an account with Jack Henry. The most prominent feature of this type of MSP relationship is that it allows Jack Henry to provide the funds of your portfolio transactions within a 24-hour timeframe, which is faster than just a basic payment service provider (PSP) process of anywhere from 3-10 days or more. 


            All participants in the ACH network are subject to follow NACHA as the guiding and regulatory body. There are special codes, known as SEC codes, that are assigned to the types of payment transactions available that provide the ACH Network with the information needed about the type of payment transaction it is. Each of these codes also have requirements around the proper and acceptable methods of authorization, designed to help mitigate fraud for all parties involved. 


            NACHA Payment Processing and SEC Codes


            1. What is a merchant service vendor versus a merchant service account provider?

            • A merchant service provider (MSP) is often used interchangeably with the term ‘Payment Service Provider’ (PSP). An MSP is also known as a merchant service account provider (MSAP) to better differentiate it from PSP. 


            • An MSP/MSAP establishes a merchant (aka your company) account that needs underwriting approval. Having an established account provides more stability for high volume and value amounts. MSP will also service higher-risk business models. The underwriting process establishes a risk/credit level based on your operations and financial capacity, which enables an expediency of funds to be available in your account.
              • Transaction fees are based on transaction type or service or brand (tiered-pricing model), which enables the types to be properly valued anywhere geographically. And they are negotiated for a lower rate at a lower transaction dollar amount threshold than PSPs. 


            • A PSP is an aggregator, it combines all its customers under one big account, meaning you do not have your own merchant id number, you are more of a “sub-merchant” within the PSP. When exception transactions occur (aka chargebacks) or fraud, the PSPs bank deducts the funds from the PSP. The PSP then deals with its customer(s) in question to recoup, hence there tends to be more account holds and freezes placed on their customer than with standard MSPs. 
              • Typically, there is no application and there is immediate approval, and flat rate fees no matter the transaction type. But, the fee is an average across a geographical area. Meaning, there is no underwriting process to startup, but the fees can be higher than normal no matter the location and some transaction types could also be over/undervalued for fees since they vary by PSP vendor. For example, fees are not based on brand or type of card used, instead they are based on the type of service/sale, such as Square vs. PayPal vs. Quickbooks transactions. 
              • Fees can be negotiated upon reaching a certain dollar amount threshold, typically a higher dollar amount that a traditional MSP
              • Transactions can be restricted in size, have longer processing times, and funds can be further delayed due to exceptions and risk mitigation protocols
              • No Payment Card Industry (PCI) security compliance required, meaning less secure and no support from the PSP. 


            2. What is NACHA?

            • NACHA is a registered trademark, and it stands for “National Automated Clearing House Association”


            • NACHA was formed in 1974 to coordinate the ACH Network and is governed by operating rules and guidelines, which are developed by the actual users of the system and is administered through a series of agreements among financial institutions, customers, trading partners, and ACH Operators.


            • Federal Government ACH payments are controlled by the provisions of Title 31 Code of Federal Regulations Part 210 (31 C.F.R. Part 210). The Financial Management Service (FMS) of the U.S. Department of the Treasury is the agency responsible for establishing Federal Government ACH policy. 


            • Other laws that have a direct bearing on ACH operations are the Uniform Commercial Code Article 4 (which governs check transactions), Article 4A, and the Electronic Funds Transfer Act as implemented by Regulation E.


            3. Why is NACHA applicable to you/your company?

            • Aline has contracted with a Third-Party Service Provider to process payment transactions through the ACH Network. 


            • The Jack Henry Enterprise Payment Solutions (EPS) system is designed to operate in full compliance with the regulations governing the ACH Network. However, many of the requirements must be carried out by the Originator. It is ultimately the responsibility of the Originator to fully comply with all the regulations governing the ACH Network, including the NACHA Operating Rules. 


            • An “Originator” is defined as any individual, corporation, or other entity that initiates entries into the ACH Network



            4. What are some other important terms to be aware of?

            • Receiver – the Receiver is the individual, corporation, or other entity that has an account with a financial institution. The Receiver is who authorizes the Originator to process a payment transaction.


            • ODFI – stands for ‘Originating Depository Financial Institution.’ The ODFI is a participating financial institution that originates ACH entries at the request of and by ODFI agreement with its customers. ODFI’s must abide by the provisions of the NACHA Operating Rules and Guidelines.


            • RDFI – stands for ‘Receiving Depository Financial Institution.’ The RDFI is any financial institution with which the Receiver has an account relationship and is qualified to receive ACH entries that agrees to abide by the NACHA Operating Rules and Guidelines.


            • Third-Party Service Provider – handles any aspect of the ACH process on behalf on an Originator, ODFI, or RDFI. This is Jack Henry's designation in our Aline Payments process.


            • Third-Party Sender (TPS) – An entity that has a contractual relationship with an ODFI to transmit debits or credits to the account of a Receiver on behalf of the Originator.  This is also Jack Henry's designation in our Aline Payments process.


            • Nested Third-Party Sender – a Third-Party Sender that has an agreement with another Third-Party Sender to act on behalf of an Originator and does not have a direct agreement with the ODFI. This is Aline's designation in the Aline Payments process.



            5. What does the ACH process look like?

            1. Receiver: authorizes the transaction to the Originator.
            2. Originator: forwards transaction data to the ODFI through the Aline & Jack Henry third-party roles.
            3. ODFI: sorts and transmits the files to the ACH Operator (network).
            4. ACH Operator: distributes the ACH files to the RDFI.
            5. RDFI: makes funds available to the Receiver and reports on your statement.



            6. What are the types of transactions supported and regulated by NACHA?

            • The ACH Network supports a variety of payment types, each governed by a unique set of operating rules and guidelines. NACHA identifies and recognizes each payment type by a specific three-digit code, known as a Standard Entry Class (SEC) Code. 
              • Navigate to the next section titled ‘Payment processing types and Authorizations’ for more information and specific details



            7. What about document retention and proof of authorizations?

            • All proofs of authorization should be kept on file for at least 2 years.


            • Most of us in the Senior Living industry have a company or state retention policy requirement that is longer than 2 years.


            • Please refer to the transaction type questions and answers for specifics on the methods of authorization and proofs of authorization accepted.



            8. What about credit card processing and it's authorization?

            • Aline is currently working on providing this functionality to our customers. More information related to credit card processing and it’s authorization will be forthcoming as soon as possible.



            9. Where can I learn more about NACHA?




            Payment Processing Types and their Authorizations

            Before any payment transaction is processed by the Originator, the proper authorization for the transaction should be obtained from the Receiver and retained by the Originator for a minimum of 2 years. Revocation of authorization must also be retained for a minimum of 2 years following the termination or revocation of the authorization, as well as proof that the Receiver affirmatively initiated each payment in accordance with the terms of the Standing Authorizations for two years following the settlement date of the entry. However, most of us within the Senior Living industry have company policies or state regulations pertaining to resident documentation retention that usually exceeds 2 years.


            Listed below are the types of payment transactions and their corresponding SEC codes, as well as the details needed for proof of authorizations for each type. Aline has created an authorization template for our customers to use that contains each of these transaction types. At the request of Jack Henry, or other Aline approved payment vendor, the Originator must provide the original, copy, or other accurate record of the Receiver’s authorization to Jack Henry for its use or for the use of an RDFI requesting the information within the designated timeframe provided from the day of Jack Henry request. Otherwise, the transaction is subject to be returned to the Receiver/RDFI.  


            1. What must an authorization always include?

            • Each SEC code has its own requirements. However, there are some details that pertain to all authorizations, an authorization must:
              • Comply with any applicable legal requirements.
              • Be readily identifiable as an ACH authorization.
              • Have clear and readily understandable terms


            • Debit Entries to a Consumer account:
              • Must be in writing and signed or similarly authenticated (e.g., digital signatures, codes, shared secrets, PINs, etc.) by the Receiver, except as expressly provided in the authorization sections of the NACHA Rules and Guidelines for specific types of SEC code entries.
              • Language regarding whether the authorization obtained from the Receiver is for a single entry, recurring entries, or one or more subsequent entries initiated under the terms of a standing authorization.
              • The amount of the entry(ies) or a reference to the method of determining the amount of the entry(ies).
              • The timing of the entries, including the start date, number or entries, and/or frequency of the entries.
              • The Receiver’s name or identity.
              • The account to be debited (this should include the type of account).
              • The date of the Receiver’s authorization.
              • Language that instructs the Receiver how to revoke the authorization directly with the Originator (including the time and manner in which the Receiver’s communication with the Originator must occur). For a single entry scheduled in advance, the right of the Receiver to revoke the authorization must afford the Originator a reasonable opportunity to act on the revocation prior to initiating the entry.
              • The Originator must provide each Receiver with an electronic or hard copy of the Receiver’s authorization for all debit entries to be initiated to a consumer account.


            2. What is "Standing Authorization"?

            • Defined as an advance authorization by a consumer of future debits at various intervals. 


            • Originators are allowed to obtain Standing Authorizations in writing or orally.


            • Subsequent entries will be able to be initiated in any manner identified in the Standing Authorization.



            3. What is needed for a paper check / e-Check transaction?

            • A Paper Check that is converted to an electronic check (E-Check) for ACH processing.


            • The SEC code is 'ARC'.
              • Defined as a single-entry ACH debit that takes place when an Originator receives and converts a check payment that is sent via mail or delivery service, at a dropbox location, or in person for payment of a bill at a manned location.
              • When the paper check is converted, it is then referred to as a “source document.” Meaning, the original checks or copies of the original checks are considered proof of authorization.
              • The check cannot be altered or redacted, it would need to be the original version or copy of the original. No alteration of the check is acceptable.


            • Originators are required to provide notice to the Receiver prior to the receipt of each source document, of the company’s intent to convert the check to an ACH debit entry. 
              • This notice is typically on an invoice or billing statement.
              • For dropbox locations, notice should be clearly displayed on signage.
              • Notices should be displayed in a prominent and conspicuous manner.


            • Our customers need a written authorization on file for one-time or recurring e-Check transactions.



            4. What is needed for a one-time ACH transaction, where the bank account is input and saved for repeated one-time or recurring automatic use?


            • The SEC code is 'PPD'.
              • Defined as applies to standing or single-entry authorization and recurring and non-recurring payments.
              • A customer provides a written, signed, or similarly authenticated authorization. *Note – the ‘similarly authenticated authorization’ method must evidence both the consumer’s identity and their assent to the authorization.


            • PPD Authorization Requirements
              • Adhere to the standard authorization requirements stated in the standard authorization question.
              • Originator must provide the Receiver with a copy of the authorization for all debit entries. *Note – this can be in the form of receipt/confirmation that contains the authorization standards within it.
              • Originator must retain the original or a reproducible copy of the Receiver’s authorization for 2 years from the termination or revocation of the authorization.



            5. What is needed for the self-service Aline Express Pay Portal payment transactions?

            • Defined as internet-initiated/mobile ACH entries.


            • When an Originator obtains authorization via the internet, mobile device, or a wireless network from a consumer to create an ACH debit transaction.


            • Applicable to single-entry, recurring entry, or subsequent entry transactions.


            • The SEC code is 'WEB'.
              • Single-entry transactions – a one-time transfer of funds between the Originator and an established customer.
              • Recurring transactions – a transfer of funds set up to occur automatically at regular intervals by a known customer.
              • Subsequent entry – originated individually upon the affirmative action of the customer, based on a standing authorization provide by the customer that establishes a relationship with the Originator for a specific type of activity.


            • Authentication requirements
              • Ensuring that the name given for a particular transaction corresponds to a real-world identity.
              • Confirmation that the person providing that name is truly the customer associate with an account and not an unscrupulous impersonator.
              • The Originator is responsible for choosing an appropriate authentication solution that will minimize the potential for fraudulent transactions. Common examples include:
                • Tough user ID / PIN / password.
                • ID verification check – ask for several forms of identifying information (name, address, phone, email, etc.) and check that information against databases.
                • Knowledge-based authentication – such as shared secrets, shared secret questions, or ask challenging questions based upon credit bureau or other information.
                • Out-of-Band Authentication – send the customer a specific piece of information, either online or offline, and then ask the customer to verify that information as a second step in the authentication process.
                • Multifactor authentication – uses multiple characteristics to determine a customer’s identity: 
                  • Something the customer knows (password)
                  • Something the customer has (a personal computer)
                  • Something the customer is (voice or fingerprint)
                  • Someplace the customer is (geolocation)


            • Authorization requirements
              • Adhere to the standard requirements of authorization.
              • Originator must obtain authorization from the Receiver prior to initiating a WEB debit to a consumer’s account.
              • Must be in writing that is signed or similarly authenticated (e.g., digital signatures, codes, shared secrets, PINs, etc.) by the Receiver via the internet or wireless network.
              • The Receiver should be encouraged to print and retain a copy of the authorization.
              • The Originator must be able to provide the Receiver with a copy of the authorization if requested to do so.
              • Only the Receiver may authorize the WEB transaction, and not a third-party service provider.
              • The Originator must retain a copy of the authorization and a record of the authentication process used to link that authorization to the Receiver for 2 years from the termination or revocation of the authorization.
              • Example: Originators should provide documentation that provides transaction details including Receiver information. Originators can provide a screen shot of the authorization language and then the date/timestamp of the Receiver login and the authorization process that evidenced both the consumer’s identity and its assent to the authorization.



            6. What is needed for a Telephone payment transaction?

            • The telephone functionality is not yet available within the Aline suite of products. However, for the Payments application, the considerations are as follows:


            • Oral authorization for consumer ACH debits initiated from a telephone call, that make use of verbal interactions and voice-related technologies.


            • Subsequent entries under a Standing Authorization will allow them to be initiated through voice commands, instructions, or affirmations.


            • The SEC code is 'TEL'.
              • Aline customers can utilize a voice capture system or a written authorization for TEL transactions. *Note - the voice capture system must be able to retain captures for at least 2 years, and the customer should verify with their vendor that the system has this capability. Otherwise, it would require the Aline customer to download those captures and store them separately elsewhere to adhere to the retention guideline.
              • Email confirmation as a follow up after taking a telephone payment is acceptable for written authorization. You will need to print the email to keep on file for record retention. Receipt of the confirmation by the resident/RP is not necessary. 
              • Originator’s must establish and implement commercially reasonable procedures to verify the identity of the Receiver (e.g., name, address, and telephone number), and further verify the Receiver’s identity by verifying pertinent information with the Receiver (e.g., caller id information, shared secrets, account passwords, challenge responses, etc.).


            • Originators of a single entry oral authorization must retain the original or a duplicate audio recording of the oral authorization, or the original or a copy of the written notice confirming the oral authorization, for two years from the date of the authorization.


            • Originators of recurring entry oral authorizations must retain (1) the original or a duplicate audio recording of the oral authorization, and (2) evidence that a copy of the authorization was provided to the Receiver in compliance with Regulation E for two years from the termination or revocation of the authorization.


            • For a Standing Authorization that is an oral authorization, the Originator must retain the original or a duplicate audio recording of the standing oral authorization, or the original or copy of the written notice confirming the standing oral authorization, for two years from the termination or revocation of the Standing Oral Authorization. 
              • Originator must also retain proof that the Receiver affirmatively initiated each payment in accordance with the terms of the standing oral authorization for two years following the settlement date of the entry. *This is the written or electronically written payment confirmation.



            7. What is needed for a business-to-business payment transaction? (i.e., Salon Services, etc.)

            • The commercial lease functionality is not yet available within the Aline suite of products. However, for the Payments application, the considerations are as follows:


            • The SEC code is 'CCD'.
              • This code is used regardless of if the payment is processed via the internet, such as the Express Pay portal, or through the community.
              • The Aline team would need to code commercial lease billing id number(s) to be independently configured to have the CCD coding.
              • Aline needs to examine the commercial lease entity configuration needs against the current Aline product suite logic. For example, the use of the Express Pay portal authentication step and the use of the ‘DOB’ field. 


            • The commercial lease entity would be subject to the same authorization needed as residents, such as the written recurring ACH/TEL/e-Check requirements stated in those transaction types.
              • The NACHA rules do not require the CCD authorization to be in a specific form, however, the rules require the Originator and Receiver to have an agreement that binds the Receiver to the rules.
              • Originator must be able to provide :
                • 1) an accurate record evidencing the Receiver’s authorization, or 
                • 2) The Originator’s contact information including the Originator’s name and phone number or email address for inquiries regarding authorization of entries.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0