Nacha Rules Resource Center

Standardized use of the Company Entry Description to help parties in the ACH Network identify, monitor, and count the volume of payments for specific purposes; and help manage risk.     

Included in the Nacha rule amendments are two newly defined Company Entry Descriptions:

• PAYROLL
  • Establishes a new standard description for credit Entries with a Standard Entry Class code of PPD for payment of wages, salaries, and similar types of compensation.
  • The Company Entry Description must contain the word PAYROLL in first seven (7) characters of the field.
  • Entries with this description make no representation or warranty to the RDFI or to the Receiver regarding the Receiver’s employment status.

• PURCHASE
  • Establishes a new standard description for debit Entries with a Standard Entry Class Code of WEB for e-commerce purchases.
  • The Company Entry Description field must contain the word PURCHASE.

• Improved, targeted risk mitigations and tools may be utilized as participants are able to better identify certain purposes of transactions.    
• For payroll, it can help support RDFI transaction monitoring and logic regarding funds availability.
• For e-commerce purchases, it enables identification of such transactions.
• Standardized use of data can help parties manage risk and improve ACH quality.

• Originators/Third-Party Service Providers/ODFIs of these types of transactions will need to update their systems to utilize the required Company Entry Description(s). 
• RDFIs may choose to take advantage of intelligence enabled by new descriptors, but they would not be required to act as a result of these descriptions.
• The ODFI has no obligation to verify the presence or accuracy of the words “PAYROLL” or “PURCHASE” as a description of purpose.

• ACH Originator Fraud Monitoring
  • Requires qualified ACH Originators to establish and implement risk-based processes and procedures reasonably intended to identify ACH Entries initiated due to fraud.
    • The amendment is intended to reduce the incidence of successful fraud attempts.
    • Regular fraud detection monitoring can establish baselines of typical activity, making atypical activity easier to identify.

• RDFI ACH Credit Fraud Monitoring
  • Requires qualified RDFIs to establish and implement risk-based processes and procedures designed to identify credit Entries initiated due to fraud.
    • RDFIs have a view of incoming transactions as well as account profile information and historic activity on Receivers’ accounts.
    • A risk-based approach to monitoring can consider factors such as transactional velocity, anomalies (e.g., SEC Code mismatch with account type), and account characteristics (e.g., age of account, average balance, etc.). This aligns with AML monitoring practices in place today.
    • Based on its monitoring of incoming credits, an RDFI may decide to return an entry or contact the ODFI to determine the validity of a transaction.

• Expanding fraud detection responsibilities to more parties in the ACH Network provides additional opportunities to detect and prevent fraud, especially for frauds that make use of credit-push payments.  
• Reducing the incidence of successful fraud and improving the quality of transactions in the ACH Network.
• Enabling RDFIs to exercise heightened scrutiny of accounts that are receiving fraudulent or potentially fraudulent transactions and improving funds recovery.

• Implementing or updating fraud-detection processes and procedures, particularly by organizations that are not currently performing fraud monitoring.  
• There is less impact on originators who have already implemented a monitoring system for WEB Debits or Micro-Entries.
• RDFIs will need to either establish processes and procedures reasonably intended to identify Entries that are suspected of being unauthorized or authorized under False Pretenses or ensure that existing processes and procedures are satisfactory for this requirement, including updating such systems and their alerting processes, if necessary.
• RDFIs may need to enable information sharing internally between teams that monitor transactions for suspicious activity and operations, product, and relationship teams.

• All ACH Originator Fraud Monitoring Nacha rules changes outlined in Phase 1 apply to all Non-Consumer Originators, TPSPs, and TPSs, regardless of their ACH origination volume.
• All RDFI ACH Credit Fraud Monitoring Nacha rules changes outlined in Phase 1 apply to all RDFIs, regardless of their ACH receipt volume.