Inside Origination Newsletter
Stay up-to-date with Inside Origination, published twice a year by EPCOR (Electronic Payments Core of Knowledge). This newsletter contains information specific to ACH Originators and changes in payment practices. Click the Download button below to read the most recent edition. To register for your own subscription. visit epcor.org.
ACH Return Rate Rule
Unauthorized Entry Fee is $4.50 and the threshold is .05%
- Fees may be passed on to the originator
- R05 – Unauthorized Debit to Consumer Account Using SEC Code
- R07 – Authorization Revoked by Customer
- R10 – Customer Advises Unauthorized, Improper, Ineligible, or part of an Incomplete Transaction
- R29 – Corporate Customer Advises Not Authorized
- R51 – Item Related to RCK Entry is ineligible or RCK Entry is improper
Administrative Return Rate Level for debit entries is 3%
- R02 – Account Closed
- R03 – No Account/Unable to Locate Account
- R04 – Invalid Account Number Structure
Overall Return Rate Level for debit entries is 15%
- Returns for ANY reason (includes NSF, stop payments, etc.)
- Exclude RCK entries (represented check entires)
ACH Security Framework Rule
This rule establishes the minimum data obligations for ACH Originators to maintain for protecting ACH data. The key elements of this rule are: 1) Protect Sensitive Data & Access Controls; 2) Verification of Third-Party Senders and Originators; 3) Self-Assessment. Requirements of this rule:
- Non-consumer Originators, Participating Depository Financial Institutions (DFI), and Third-Party Service Providers/Senders must establish, implement, and update (as appropriate) data security policies, procedures, and systems with respect to the initiation, processing, and storage of Entries and resulting Protected Information
- Originating Depository Financial Institutions (ODFI) must utilize a commercially reasonable method to verify the identity of an Originator or Third-Party Sender when entering into an Origination Agreement
- Self-Assessment does not directly apply to ACH Originators who are bound through ACH Agreements. Participating DFIs and Third-Party Service Providers/Senders must verify through a self-assessment and audit that it has established, implemented, and updated the data security policies, procedures, and systems as required.
Learn About Data Security
Compliance with the new ACH Security Framework Rule can be daunting. The Better Business Bureau (bbb.org) offers training specifically for small businesses on how to simplify the requirements of ACH data security. Visit bbb.org/council/data-security-made-simpler to get started.
Learn how to:
- Properly handle & dispose of sensitive data securely
- Become Payment Card Industry (PCI) Compliant
- Respond when customer data is stolen
- Respond when a third party requests customer information and more!