ACH Originators

Inside Origination Newsletter

Stay up-to-date with Inside Origination, published twice a year by EPCOR (Electronic Payments Core of Knowledge). This newsletter contains information specific to ACH Originators and changes in payment practices. Click the Download button below to read the most recent edition. To register for your own subscription. visit

View Newsletter

ACH Return Rate Rule

Effective 10/3/16:

Unauthorized Entry Fee is $4.50 and the threshold is .05%

  • Fees may be passed on to the originator
  • R05 – Unauthorized Debit to Consumer Account Using SEC Code
  • R07 – Authorization Revoked by Customer
  • R10 – Customer Advises Unauthorized, Improper, Ineligible, or part of an Incomplete Transaction
  • R29 – Corporate Customer Advises Not Authorized
  • R51 – Item Related to RCK Entry is ineligible or RCK Entry is improper

Effective 9/18/15:

Administrative Return Rate Level for debit entries is 3%

  • R02 – Account Closed
  • R03 – No Account/Unable to Locate Account
  • R04 – Invalid Account Number Structure

Overall Return Rate Level for debit entries is 15%

  • Returns for ANY reason (includes NSF, stop payments, etc.)
  • Exclude RCK entries (represented check entires)

Additional Resources

Corporate User
Here you will find a resource for businesses utilizing the various payments channels offered in the industry today.

ACH Security Framework Rule

This rule establishes the minimum data obligations for ACH Originators to maintain for protecting ACH data. The key elements of this rule are: 1) Protect Sensitive Data & Access Controls; 2) Verification of Third-Party Senders and Originators; 3) Self-Assessment. Requirements of this rule:

  • Non-consumer Originators, Participating Depository Financial Institutions (DFI), and Third-Party Service Providers/Senders must establish, implement, and update (as appropriate) data security policies, procedures, and systems with respect to the initiation, processing, and storage of Entries and resulting Protected Information
  • Originating Depository Financial Institutions (ODFI) must utilize a commercially reasonable method to verify the identity of an Originator or Third-Party Sender when entering into an Origination Agreement
  • Self-Assessment does not directly apply to ACH Originators who are bound through ACH Agreements. Participating DFIs and Third-Party Service Providers/Senders must verify through a self-assessment and audit that it has established, implemented, and updated the data security policies, procedures, and systems as required.
View Checklist

Learn About Data Security

Compliance with the new ACH Security Framework Rule can be daunting. The Better Business Bureau ( offers training specifically for small businesses on how to simplify the requirements of ACH data security. Visit to get started.

Learn how to:

  • Properly handle & dispose of sensitive data securely
  • Become Payment Card Industry (PCI) Compliant
  • Respond when customer data is stolen
  • Respond when a third party requests customer information and more!

How may we help you?

  • Call

    Call Us
    (877) 217-4682

  • Chat Us

    Chat With Us

  • FAQ


  • Come See Us

    Come See Us

  • Email Us

    Email Us