Skip to Content

Online Banking

the right bank TM

ACH Originator Education

Inside Origination Newsletter

Stay up-to-date with Inside Origination, published twice a year by EPCOR (Electronic Payments Core of Knowledge). This newsletter contains valuable information specific to ACH Originators as well as all business customers. If you are looking for an easy method to stay informed of payments changes, this is it! Click the Download button below to read the most recent edition of Inside Origination. To register for your own subscription to this newsletter and other communications by EPCOR, visit
View Newsletter    Newsletter Special Edition: Click here to view the Same Day ACH Edition

New ACH Security Framework Rule

On September 20, 2013, a new ACH Security Framework Rule took effect. Learn about these changes by reviewing EPCOR's short, on-demand course. Click Here to download the course.

This amendment to the ACH Operating Rules establishes the minimum data obligations for ACH Originators to maintain for protecting ACH data. The key elements of this rule are: 1) Protect Sensitive Data & Access Controls; 2) Verification of Third-Party Senders and Originators; 3) Self-Assessment. A free copy of the updated rules are provided to you annually by Nodaway Valley Bank. If you have not received your copy, please contact us today. You may also view or purchase a copy of the updated NACHA Operating Rules at

Requirements of this change:

  • Non-consumer Originators, Participating Depository Financial Institutions (DFI),  and Third-Party Service Providers/Senders must establish, implement, and update (as appropriate) data security policies, procedures, and systems with respect to the initiation, processing, and storage of Entries and resulting Protected Information
  • Originating Depository Financial Institutions (ODFI) must utilize a commercially reasonable method to verify the identity of an Originator or Third-Party Sender when entering into an Origination Agreement
  • Self-Assessment does not directly apply to ACH Originators who are bound through ACH Agreements. Participating DFIs and Third-Party Service Providers/Senders must verify through a self-assessment and audit that it has established, implemented, and updated the data security policies, procedures, and systems as required. 

Learn About Data Security

Compliance to the new ACH Security Framework Rule can be daunting...but it doesn't have to be! The Better Business Bureau ( offers training specifically for small businesses on how to simplify the requirements of ACH data security. Visit to get started!

You'll learn how to:

  • Properly handle & dispose of sensitive data securely
  • Become PCI Compliant
  • Respond when customer data is stolen
  • Respond when a third party requests customer information
  • and more!