ACH Originator Education
Inside Origination Newsletter
Stay up-to-date with Inside Origination, published twice a year by EPCOR (Electronic Payments Core of Knowledge). This newsletter contains valuable information specific to ACH Originators as well as all business customers. If you are looking for an easy method to stay informed of payments changes, this is it! Click the Download button below to read the most recent edition of Inside Origination. To register for your own subscription to this newsletter and other communications by EPCOR, visit epcor.org.
View Newsletter Newsletter Special Edition: Click here to view the Same Day ACH Edition
New ACH Security Framework Rule
On September 20, 2013, a new ACH Security Framework Rule took effect. Learn about these changes by reviewing EPCOR's short, on-demand course. Click Here to download the course.
This amendment to the ACH Operating Rules establishes the minimum data obligations for ACH Originators to maintain for protecting ACH data. The key elements of this rule are: 1) Protect Sensitive Data & Access Controls; 2) Verification of Third-Party Senders and Originators; 3) Self-Assessment. A free copy of the updated rules are provided to you annually by Nodaway Valley Bank. If you have not received your copy, please contact us today. You may also view or purchase a copy of the updated NACHA Operating Rules at nacha.org.
Requirements of this change:
Non-consumer Originators, Participating Depository Financial Institutions (DFI), and Third-Party Service Providers/Senders must establish, implement, and update (as appropriate) data security policies, procedures, and systems with respect to the initiation, processing, and storage of Entries and resulting Protected Information
Originating Depository Financial Institutions (ODFI) must utilize a commercially reasonable method to verify the identity of an Originator or Third-Party Sender when entering into an Origination Agreement
Self-Assessment does not directly apply to ACH Originators who are bound through ACH Agreements. Participating DFIs and Third-Party Service Providers/Senders must verify through a self-assessment and audit that it has established, implemented, and updated the data security policies, procedures, and systems as required.
Learn About Data Security
Compliance to the new ACH Security Framework Rule can be daunting...but it doesn't have to be! The Better Business Bureau (bbb.org) offers training specifically for small businesses on how to simplify the requirements of ACH data security. Visit bbb.org/council/data-security-made-simpler to get started!
You'll learn how to:
Properly handle & dispose of sensitive data securely
Become PCI Compliant
Respond when customer data is stolen
Respond when a third party requests customer information