Through Nacha’s Risk Management Portal that includes Third-Party Sender Registration, Direct Access Registration, the Terminated Originator Database, and the Financial Institution Contact Database, ACH Network participants can help enhance Network quality and security, fueling innovation and the continued growth of the Network.
NACHA provides a Financial Institution Contact Database as a vehicle for communication during operational and risk/fraud events: financial institutions can collaborate and share information as needed to mitigate the impact these events can have on day-to-day operations.
NEW! An industry resource – the ACH Contact Registry - is being created for financial institutions to be able to more easily connect with other financial institutions about ACH operations, exceptions and risk management. In order for the ACH Contact Registry to be a valuable, Network-wide resource, all ODFIs and RDFIs in the ACH Network need to participate. The new rule enables the creation of this resource by requiring the registration of contact information by all ODFIs and RDFIs in the ACH Network and goes into effect in 2020. Click here for more information.
The Third-Party Sender Registration Rule requires all ODFIs to either register their Third-Party Sender (TPS) relationships or state that they do not have any. Once registered, just provide updates following any change to the information you’ve provided (including termination). Need more information? Get the Risk Management Portal Instruction Manual.
Registrations are completed through either an individual upload or bulk upload process. The individual upload process allows for quick registration, editing and deactivating of individual TPS relationships, while the bulk upload (available in XML, Excel, and CSV) allows for registering, editing, deactivating, and maintaining groups of TPS relationships. Nacha provides templates that ODFIs can use to build their own internal systems to the Database specifications. The templates include a Word document outlining the specific fields for the Third-Party Sender Registration database and a description of those fields, along with a sample XML, Excel, and CSV file with the database fields included.
If you are unsure whether or not your third-party customers are also Third-Party Senders, use the Third-Party Sender Identification Tool, or contact your local Payments Association, or Nacha. Remember to provide your financial institution’s routing number in all communications, since this helps to identify you and your information in the database.
The Direct Access Status Registration Rule requires every ODFI to register its Direct Access Debit Participant Status by either acknowledging that it has no Direct Access Debit Participants or providing specific information about each Direct Access Debit Participant. Once registered, just provide updates following any change to the information you've provided (including termination). Need more information? Get the Risk Management Portal Instruction Manual.
If you’re unsure whether your ODFI maintains Direct Access Debit Participant relationships, see our definitions and example scenarios, contact your local Payments Association (link is external), or Nacha. Remember to provide your financial institution’s routing number in all communications, since this helps us to identify you in our database.
Nacha offers the Termination Originator Database (TOD) service in order for ODFIs and Third Parties to perform part of their due diligence for KYC (“Know Your Customer”) by being able to add information on, investigate new and periodically verify Originators and Third-Party Senders.
Inclusion in the TOD, after being terminated for cause, does not mean an Originator or Third-Party Sender is prohibited from working with another ODFI. However, it allows educated business decisions about new Originators or Third-Party Senders.
Nacha encourages ODFIs and Third Parties to use the NACHA TOD service in the following ways:
To add information on terminated Originators and Third-Party Senders.
To investigate new Originators and Third-Party Senders before onboarding.
To periodically verify your current Originators and Third-Party Senders, ensuring they haven’t been recently terminated by another ODFI.
Nacha is committed to taking appropriate steps to secure the data collected and stored in the Risk Management Portal. The Portal is a hosted solution built with security and business continuity in mind, including physical security, encryption, user authorization and authentication processes, and auditing to verify satisfaction of privacy and security requirements. Authorized users must use the secure Risk Management Portal to access the Third-Party Sender Registration Database, the Direct Access Registration Database, the Terminated Originator Database, and the Financial Institution Contact Database. Data is encrypted while it is in transit to Nacha and remains encrypted while it is at rest in the solution. Moreover, compliance of the underlying cloud platform with key industry standards is certified by the cloud service provider.
The Supplementing Fraud Detection Standards for WEB Debits rule (effective March 19, 2021) is neutral regarding specific methods or technologies used to validate first-use consumer account information. Possibilities include:
An ACH prenotification
ACH micro-transaction verification…
Myth 1: If payday is on a Friday, you won’t get your money until Monday (or later if Monday is a holiday)
Fact: If payday is Friday, payroll payments made by Direct Deposit are available in the employees’ account at the opening of business on Friday in virtually all cases. For example, if your…
Threats and fraud can be perpetuated through cyberattacks, email compromise, account takeover, social engineering, and even vendor impersonation fraud. While these threats are not about a direct compromise of the ACH Network or other payment systems, they exploit vulnerabilities or gaps in…