ACHQ Tutorial Series: SEC Codes and How to Authorize ACH
Obtaining the proper authorization for your ACH transactions is the most important step you can take to protect yourself against disputes, return fees, and reversed transactions.
According to NACHA (the organization that oversees the Automated Clearing House (ACH) network) rules, there are only three reasons people can dispute ACH charges to their account:
- If it was never authorized by the account holder or the authorization was revoked;
- If it was processed on a date earlier than authorized; or
- If it is for an amount different than authorized
NOTE: The transaction must be for the exact amount authorized—it cannot be higher or lower. However, you are permitted to have customers authorize payments for variable amounts, and/or not to exceed amounts.
That’s it. And, disputing an ACH charge requires that the account holder provide notice to the bank in writing (or the electronic equivalent) that one of those three conditions exists. (Note that this is significantly different from credit card transactions where a customer can have a charge reversed simply by claiming that the product or service received was not what they expected.)
The key word is Authorized—which according to NACHA means something very specific depending on the ACH Type used to submit the transaction. ACHQ supports the following ACH Types (though your account many not be enabled for all of them):
- PPD: Used for a one‐time or recurring business to consumer ACH transaction, for which you have written authorization.
- TEL: Used for a one‐time or recurring business to consumer, or business to business, ACH transaction that was authorized over the phone
- WEB: Used for a one‐time or recurring business to consumer, or business to business, ACH transaction that was authorized by submitting a form over the internet
- CCD: Used for a one‐time or recurring business to business ACH transaction, for which you have written (mail, email or fax) or telephone authorization or having a general written agreement/contract with the company for ACH debits to its account
You must fulfill the authorization requirements for the ACH Type submitted, or your customer can have the charge reversed. For example, if your customer calls to place an order over the phone, and you process it as a PPD transaction instead of a TEL transaction, your customer can claim that the transaction was not authorized and have it reversed.
A Primer to SEC Codes
Before we dive into the details of SEC codes, let’s quickly review the key players involved in ACH. First off, NACHA is the regulatory body governing the ACH network. Next, there are ODFIs (Originating Depository Financial Institutions) and RDFIs (Receiving Depository Financial Institutions). An ODFI is a financial institution in which the ACH transaction starts or originates from (e.g., ACHQ’s bank), while an RDFI is an institution that receives the ACH transaction (e.g., your customer’s bank). Similarly, the Originator is the party that originates an ACH transaction, and the Receiver is the party that receives the transaction. Finally, when an ACH transaction is submitted, it becomes an ACH Entry.
ACH transactions are categorized by how you capture authorization from the Receiver (the person whose bank account is being debited or credited). The four most common SEC codes are:
- Prearranged Payment and Deposit Entries (PPD): The merchant obtains written authorization to debit or credit a consumer
- Corporate Credit or Debit (CCD): The merchant Debits or Credits another business bank account (whether this is on paper, online, or over the phone, does not matter)
- Telephone-Initiated Entries (TEL): The merchant accepts authorization and payment information from a consumer over the telephone
- Internet-Initiated/Mobile Entries (WEB): The merchant accepts Debit transactions from a consumer on their website
Why are SEC Codes Important?
NACHA requires that merchants obtain the consumer’s explicit authorization before initiating a transaction. To stay compliant, you’ll need to make sure that you retain a compliant authorization for each transaction that you originate to the ACH Network). You will need to use proper authorization language and be able to accurately demonstrate that an authorization occurred for each ACH transaction (see NACHA Rules for additional detail).
Here are a few examples that illustrate how authorization works for different industries that use popular SEC codes:
- PPD: Merchants at health and fitness centers can accept membership payments via authorization form.
- TEL: Merchants at collections agencies can accept authorization of payment over the phone.
- WEB: Merchants at online consumer lending businesses can accept repayment authorization online through a payment portal.
- CCD: Merchants at office property management and leasing businesses can accept rent payments via authorization form.
As part of the authorization process, we recommend collecting and storing digitally or in paper form for two years the following information from your customers (note this is not an exhaustive list):
|Clear, legible consent
Your authorization page must plainly state that you are obtaining consent to debit your customer’s bank account for a specific transaction or set of recurring transactions.
One way to achieve this is for the authorization form to have express language such as:
I authorize (your company) to electronically debit my account and, if necessary, electronically credit my account to correct erroneous debits.
|Transaction specific details
|Date, time of transaction, debiting account info, item purchased, IP address (and corresponding details such as country), frequency if it is a recurring payment
|Name on account/shipping information, any other controls in place to verify the identity of the customer
|Any further transaction info
|Prior transaction history, particularly for recurring payments (e.g. IP information, other logins, other purchases)
|Receipt of transaction
|Prompt your customer to print the authorization and retain a hard copy or electronic copy, and send an e-mail receipt of the processed transaction to your customer.
|Process for revocation
|Your authorization flow must provide your customer with a method to revoke authorization by notifying you, so be sure to include a telephone number and/or e-mail address where your customer can contact you. You should display this information on the authorization page and receipt/confirmation sent to the customer after the transaction has been completed.
- Obtaining the proper authorization for your ACH transaction is the most important step you can take to ensure compliance with the network rules and protect yourself against disputes, return fees, and reversed transactions.