News & Media

Current Nacha rules require companies to screen WEB debits and micro-entries to reduce unauthorized transactions and fraud. Nacha also urges all participants to implement adequate control systems to detect and prevent fraud, including instances that involve a new account number or changes to an existing account number.

The upcoming rule amendment will expand this rule to require each non-consumer originator and Third-Party Sender to establish, implement and annually review risk-based processes and procedures intended to identify ACH entries initiated due to fraud across all transaction types and SEC codes. 

Resource: For additional information on the NACHA Operating Rules and Guidelines, you can purchase your own copy here.

What do you need to do?

The 2026 Nacha rule requires ACH network participants to implement risk-based processes to identify fraudulent outgoing ACH entries and monitor entries that are unauthorized or initiated under false pretenses.

• Update the Company Entry Descriptions in your ACH Software or Templates to ensure accuracy and compliance.
• Establish a risk-based fraud detection procedure for your ACH-originated transactions, with procedures subject to annual review and update.

When will this be implemented?

The rules will be implemented in two phases:

• Phase 1, effective March 20, 2026: Applies to all non-consumer ACH originators and Third-Party Senders.
  • Originators must use PAYROLL in the Company Entry Description field for wage, salary, and similar types of compensation-related PPD credits. 
  • Originators must use PURCHASE in the Company Entry Description field for e-commerce WEB debits. 
    • An e-commerce purchase is defined as a debit Entry authorized by a Consumer for the online purchase of goods, including recurring purchases first authorized online. 
    • An e-commerce purchase must use the WEB debit SEC Code, except as permitted by the rule on Standing Authorizations to use the PPD or TEL debit SEC Codes.

• Phase 2, effective June 22, 2026: Applies to all non-consumer ACH originators and Third-Party Senders.

Originators are required to establish and implement risk-based fraud detection processes and procedures and review them annually to reasonably identify entries suspected of being unauthorized under false pretenses and address evolving fraud risks.

What can you do as an ACH originator to prepare?

Consider these areas for evaluation and discussion with your team:

1. Process and Fraud Monitoring Evaluation: Review your current fraud monitoring capabilities and processes. Are there gaps or any areas you can improve?
2. Technology assessment: What technology can you implement to screen when initiating WEB debits or when using Micro-Entries?
3. Team preparation: Plan to educate members of your team on new Nacha requirements and compliance culture.
4. Vendor review: Review your vendor and partner agreements' to be sure they are aligned with new requirements.
5. Ongoing compliance strategy: Establish regular review processes for your business.

Resource: For additional information on the NACHA Operating Rules and Guidelines, you can purchase your own copy here.

We’re Right Where You Need Us

Our commercial team knows that running a business means balancing cash flow, people and payments all at the same time. When things move fast, you need a banking partner that takes the time to understand how your business works and build a solution designed to last. Find your banker today.