What Are ACH Payments? How Do ACH Transactions Work?
What is an ACH payment? From enabling employees to receive paychecks through direct deposit to allowing commuters to reload funds on a bus pass, ACH payments have become a popular and efficient payment gateway to transfer funds between multiple financial institutions. An ACH or “automated clearing house” transfer is one of the cheapest, most commonly accepted, and fastest-growing means of moving money from one account to another.
ACH Payment Network
The volume of payments over the U.S. ACH network has nearly doubled in the last 10 years, with the last nine years seeing total payment value increases of at least $1 trillion. According to NACHA, nearly 27 billion ACH network payments were made in 2020, valued at close to $62 trillion. All this makes the payment rail a staple feature for almost any app that embeds banking or financial features.
Fintechs and embedded finance companies can work with a banking as a service (BaaS) provider like Treasury Prime to integrate ACH, making it possible for your customers to make and receive electronic payments on your platform.
How does ACH work?
First you need to understand the following:
- The roles different parties play in the ACH process
- How your business can leverage ACH as a feature
- How you can guard against risks with this payment rail
What is an ACH transfer?
An ACH transfer refers to a process of moving money between different bank accounts via a computerized funds transfer system called the Automated Clearing House (ACH) Network.
When you receive a direct deposit from your employer, payment is facilitated and completed through an ACH transfer. Paying your taxes online via “direct pay” from your bank account is another example of ACH. If you link your checking account to your Starbucks app, you are leveraging ACH rails to purchase your coffee. The payment method is indeed an extremely common feature in fintech and embedded banking apps. Want to transfer your Venmo balance to your bank account at no cost? Click on the little blue bank icon and send it via ACH.
Watch our webinar on transaction monitoring for compliance tips
ACH Debit vs ACH Credit
ACH payments are categorized into two buckets: ACH debits and ACH credits. When an ACH credit is initiated, funds are pushed into an account whereas an ACH debit entails funds being pulled out of a directed account. As an example, if your employer is paying you through direct deposit or if the IRS is paying your tax refund via an ACH, that is an ACH credit because your employer or the IRS in that example is pushing funds from its bank account to yours. On the other hand, if you are making an online payment through a retailer and using your debit card to fund the transaction, you are initiating an ACH debit. Specifically, you are authorizing the merchant’s bank to pull funds from your bank account.
ODFI, RDFI, and ACH Operators
The originator of an ACH can be an individual, an organization, or a governmental organization. If you are a fintech looking to enable ACH payments for your end-users, you would be simply passing on instructions from your end-users, who would be originating the transaction. The originator’s bank is known as the originating depository financial institution (ODFI) while the receiver’s bank is the receiving depository financial institution (RDFI). An ACH operator receives the batch of ACH transactions from the ODFI in a specific format known as a Nacha file. The ACH operator sorts the batch and makes transactions available to the bank of the intended recipient, or the RDFI. The batch-scheduling means ACH transfers settle and are thereby completed in one to three days.
In the United States, the ACH network consists of two main ACH operators: the Federal Reserve Bank, which runs FedACH; and The Clearing House Payments Company L.L.C. or “Payco,” a private sector operator that runs Electronic Payments Network (EPN). The network is overseen by a self-regulating industry organization called Nacha, which previously stood for National Automated Clearinghouse Association. Nacha governs the ACH Network and provides a legal framework to navigate the ACH network through its Nacha Operating Rules & Guidelines. In light of recent changes to Nacha operating rules, the ACH network allows for same-day settlement of most ACH transactions. However, it is important to note that even when same-day ACH debits are enabled, there are often hold times imposed by the ODFI before funds are released. This is to ensure that an ACH debit being pulled from a specific account does not return as “NSF” or “Non-Sufficient Funds.” Different types of debits are supported by the ACH system and are designated with their own Standard Entry Code (SEC) code. The SEC code is designated to a specific type of ACH debit. For fintechs, the most common SEC codes include PPD, WEB, and CCD. For more in-depth guidance on the use of SEC codes, see NACHA resource, SEC Code Allocation Chart.
Why enable ACH transfers?
An ACH transfer costs a nominal fee and is one of the most widely accepted forms of payment. The main drawback to ACH is that it takes time to process. Same-day ACH exists but costs more than standard ACH which takes up to three days.
The low cost of ACH provides options for fintechs and embedded banking apps to earn revenue. It’s not very expensive to offer ACH transfers for free as a perk, which fintechs often leverage to draw users into paying for other features. But fintechs can also charge for ACH transfers, and at competitive rates, to earn revenue from ACH directly. Users are especially willing to pay a seemingly nominal fee for an ACH transaction where other features and tools enhance and compliment the ACH rail, creating a positive user experience.
How to enable ACH transfers
A prerequisite to ACH transfers is the ability to open bank accounts for your customers. These accounts can be opened directly on the bank’s core, or you can open virtual accounts for your customers under the umbrella of an FBO or “for benefit of” account that exists on the bank’s core. Both account setups require you to partner with a bank, which is most easily done through a banking as a service (BaaS) provider.
Assuming you have an account setup in place with a partner bank, your next step is to get the bank’s approval to enable ACH transfers. Your bank’s approval may be contingent on your putting certain KYC (know your customer) and anti-fraud measures in place. These measures guard against anyone trying to commit fraud by, for example, paying for something via ACH and then emptying their account before the transaction clears.
You and your partner bank will have to determine what types of ACH transfers are appropriate for you and establish meaningful transaction limits to prevent fraud. As referenced above, ACH debits are deemed riskier than ACH credits because they are more susceptible to fraud. Depending on your bank’s tolerance for risk and your overall risk profile, they may have different preferences around the types of ACH transfers you enable. The bank will also put controls on the total volume of ACH transactions that may occur through your app.
As a fintech or enterprise company, you do not play an official role in the ACH process. Instead, you are collecting and packaging ACH instructions and authorization on behalf of your end-users and delivering them to the ODFI, which is your bank partner. In this paradigm, you as a fintech would have a direct agreement with the ODFI establishing this role. While fintechs are not yet directly regulated, they need to ensure they are facilitating the bank partner’s adherence to this regulatory framework.
Because the financial services industry is a highly regulated space and because new payment rails introduce heightened risk, it is prudent for a fintech to work with its bank and other vendors to build fraud prevention and compliance programs that meet your ACH transfer – and other – needs. Indeed, Nacha operating rules require specific controls for certain higher-risk transactions. Partnering with a BaaS provider can help create a framework for how to enable ACH payments responsibly. BaaS provider Treasury Prime works closely with top compliance partners such as Alloy, Plaid, and Unit21.
What measures ensure ACH transfers on my platform are safe?
The most important measure you can take to prevent fraudulent ACH transfers is to institute a robust KYC process. KYC – which stands for “know your customer” or “know your client” — refers to processes banking and financial institutions use to verify a customer’s legal identity. Put simply, KYC ensures that the customer opening an account with a financial institution is who he or she purports to be.
Your goal with KYC is to ask for the right info so you can be sure you know who you are dealing with, without asking for so much information as to make the process onerous and lose out on good customers. After approving a customer, you will want to use identify management processes like two-factor authentication to make sure it is really your customer who is trying to access their app profile. Learn the basics of KYC in this post.
A proper KYC process can prevent you from accidentally onboarding bad actors as customers. In addition to KYC, you can take other fraud prevention measures such as flagging activity that seems out of character for customers, and asking them to confirm transactions via two-factor authentication. For example, if someone is trying to debit a large amount of money from your customer’s account via ACH transfer, you might send the customer a push notification asking if the transaction is legitimate.
As consumers seek more innovative and seamless methods of consuming and obtaining financial services, fintechs can leverage technology and embed traditional payment rails like ACH through innovative channels and products. Rather than only focusing on technology, it is prudent for fintechs to understand the fundamental operational framework for these payment gateways to truly unlock a new product offering responsibly.
Treasury Prime enables a variety of payment rails, including:
- ACH transfers
- Wire transfers
- Bill pay
- Book transfers
- Mobile remote deposit capture
- Debit card payments
We also offer account opening via both on-core and FBO accounts, a ledger product, KYC and KYB (know your business) screening, and more. Our four-point compliance framework guides you through the documents, tools, and partnerships needed to address all the critical aspects of regulatory compliance. Leading compliance partners Alloy and Unit 21 help to ensure your compliance program evolves as it scales.
Treasury Prime has the largest bank network in the industry, giving you the most flexibility and affordability at scale. If you want to be the next unicorn, you need a direct bank relationship and the best Baas company. To discuss how we can help your company scale, contact us here. Want to learn more about our process? View our API reference or play around with our Developer Sandbox.
Disclaimer: the contents of this post should not be construed as legal advice. To the extent you have specific questions related to the risks of ACH transfers, you should engage counsel to provide a legal opinion.