Compliance spotlight: Navigating Nacha’s account validation rule

Effective March 19, 2021, Nacha’s account validation rule requires ACH originators of WEB entries to use a commercially reasonable fraud detection system to verify new consumer account information. WEB debit entries, by definition, are debits to consumers’ accounts where authorization is communicated via the internet or a wireless network. Nacha does not require a specific method to be used for account validation but has provided examples of acceptable forms of validation.

The addition of Nacha’s account validation rule supplements existing guidance which simply required the originator—the creator or sender of the payment—to use a “commercially reasonable fraudulent transaction detection system.” The purpose of this rule is to clarify that a commercially reasonable fraud detection system must have the capability to validate accounts. This means that before a WEB entry is processed, Nacha will require validation that the account it originated from is, in fact, a valid account for that financial institution and that it is able to accept an ACH transaction.

From Guidelines to Explicit Rules

Before cementing account validation as a requirement in the rules, Nacha advocated for its inclusion as part of fraudulent transaction detection systems. The responsibility of account validation was placed on ACH originators as Nacha has explained they are in the best position to detect and prevent fraud related to the payments they create. Part of the decision to revise WEB account validation from informal guidance to a formal requirement was the prevalence of fraud across the network that would not have taken place had account validation been used by ACH originators of WEB entries.

 

continue reading »