Corporate User Header Image

Corporate User

 

Welcome to EPCOR’s Corporate User webpage. We hope this will be a valuable resource for businesses utilizing the various payments channels offered in the industry today. Here we will provide educational courses and resources that are designed to help ensure compliance with the various rules and regulations in the payments industry.

If you have a suggestion to improve this page, we would love to hear it. Please complete the form and share your great idea!

Have Ideas?

Not an EPCOR Member? Join today and experience our commitment to providing reliable, timely and accurate payments and risk management education, information, support and national industry representation.

Join Now

Origination Education

 

video

ACH Security Framework for Originators

NACHA's ACH Security Framework Rule imposes greater expectations of data security on business ACH Originators. EPCOR has developed a FREE, short, on-demand course which provides business ACH Originators with a basic overview of their obligations under the ACH Security Framework Rule in an easy-to-understand manner. Every business originating ACH transactions will benefit from this course's fundamental overview of the ACH Rule requirement, useful tips for compliance and related resources.

Watch Now

Resources

 

video

Payments Insider

Payments Insider is a semi-annual e-newsletter designed to inform businesses of all sizes of recent payment systems developments. This newsletter is distributed in the months of April and October.

Read Now

video

Upcoming ACH Rule Changes

 

  • Supplementing Fraud Detection Standards for WEB Debits
  • Expanding Same Day ACH
  • Supplementing Data Security Requirements
  • Limitation on Warranty Claims
  • Reversals and Enforcement
  • Meaningful Modernization

 

Learn More

video

Did You Know

EPCOR’s Did You Know YouTube Videos are a great way to get current payments information quick. View the latest videos here.

Watch Now

video

Nacha Operations Bulletins

ACH Operations Bulletin #4-2020

Nacha Extends Effective Dates of Data Security Rule; Affirms Effective Dates of Other Rules
March 26, 2020

Download

ACH Operations Bulletin #6-2020

Nacha Provides Relief Regarding Potential Rules Violations for Elevated Return Levels
April 2, 2020

Download

video

Methods to Spot a Fake Check

Check fraud is one of the oldest payments fraud issues in America. Why is that? Well, the fraudster scams have gotten more complex and counterfeit checks are so easy to produce. Merchant/business education is key as they are on the front lines taking checks as payment. Here are some tips for spotting a fake check.

Download PDF

Originator Proper Response to an Notification of Change (NOC):

 

An Originator must make the changes specified in an NOC or corrected NOC within six Banking Days of receipt of information from the ODFI or prior to initiating another Entry to the Receiver’s account, whichever is later.

An Originator may choose to make changes specified in an NOC or corrected NOC with respect to any ARC, BOC, POP, RCK, Single-Entry TEL or WEB.

For an NOC that is in response to a Prenotification Entry, the Originator must make the changes prior to originating a subsequent Entry to the Receiver’s account if the NOC is received by the ODFI by the opening of business on the second Banking Day following the Settlement Date of the Prenotification Entry.

Tools (available for purchase):

 

video

ACH Quick Reference Cards for Corporate Users

This tool is specifically designed for Corporate ACH users. This three-card series gives Originators fingertip access to critical information for the correct handling of ACH Returns, Dishonored Returns, Standard Entry Class (SEC) codes, Transaction codes and Notifications of Change (NOC). These colorful and durable desktop reference cards provide ACH basics, including prenotifications, for the Originator along with the explanations for Return Reason codes, NOC codes, SEC codes, transaction codes and solutions for handling ACH exception entries.

Purchase Now

video

2021 Nacha Operating Rules & Guidelines

The Rules include the legal framework for the ACH Network, and the basic obligations of each ACH Network participant. Additionally, the included appendices contain details on Rules enforcement, annual audit requirements, a complete table of return reason codes and formatting specifications. The Guidelines expands on the Rules, providing complete discussions of each ACH Network participant type and its role and responsibilities, detailed overviews of the Standard Entry Class Codes and use-case examples in special topic areas, such as Third-Party Service Providers.

Purchase Now

video

Merchant RDC Review Checklist

This interactive tool is designed to assist a financial institution in verifying its RDC client's adherence to their RDC Agreement and the FFIEC Guidance on the Risk Management of Remote Deposit Capture. Available for immediate download, the RDC Review Checklist can be completed by an institution during its onsite review of an RDC client or completed by the RDC client and sent to the institution. Questions relate to overall profiling of the RDC program, hardware, software, image quality control, security, fraud and returns processing and reports.

Purchase Now

video

Third-party Sender ACH Audit Workbook

Third-Party Senders that perform any functions of an ODFI are required to conduct an annual ACH Rules Compliance Audit. This user-friendly workbook has been updated to incorporate 2020 ACH Rules changes and will walk Third-Party Senders step-by-step through conducting their audit. Audit questions, sample reports and complete worksheets based on the ACH Rules are all included in this helpful tool, making it easy for Third-Party Senders to assess and document their level of compliance.

Purchase Now

video

Third-party Sender Risk Assessment Workbook

This user-friendly workbook is designed to take Third-Party Senders step-by-step through the ACH risk assessment process. The workbook addresses risk criteria outlined in OCC Bulletin 2006-39, the FFIEC Retail Payments Systems' IT Examination Handbook and FFIEC Guidance to Internet Banking so that your company can identify strengths and weaknesses in your ACH risk management program. Third-Party Senders will find this tool valuable as they work to assess and mitigate ACH risk.

Purchase Now

video

ODFI Audit Checklists for Originators & TPS

This tool contains a series of ODFI Audit checklists providing an efficient tool for ODFIs to gauge their Originators/Third-Party Senders understanding and compliance to the ACH Rules. These checklists can be completed by financial institution staff or sent to the Originator and/or Third-Party to complete on its own then return to the ODFI. Each Audit Checklist is a fillable PDF form for each type of ACH application. Complete or send the forms that are specific to the ACH services your institution originates.

Purchase Now

FAQs

 

Explore our FAQs to get answers to common payment questions.

ACH Originator Authorizations

Do Originators need to obtain an authorization from a Receiver to originate transactions into the ACH Network?

Generally, an Originator must obtain authorization from the Receiver to originate one or more entries to a Receiver’s account, except for credit entries for which the Originator and Receiver are both natural Persons. (Subsection 2.3.1)

Do authorizations need to be in writing for ACH transactions?

The Originator of a credit entry to a consumer account of the Receiver may obtain the Receiver’s authorization in any manner permitted by applicable legal requirements. (Subsection 2.3.2.1) The Originator of a debit entry to a consumer account of the Receiver must obtain a written authorization that is signed or similarly authenticated by the Receiver. (Subsection 2.3.2.2)

Can authorizations be obtained electronically?

The writing and signature requirements for consumer debit entries may be satisfied by complying with the Electronic Signatures in Global and National Commerce Act (E-sign Act). An electronic authorization must be visually displayed in a manner that enables the consumer to read the communication. (Subsection 2.3.2.3)

At a minimum, what must an authorization for a debit entry to a consumer account of the Receiver include?

  • Language regarding whether the authorization is for a single entry, multiple entries or recurring entries.
  • Amount of entry/entries or a reference to the method of determining the amount.
  • Timing (including start date), number and/or frequency of entries.
  • Receiver’s name or identity.
  • Account to be debited.
  • Date of the Receiver’s authorization; and
  • Language that instructs the Receiver how to revoke the authorization directly with the Originator (including time and way Receiver communication with Originator must occur).
  • For a single-entry scheduled in advance, the right of the Receiver to revoke the authorization must afford the Originator a reasonable opportunity to act on the revocation prior to initiating the entry.

What are the authorization requirements for an oral authorization?

For a single-entry authorized by a Receiver, Originator must make an audio recording of the oral authorization or provide the Receiver with written notice confirming the oral authorization prior to settlement of entry and retain the original or a copy of the written notice confirming oral authorization for two (2) years from date of authorization. For a recurring entry authorized by the Receiver, Originator must comply with the requirements of Regulation E for the authorization of preauthorized transfers, including the requirement to send a copy of the authorization to the Receiver and retain for two (2) years from the termination or revocation of the oral authorization, the original or duplicate audio recording of oral authorization and evidence that a copy of the authorization was provided to the Receiver in compliance with Regulation E. For a standing oral authorization, Originator must make audio recording of oral authorization or provide Receiver with written notice confirming oral authorization prior to settlement of the first subsequent entry and retain the original or duplicate audio recording of oral authorization or the original/copy of the written notice confirming the oral authorization for two (2) years from termination or revocation of standing authorization. (Subsection 2.3.2.4)

Do Originators need to retain copies of authorizations?

Yes, an Originator must retain the original or a copy of each written authorization of a Receiver, or a readily and accurately reproducible record evidencing any other form of authorization. (Subsection 2.3.2.5 (a))

How long must an Originator retain authorizations?

An Originator must retain the original or a copy of each written authorization of a Receiver, or a readily and accurately reproducible record evidencing any other form of authorization, for two (2) years from the termination or revocation of the authorization.

With respect to a standing authorization, Originator must retain original or a copy of each standing authorization for two (2) years following the termination or revocation of the authorization, as well as proof that the Receiver affirmatively initiated each payment in accordance with the terms of the standing authorization for two (2) years following the settlement date of the entry. (Subsection 2.3.2.7)

Do Originators have to supply a copy of an authorization to an ODFI?

Upon the request of an ODFI (Originating Depository Financial Institution), an Originator must provide the original, copy or other accurate record of the Receiver’s authorization, including, with regard to a standing authorization, evidence of the Receivers affirmative action to initiate a subsequent entry in accordance with the terms of the standing authorization. Originator must provide in such time and manner as to enable the ODFI to deliver the authorization to a requesting RDFI (Receiving Depository Financial Institution) within ten (10) banking days. (Subsection 2.3.2.7 2(c)

How does an Originator satisfy the authorization requirement for an ARC (Accounts Receivable Entry) or POP (Point-of-Purchase) entry?

By providing the Receiver with a conspicuous notice including the following or substantially similar language prior to the receipt of an Eligible Source Document (i.e. check):
“When you provide a check as payment, you authorize us either to use information from your check to make a one-time electronic fund transfer from your account or to process the payment as a check transaction.” Copy of notice must be provided to Receiver at the time of transaction. (Subsections 2.5.1.2 and 2.5.10.2)

How does an Originator satisfy the authorization requirement for a BOC (Back Office Conversion Entry) entry?

By providing the Receiver with a conspicuous notice including the following or substantially similar language prior to the receipt of an Eligible Source Document (i.e. check):
“When you provide a check as payment, you authorize us either to use information from your check to make a one-time electronic fund transfer from your account or to process the payment as a check transaction. For inquiries, please call (retailer phone number.)” Copy of notice must be provided to Receiver at the time of transaction. (Subsection 2.5.2.2)

ACH Prenotifications

As an Originator, am I required to send a prenotification for an ACH entry prior to initiating the first live entry?

No, according to the ACH Rules you may originate a prenotification entry to a Receiver’s RDFI prior to the first transaction you send. (Subsection 2.6.1)

If an Originator decides to send prenotifications, what is the timeframe they have before they can send subsequent entries?

An Originator that has originated a prenotification entry may initiate subsequent entries as soon as the third banking day following the settlement date of the prenotification entry, provided the ODFI has not received a return or notification of change related to the prenotification. (Subsection 2.6.2)

Notification of Change

How long does an ODFI have to notify an Originator that a Notification of Change (NOC) was received from the RDFI?

An ODFI must provide the Originator with the NOC information within 2 banking days of settlement date of the NOC or corrected NOC. (Subsection 2.11.1)

Are Originators required to make NOC changes when received from the ODFI?

Yes, an Originator must make the changes specified in the NOC or corrected NOC within 6 banking days of notification receipt or prior to initiating another entry, whichever is later.
An Originator may choose, at its discretion, to make changes specified in any NOC or corrected NOC received with respect to any ARC, BOC, POP, RCK and Single-Entry TEL or WEB.
For an NOC received in response to a prenotification, the Originator must make the changes prior to originating a subsequent entry if the NOC is received by the ODFI by the opening of business on the 2nd banking day following the settlement date of the prenotification. (Subsection 2.11.1)

ACH Returns

How long does a business have to return an ACH transaction that is unauthorized?

It is important for businesses to watch their accounts closely as the RDFI has only 2 banking days from settlement date to return CCD and CTX transactions that post to a non-consumer account. The RDFI may request a copy of the authorization for the transaction and ask the ODFI to accept a late return but the ODFI is not required to take a late return. This would only be an attempt to the recover the money. The Originator and Receiver may also deal directly with one another to resolve the issue.

An Originator is notified that an ACH transaction they originated has been returned R10. What does this mean for the Originator?

This means the Receiver did not know the identity of the Originator, had no relationship with the Originator or did not authorize the Originator to debit their account. For an ARC or BOC entry it means the signature on the source document (check) is not authentic, valid or authorized. For a POP entry it means the signature on the written authorization is not authentic, valid or authorized.

An Originator is notified that an ACH transaction they originated has been returned R11. What does this mean for the Originator?

This means the Receiver has a relationship and authorization for debit with the Originator, however; an error in the payment exists such that the entry does not conform to the terms of the authorization you obtained from the Receiver. For example, the entry is for a different amount than authorized, the entry was initiated for settlement earlier that authorized, the entry is part of an incomplete transaction, the debit entry was improperly reinitiated and for an ARC, BOC or POP entry, the source document was ineligible, notice was not provided or the amount was not accurately obtained from the source document. It could also mean that the reversing entry was improperly initiated or the Receiver did not affirmatively initiate a subsequent entry in accordance with the terms of a standing authorization.

Is an Originator allowed to reinitiate an ACH transaction that has been returned R10 or R11?

An R10 return generally requires a new authorization, however; an Originator may reinitiate a return entry (other than an RCK) if:
  • Entry was returned insufficient or uncollected funds
  • Entry returned stop payment and reinitiation has been separately authorized by the Receiver
  • Originator has taken corrective action to remedy the reason for return
The Originator must reinitiate the entry within 180 days after the settlement date of the original entry. An Originator receiving an R11 return may correct, if possible, the error or defect in the original entry and transmit a new entry that conforms to the terms of the original authorization, without the need for a new authorization. New entry must be transmitted within sixty (60) days after the settlement of the return entry.

An Originator receives an R10 return, however; they do have a valid authorization on file.

If a consumer Receiver completes a Written Statement of Unauthorized Debit form, the RDFI may return a consumer transaction within 60 calendar days. The Originator must not reinitiate the entry. They can settle the matter with the consumer outside of the ACH Network or gain a new authorization and send another transaction through.

ACH Origination

Why is it important for an Originator to utilize the proper SEC (Standard Entry Class Code) code when originating transactions into the ACH Network.

Utilizing the proper SEC code is paramount for several reasons:
  • Returns are based on SEC code. For example, a business originates a debit to another business for supplies they have shipped, and they use the PPD code. This transaction should be coded as a CCD. Since the PPD code was utilized, the business Receiver of the transaction now has 60 days to dispute the transaction as unauthorized versus the 2 days for a CCD transaction.
  • There are different authorization requirements depending on the SEC code. Utilizing the correct SEC code for a transaction tells the RDFI what type of authorization was received.
  • When your company signed an ODFI/Originator agreement you agreed to originate certain SEC codes based on that agreement.