When you process ACH transactions, you can accept authorization in a variety of ways. Each way has compliance requirements that you need to familiarize yourself with if you’re accepting ACH.
How you authorize ACH transactions is dependent on which SEC Code(s) you use. Whether you’re new to ACH, expanding your business to use multiple SEC codes, or need a refresher, this post serves to equip you with a better understanding of SEC codes.
A Primer to SEC Codes
Before we dive into the details of SEC codes, let’s quickly review the key players involved in ACH. First off, NACHA is the regulatory body governing the ACH network. Next, there are ODFIs (Originating Depository Financial Institutions) and RDFIs (Receiving Depository Financial Institutions). An ODFI is a financial institution in which the ACH transaction starts or originates from (e.g., your processor’s bank), while an RDFI is an institution that receives the ACH transaction (e.g., your customer’s bank). Similarly, the Originator is the party that originates an ACH transaction, and the Receiver is the party that receives the transaction. Finally, when an ACH transaction is submitted, it becomes an ACH Entry.
ACH transactions are categorized by how you capture authorization from the Receiver (the person whose bank account is being debited or credited). The four most common SEC codes are:
- Prearranged Payment and Deposit Entries (PPD): The merchant obtains written authorization to debit or credit a consumer
- Telephone-Initiated Entries (TEL): The merchant accepts authorization and payment information from a consumer over the telephone
- Internet-Initiated/Mobile Entries (WEB): The merchant accepts Debit transactions from a consumer on their website
- Corporate Credit or Debit (CCD): The merchant Debits or Credits another business bank account (whether this is on paper, online, or over the phone, does not matter)
Why are SEC Codes Important?
NACHA requires that merchants obtain the consumer’s explicit authorization before initiating a transaction. To stay compliant, you’ll need to make sure that you retain a compliant authorization for each transaction that you originate to the ACH Network). You will need to use proper authorization language and be able to accurately demonstrate that an authorization occurred for each ACH transaction (see NACHA Rules for additional detail).
Here are a few examples that illustrate how authorization works for different industries that use popular SEC codes:
- PPD: Merchants at health and fitness centers can accept membership payments via authorization form.
- TEL: Merchants at collections agencies can accept authorization of payment over the phone.
- WEB: Merchants at online consumer lending businesses can accept repayment authorization online through a payment portal.
- CCD: Merchants at office property management and leasing businesses can accept rent payments via authorization form.
Authorizing PPD Transactions
PPD entries are the most popular type of ACH payments. You can use PPD entries for both one-time and recurring payments, including direct deposit and electronic bill payments. Merchants (Originators) initiate PPD Credits or Debits to the consumer’s account, based on the terms of the authorization.
For businesses using PPD Debits, your authorization must:
- be in writing
- be readily identifiable as an ACH authorization
- have clear and readily understandable terms
- provide that the Receiver may revoke the authorization only by notifying the Originator in the manner specified in the authorization
- be either signed or similarly authenticated by the consumer
The following document contains sample authorization language for a PPD transaction: Sample PPD Authorization Form.
Authorizing TEL Transactions
Since TEL transactions occur when you accept authorization and payment information from a consumer over the phone, you will initiate an ACH Entry when a consumer provides oral authorization to debit their bank account.
If you process TEL transactions, you need to either tape-record the consumer’s oral authorization or provide, in advance of the Settlement Date of the transaction, written notice to the consumer that confirms the verbal authorization. You must also ensure that, at a minimum, the following specific information gets disclosed to the consumer during the telephone call:
- the date on or after which the consumer’s account will be debited (if to be recurring, clearly state timing and frequency)
- the amount of the Debit entry to the consumer’s account
- the consumer’s name
- the bank account to be debited
- a telephone number that is available to the consumer and answered during regular business hours for customer inquiries
- the date of the consumer’s oral authorization
- a statement by the Originator that the authorization obtained from the Receiver will be used to originate an ACH Debit entry to the consumer’s account
- if authorization pertains to a recurring Debit entry, clearly state how the consumer may revoke authorization
The following document contains a sample authorization script for a TEL transaction: Sample TEL Authorization Script.
Authorizing WEB Transactions
The WEB SEC Code (consumer debit payments authorized or initiated over an online channel) is solely for originating an ACH debit to a consumer account. If a merchant intends to refund a prior WEB debit, the SEC Code used is PPD.
NACHA rules require that the authorization must:
- be in a writing that is signed or similarly authenticated by the merchant via the Internet
- be readily identifiable as an ACH debit authorization
- express its terms in a clear and readily understandable manner
- provide the consumer with a method to revoke their authorization by notifying the Originator in a manner prescribed
When considering how to prove that a transaction was authorized correctly, keep in mind that you’ll need to be able to provide documentation that shows transaction details including consumer information and sales documentation to show what goods and/or services were exchanged.
For example, you can capture some of this documentation can in the form of a screenshot of the authorization language, plus the date and timestamp of the consumer login, and the authorization process that evidenced both the consumer’s identity and his assent to the authorization. In effect, capturing these details helps to demonstrate the methods that were used to verify the customer’s identity, as well as the processes used to support the authorization.
Maintaining a record and capturing the date and timestamp of the consumer’s login and authorization can be used to audit WEB transactions and provide additional information about or confirmation of the authorization process.
The following document contains sample authorization language for a WEB transaction: Sample WEB Authorization Language.
Authorizing CCD Transactions
CCD transactions can be either buyer-initiated or seller-initiated and are most commonly used to move funds between each party’s financial institution accounts. CCD transactions can be one-time or recurring. For businesses using CCD Debit Entries, your authorization must:
- have an agreement required for transfers between companies; written authorization implied
- be readily identifiable as an ACH authorization
- have clear and readily understandable terms
- provide that the Receiver may revoke the authorization only by notifying the Originator in the manner specified in the authorization
- be signed or similarly authenticated by an authorized representative of the company
The following documents contain sample authorization language for one-time and recurring CCD transactions:
Using SEC Codes with Actum
Actum helps simplify the complexities of working with SEC codes as much as possible. When working with our Virtual Terminal or API to submit transactions, you can efficiently work with multiple SEC codes by specifying your desired code to use. Alternatively, if you process only using one SEC code, there’s no need to specify your code when you submit a transaction. Plus, with over 20 years of ACH payment processing experience, our expert team is on standby to answer any questions about SEC codes that you might have.
Want to talk? So do we! If you’re ready to learn more about using SEC codes for ACH processing, please Contact Us.
* Please Note: The sample authorization language contained in this document is provided to assist you with ensuring compliance with NACHA Rules. It is recommended that you review your SEC authorization language and authorization flows with your legal counsel to ensure that they are compliant with NACHA guidelines.