Understanding Standard Entry Class (SEC) Codes with Actum

When merchants process ACH transactions, they can accept authorizations in many ways. Each has its compliance requirements that merchants need to familiarize with when accepting ACH. The way in which ACH transactions are authorized depends on the Standard Entry Class (SEC) code(s). With this in mind, this post explains SEC codes along with Proof of Authorizations (POAs).

NACHA serves as the regulatory body governing the ACH network. There are Originating Depository Financial Institutions (ODFI) and Receiving Depository Financial Institution (RDFI). ODFIs are financial institutions where ACH transactions start or originate (e.g. a merchant’s processor bank).

Meanwhile, an RDFI receives the ACH transaction (e.g. a customer’s bank) while the Originator serves as the party originating an ACH transaction while the Receiver obtains the transaction. Once an ACH transaction is submitted, it becomes an ACH Entry.

ACH transactions depend on how a merchant captures authorization from the Receiver, the individual whose bank is debited or credited. The four SEC codes are Prearranged Payment and Deposit (PPD) Entries, Telephone-Initiated Entries (TEL), Internet-Initiated/Mobile Entries (WEB) and Corporate Credit or Debit (CCD) Entries.

• PPD entries consider situations in which the merchant obtains written authorization for debiting or crediting a customer.
• TEL entries transpire when a merchant accepts authorization and payment information from a consumer over the telephone.
• WEB entries account for merchants who accept Debit transactions from a consumer on their website.
• CCD entries occur when merchants debit or credit another business bank account, whether on paper, online, or over the phone, methodologies that do not matter.

The Importance of SEC Codes

NACHA requires that merchants obtain a customer’s authorization before initiating a transaction. A merchant needs to retain compliant authorization for each transaction that originates to the ACH Network by using proper authorization language to accurately demonstrate that an authorization occurred for each ACH transaction.

Here are examples illustrating how authorizations work for different industries using these SEC codes.

PPD – Merchants in the health and gym industries accept payments with an authorization form.

TEL – Merchants in the collections agencies industry accept payment authorization over the phone.

WEB – Online lending business merchants accept repayment authorization online via a payment portal.

CCD – Office property management and leasing business merchants accept rent payments with an authorization form.

Authorizing PPD Transactions

PPD entries, the most popular type of ACH payments used by merchants, can be one-time and recurring payments like direct payments and electronic bill payments. Merchants (originators) start or initiate PPD Credits or Debits to a consumer’s account based on the authorization’s terms.

Businesses using PPD Debits must provide/be the following for their authorizations.

– Written
– Readily identifiable as an ACH authorization
– Clear, readily understandable terms
– Provide that the Receiver may revoke an authorization only by notifying the Originator in the manner stipulated in the authorization
– Signed or similarly authenticated by the consumer

This Sample PPD Authorization Form provides the sample authorization language for a PPD transaction.

Authorizing TEL Transactions

As TEL transactions occur when merchants accept authorization and payment information from a consumer over the phone. A merchant may initiate an ACH Entry once the consumer provides oral authorization to debit their bank account and may only be used when there is either an existing relationship or when the Receiver initiates the call.

If a merchant processes a TEL transaction, the consumer’s oral authorization must be tape-recorded. Alternatively, a written notice to the consumer confirming the verbal authorization must be provided in advance of the transaction’s Settlement Date.

A merchant must ensure, at the bare minimum, the following information that gets disclosed to the consumer during a phone call.

– Date on or after the consumer’s account will be debited (if recurring, clearly state timing and frequency)
– Debit entry amount to consumer’s account
– Consumer’s name
– Bank account to be debited
– Phone number available to consumer and answered during regular business hours for consumer inquiries
– Date of consumer’s oral authorization
– Statement by Originator that authorization obtained from the Receiver will be used to originate the ACH Debit entry to the consumer’s account
– Clearly state how the consumer may revoke authorization if it pertains to a recurring Debit entry

This Sample TEL Authorization Script provides sample language for a TEL transaction.

Authorizing WEB Transactions

The WEB SEC Code (consumer debit payments authorized or initiated over an online channel) is solely for originating an ACH debit to a consumer account. If a merchant intends to refund a prior WEB debit, the SEC Code used is PPD.

NACHA rules stipulate that authorizations must be the following.

– In writing, signed or similarly authenticated by the merchant online
– Readily identifiable as an ACH debit authorization
– Express terms in a clear, readily understandable manner
– Provides consumers with a method to revoke authorization by notifying the Originator in a prescribed manner

When considering proof of a correctly authorized transaction, merchants must provide documentation showing transaction details. This includes consumer information and sales documentation indicating the exchanged goods and/or services.

For example, a merchant can capture some of this documentation with a screenshot of the authorization language, the date and timestamp of the consumer login, and authorization process verifying the consumer’s identity and assent to the authorization. Consequently, capturing these details demonstrates the methods used in verifying the customer’s identity and the processes utilized with supporting the authorization.

By maintaining a record and capturing the date and timestamp of the consumer’s login and authorization, it can be used with auditing WEB transactions and provide additional information about or confirmation of the authorization process.

This Sample Web Authorization Language document contains sample authorization language for WEB transactions.

Authorizing CCD Transactions

CCD entries are used for B2B transactions when the Receiver is a corporate entity. Originators of CCD entries may obtain an authorization in any manner permitted by applicable Legal Requirements and must obtain the Receiver’s agreement to be bound by the Rules.

Businesses using CCD Debit Entries must be/provide the following with authorizations.

– Have an agreement required for transfers between companies; written authorization implied
– Readily identifiable as an ACH authorization
– Provide clear, readily understandable terms
– Provide that the Receiver may revoke the authorization only by notifying the Originator in a way specified in the authorization
– Signed or similarly authenticated by an authorized representative of the company

Using SEC Codes with Actum

Ultimately, Actum simplifies the complexities of working with SEC codes as much as possible. When merchants use our Actum Portal or API to submit transactions, there is peace of mind with multiple SEC codes specifying the desired code to use. If a merchant processes with only one SEC code, it is not necessary to specify the code when submitting a transaction.