The Automated Clearing House (ACH) is a federally-regulated electronic network used by banks to send and receive bill payments, eChecks, direct deposit statements, and other types of transfers. This interbank network is similar to what financial institutions use for wire transfers, but ACH usually works best for batched, automated, or recurring payments.
When compared to traditional credit card processing, ACH offers important cost savings — for merchants and customers alike. Some types of ACH transfers are even free.
However, how secure is the ACH network?
Like all payment technologies, there are certain risks. Even cash doesn’t protect you 100 percent from theft or fraud. However, there exist a number of steps users can take to protect themselves when sending or receiving payments through the ACH network.
Internal controls offered by NACHA and merchants
ACH is regulated by the federal government and managed by the National Automated Clearing House Association (NACHA). In order to register within the network, users must register:
- Usernames
- Passwords
- Bank details
- Routing numbers
These steps are comparable to what one finds in the credit card industry. However, ACH payments aren’t required to follow PCI-compliant standards. This is why merchants are encouraged to employ additional layers of protection, including:
1. Merchant-specific registration
Users must formally create individual relationships with payees and recipients by supplying the necessary routing number and bank account information.
2. Micro validation
After creating a relationship with a merchant, the payment processor adds two “micro deposits” into a user’s bank account. The user must then verify the exact penny amount of those deposits in order to begin sending or receiving money. If you’ve ever set up PayPal, you’ve gone through a similar validation process.*
3. Tokenization and encryption
Some payment providers include data encryption and tokenization with their ACH offerings. These security steps are similar to what you already find in the credit card industry.
4. Secure vault payments
Secure Vault Payments (SVP) is an online payment option that is added to a checkout page on a website. It allows users to initiate ACH transactions without ever sharing sensitive financial data on the merchant’s website. Users authorize all transactions directly through their online bank accounts.
Common sense security tips for ACH customers
As a customer, you should look for merchants who employ some or all of the above security features. However, there are also steps you can take to protect your information from prying eyes. NACHA offers a list of best practices, but these tips apply equally to all types of electronic transactions, including ACH transfers, credit card payments, and online banking.
**Here are some important tips:
- Avoid using public computers for any financial activity
- Have virus protection on any of the computers you do use (Mac included)
- Don’t click links within emails — even from “trusted” sources. Instead, you should manually type URLs if you’re going to initiate a payment
- Never provide usernames, passwords or other private information via email
Have additional security questions about ACH?
Contact the Clover sales team to find out which Clover or partner solution is right for you.
*“Account Validation: A Tool for Businesses to Improve ACH Transactions,” NACHA
**“24 Tips to Avoid ACH Fraud,” Bank Info Security, 10 May 2010