Overview
The National Automated Clearing House Association (Nacha) is the governing body that establishes and enforces ACH transaction processing operating rules. All ACH service providers and merchants (also referred to as originators) participating in ACH transaction processing are required to follow Nacha's guidelines.
Beginning March 2022, Nacha will begin enforcing the Supplementing Fraud Detection Standards for WEB Debits Rule, which requires merchants who initiate consumer ACH debits via the internet or mobile devices (also known as WEB debits) to use a commercially reasonable fraud detection system to screen WEB debits for fraud prior to originating the ACH entries. The rule requires that “account validation” (an attempt to verify the consumer’s account information for the first payment attempt) be a part of the “commercially reasonable fraud detection system” used to review WEB debits prior to origination.
See the Nacha Account Validation Resource Center for detailed information and additional resources.
To help our merchants comply with Nacha's Supplementing Fraud Detection Standards for WEB Debits Rule, CardPointe platform and the ACH Payment Services from Fiserv offering are being enhanced to include account validation for applicable ACH transactions.
This requirement only applies to consumer transactions initiated via WEB debit. Other ACH transaction types, such as pre-arranged payment and deposit (PPD) and business-to-business corporate credit or debit (CCD) transactions are not included. All federal government entities are also exempt from this mandate.
Understanding ACH Account Validation
As described above, account validation is a mechanism used to validate the account information submitted in an ACH transaction. Account validation mitigates the risk of fraudulent transactions and reduces friction in the ACH transaction process by providing real-time account validation at the time of the payment, similarly to a credit card authorization.
Requirements
Transaction Type
Only WEB debit ACH transactions, which are consumer payments originated on the internet or a mobile device or automatically debited, are subject to account validation. These transactions are identified by the SEC code WEB (specified as "achEntryCode":"WEB" in the authorization request).
Other ACH transaction types, such as pre-arranged payment and deposit (PPD) and business-to-business corporate credit or debit (CCD) transactions are exempt. All federal government entities are also exempt from this mandate.
Frequency
The merchant's first use of a consumer's checking or savings account number to process a payment, either for a single transaction or the first installment of a recurring payment schedule.
Any subsequent recurring payment transaction using updated checking or savings account details.
For existing recurring payments billing plans, the record of previous successful transactions serves as valid proof of account validation. These transactions are not subject to an account validation check unless the billing plan is updated with new or changed account information.
ACH Payment Services from Fiserv Account Validation
The ACH Payment Services from Fiserv offering is being enhanced to include real-time account validation checks for applicable WEB debit ACH transactions.
When a WEB debit transaction is initiated on the merchant's website or application, the ACH Payment Services from Fiserv account validation service checks the account and routing numbers against a list of known-good accounts to verify that the account can be used to complete the transaction.
If the account is successfully validated, the transaction is approved and settled as usual. If the account is closed, unknown, or has been previously flagged, the transaction is declined in real time and must be reattempted with an alternate payment method. In the event of a decline, the CardPointe Gateway returns a declined authorization response with one of the following reasons:
"Declined: bank account failed validation"
"Declined: bank account previously failed validation"
The following example illustrates the full decline response returned when the account fails the account validation check:
Fiserv ACH Account Validation Decline Response
{
"respproc":"BPAY",
"amount":"0.00",
"resptext":"Declined: bank account failed validation",
"retref":"019010141211",
"respstat":"C",
"respcode":"05",
"account":"9216943947643344",
"merchid":"835012456",
"token":"9216943947643344"
}
Important Considerations
Note the following important considerations, which may impact your business and integrated application (for CardPointe Gateway API users):
- You may now experience real-time ACH WEB (mobile or internet) transaction declines in some cases, for example:
- The supplied checking or savings account is closed, frozen, or invalid
- The supplied checking or savings account cannot be identified
- Your application will receive different ACH authorization response data values from the CardPointe Gateway in the event of a decline response from the account validation service. See Integrated Payment Application Changes, below for detailed information.
For detailed information about integrating ACH Payment Services from Fiserv with your application, see the ACH Developer Guide.
Depending on how your application handles ACH transaction responses, you may need to make minor changes to handle new decline responses returned by the CardPointe Gateway.
Previously, ACH transactions would return a successful Approval authorization response at the time of the transaction (except in the event of an error), with the potential to decline at the time of settlement due to invalid or bad account information.
Now, if the account validation check fails, the authorization response will now include a decline response and reason.
The following table describes the account validation decline response in detail:
| Field Name | Value |
|---|---|
| respcode | 05 |
| respproc | BPAY |
| respstat | C |
| resptext | One of the following:
|