Automated Clearing House (ACH) is a federally regulated electronic network used by banks to send and receive bill payments, e-checks, direct deposit statements and other types of transfers. This interbank network is similar to what financial institutions use for wire transfers, but ACH usually works best for batched, automated or recurring payments.
When compared to traditional credit card processing, ACH offers important cost savings — for merchants and customers alike. Some types of ACH transfers are even free.
However, how secure is the ACH network?
Like all payment technologies, there are certain risks. Even cash doesn't protect you 100 percent from theft or fraud. However, there exist a number of steps users can take to protect themselves when sending or receiving payments through the ACH network.
Internal Controls Offered by NACHA and Merchants
ACH is regulated by the federal government and managed by the National Automated Clearing House Association (NACHA). In order to register within the network, users must register:
- Bank details
- Routing numbers
These steps are comparable to what one finds in the credit card industry. However, ACH payments aren’t required to follow PCI-compliant standards. This is why merchants are encouraged to employ additional layers of protection, including:
1. Merchant-Specific Registration
Users must formally create individual relationships with payees and recipients. The ACH network doesn't allow for anonymous and indiscriminate transfers.
2. Micro Validation
After creating a relationship with a merchant, the payment processor adds two "micro deposits" into a user's bank account. The user must then verify the exact penny amount of those deposits in order to begin sending or receiving money. If you've ever set up PayPal, you've gone through a similar validation process.
3. Tokenization and Encryption
4. Secure Vault Payments
A relatively new service, Secure Vault Payments (SVP) allow users to initiate ACH transactions without ever sharing sensitive financial data with recipients. Users authorize all transactions directly through their online bank accounts.
Common Sense Security Tips for ACH Customers
As a customer, you should look for merchants who employ some or all of the above security features. However, there are also steps you can take to protect your information from prying eyes. NACHA offers a list of best practices, but these tips apply equally to all types of electronic transactions, including ACH transfers, credit card payments, and online banking.
Here are some of the most important tips:
- Avoid using public computers for any financial activity
- Have virus protection on any of the computers you do use (Mac included)
- Don't click links within emails — even from "trusted" sources. Instead, you should manually type URLs if you're going to initiate a payment
- Never provide usernames, passwords or other private information via email
Have Additional Security Questions about ACH?
Still not sure if ACH is right for you?