- Resource Center
Formed in 1974, the National Automated Clearing House (NACHA) regulates how automated clearing house (ACH) transactions should be performed and how ACH data should be safeguarded. These regulations are detailed in NACHA’s Operating Rules and Guidelines, which outline the specific processes and requirements for parties transmitting or receiving ACH data via the ACH Network. Any entity that works with direct deposits, e-checks, electronic funds transfers (EFT), bank transfers, bank payments, or other similar types of electronic payments uses ACH data to initiate and complete these transactions. Therefore, these entities are subject to NACHA and must comply with its operating rules and guidelines.
ACH refers to the automation of the clearance process for transferring payments from one party to another. This process is carried out by financial institutions called clearing houses, which are essentially middlemen that handle transactions to ensure funds are exchanged appropriately and agreements are followed. To accomplish this, NACHA’s Operating Rules and Guidelines define and establish the roles and responsibilities of each party involved in an ACH transaction.
Over the years, NACHA’s Operating Rules and Guidelines have evolved to better secure and accommodate changing technology and payment types. Recently, NACHA amended these guidelines with a set of supplementing data security requirements that mandate the secure storage of account numbers used in ACH transactions, "rendering them unreadable when stored electronically."
Because ACH payments are sent via batch processing and contain payment data similar to what is found in credit card payments, they can be secured and desensitized by tokenization in much the same way. In a typical payment card transaction, the primary account number (PAN) and other applicable cardholder data are tokenized, whereas in an ACH payment, the bank account number and consumer-level data (such as names and Social Security numbers) are tokenized.
So although the data is different, the process for protecting it is the same. Tokenized data is obfuscated and easy to store until the original sensitive data is needed, at which point the placeholder token will be exchanged and the ACH data returned. Tokenization can help simplify NACHA compliance, as well as significantly reduce the risk of ACH data theft. For an example of a relevant use case, check out our solution for PCI DSS compliance. And remember: TokenEx can work with any processor, payment gateway, or third-party sender.
With tokenization from TokenEx, you can secure and desensitize nearly any data element through a variety of acceptance channels. Our easy integration and ability to work with any endpoint allow you to add ACH data to your collection of tokenized payment types—with minimal disruption to your internal systems and business processes.
TokenEx's cloud-based tokenization can protect your ACH data to achieve NACHA compliance while preserving the business utility of that data and the agility of your internal operations, not to mention virtually eliminating the risk of data theft.