NACHA, the governing body of the ACH Processing network, has mandated that businesses that accept website-initiated ACH payments must now tokenize bank account data.
ACH Payment Tokenization replaces sensitive account and routing number data with a random string of alpha-numeric data. This data is called a reference token and is stored in lieu of full sensitive data.
In contrast to the credit card processing world, ACH payment transactions were not mandated to be tokenized, rendering sensitive data unreadable.
ACH datapoints consist of a bank account number and routing #. The routing # identifies the consumer or businesses bank.
Agile Payments president, Wayne Akey said “Essentially NACHA wants to ensure that full account and routing numbers are not being stored in a database that may be hacked or stolen, creating potential fraud.
The Two Phases of the NACHA ACH Tokenization mandate
NACHA, the governing board that regulates the ACH network, came down with some new data security requirements. Those requirements are spread out over two phases:
Phase One covers originators and third parties with volumes greater than 6,000,000 transactions per year. The effective date for phase one is June 30, 2021*.
Phase two covers originators and third parties with volumes greater than 2,000,000 transactions over the year 2020. The effective date for phase one is June 30, 2022*.
The Agile Payments tokenization solution can be used in two different fashions. The first would be for organizations or SaaS platforms that process currently process with Agile. By using a RESTful API data is automatically tokenized for future billing.
The second option is for organizations that work directly with their bank and that bank acts as the ODFI (processes the ACH transactions). Most banks don’t have an ACH tokenization solution. In this case, Agile Payments can work directly with the ODFI to layer the ACH tokenization solution over the bank processing engine.
For more information, visit AgilePayments.
Release ID: 89047210