CUNA Regulatory Comment Call

June 5, 2000




NACHA proposes to amend the NACHA Operating Rules to allow for consumers to pay for goods and services sold on the internet with an automated clearing house (ACH) debit from their accounts. NACHA proposes implementing an interim rule from September 15, 2000 through March 15, 2001, and a final rule on March 16, 2001.

This Request for Comment contains the recommendation that the NACHA Operating Rules be amended to:

Comments are due to NACHA by July 10, 2000. Please submit your comments to CUNA by June 30, 2000. Please feel free to fax your responses to CUNA at 202-371-8240; e-mail them to Associate General Counsel Mary Dunn at or to Assistant General Counsel Michelle Profit at or mail them to Mary or Michelle in c/o CUNA’s Regulatory Advocacy Department, 805 15th Street, NW, Suite 300, Washington, DC 20005.

NACHA has prepared its own survey that includes the questions at the end of this comment call. Press here for a complete copy of that survey (Note: PDF file). Surveys and comments may be sent directly to NACHA attention of: Debbie Barr, AAP, Assistant Director of Network Services, NACHA, 13665 Dulles Technology Drive, Suite 300, Herndon, VA 20171, fax: (703) 787-0996, E-mail: Please forward any copy of this survey to CUNA as well.


This request for comment contains the recommendation that the NACHA Operating Rules be modified to include an interim rule that will be effective September 15, 2000 through March 15, 2001 and a final rule that will be effective on March 16, 2001.

Interim Rule: Using the PPD Format to Uniquely Identify Internet-Initiated ACH Payments

Under the proposed interim rule, the definition of the Prearranged Payment and Deposit Entry (PPD) format would allow internet-initiated entries to be identified by financial institutions until the new Standard Entry Class Code in the final rule becomes effective. Under the interim rule, which has been designed so that Receiving depository financial institutions (RDFIs) are not required to make any software changes, internet-initiated entries will be identified through the inclusion of the word "INTERNET" in the Company Entry Description Field of the Company/Batch Header Record. RDFIs will also be able to identify whether the internet-initiated ACH debit is a recurring payment or single-entry payment by an indicator in the Discretionary Data Field of the PPD Entry Detail Record. The indicator would be "S" for single entry payment and "R" for recurring payment. Under the interim and final rules, the Company Name Field would identify the originator of the internet-initiated debit entry and would be placed on the consumer’s bank statement.

Final Rule: A New Standard Entry Class (SEC) Code – Internet-Initiated Entries (WEB)

Under the proposed final rule, a new SEC code (WEB) would supersede the use of the PPD format for internet-initiated ACH payments. In the final rule, a distinct field within the Entry Detail Record (the Payment Type Code) will be used to identify whether this is a single entry or recurring Internet-initiated PPD entry. This unique Standard Entry Class Code will enable RDFIs to readily identify these types of entries.

Legal Framework

The laws and regulations that apply to internet-initiated debit entries are the NACHA Operating Rules, the Electronic Funds Transfer Act, and Regulation E.

Return of an Internet-Initiated Debit Entry

In general, the NACHA Operating Rules require that an RDFI transmit a return for an internet- initiated entry to the RDFI’s ACH Operator by its deposit deadline for the return entry to be made available to the ODFI no later than the opening of business on the second banking day following the settlement date of the original entry.

In certain instances, the consumer may claim that he did not authorize the Originator to transmit an internet-initiated debit entry or that the consumer revoked the authorization prior to the debit posting to the account. In that case, the RDFI will have a longer deadline for returns. The RDFI must transmit a return to its ACH Operator by the deposit deadline for the return entry to be made available to the ODFI no later than the opening of business on the banking day following the sixtieth calendar day following the settlement date of the original entry. In circumstances in which an entry was not authorized or the authorization for recurring entries was revoked, the consumer will be required to sign an affidavit in order for the RDFI to recredit the consumer’s account and return the entry. Any subsequent dispute regarding an unpaid debt must be addressed directly between the merchant and the consumer.

Returns Not Allowed for Authorization Revoked on Single-Entry Debits

Under the final rule establishing the new WEB Standard Entry Class Code, single-entry internet- initiated debit entries may not be returned by the consumer’s financial institution using Return Reason Code R07 – Authorization Revoked By Consumer. Therefore, the Originator is not required to include within the authorization language for a single-entry internet-initiated entry the method by which the consumer may revoke his authorization for such a transaction. The rationale for not allowing returns for this reason is that these transactions are one-time payments that are authorized at the time goods or services are purchased. The consumer does, however, retain the right to place a stop payment on a single-entry internet-initiated debit, or he could request the return of any unauthorized entry using Return Reason Code R10. The consumer may also seek a refund directly with the merchant. The interim rule does not require the Originator to include revocation language in the authorization, but the credit union/merchant should realize that until the final rule is implemented, the consumer could still use Return Reason Code R07.

Stop Payment of an Internet-Initiated Debit Entry

Under the PPD interim rule, and for recurring payments under the final rule establishing the new WEB SEC Code, the stop payment provisions for internet-initiated payments will be the same as current NACHA Operating Rules provisions (i.e., the stop payment order must be placed at least three days prior to the scheduled date of the transfer). For single-entry internet-initiated entries under the new WEB SEC Code, however, the NACHA Operating Rules are different. They require a consumer to place a stop payment order in such a time and in such a manner that the RDFI has a reasonable opportunity to act upon the stop payment order prior to acting on the debit entry. This variation is consistent with the stop payment requirements currently in place for re-presented check entries, point-of- purchase entries, and PPD Accounts Receivable Truncated Check Debit Entries.


In addition to the general warranties that cover ODFI transmission of all ACH entries, ODFIs must be aware that they will assume the following additional warranties related to internet-initiated debit entries:

These warranties expose them to additional liabilities. ODFIs must ensure that they are aware of such warranties and resultant liabilities, and they should be sure such issues are addressed within their ODFI/Originator agreements.


The proposed interim rule requires no software changes by RDFIs, but allows them to identify both single entry and recurring internet-initiated ACH debit transactions to consumer accounts. RDFIs should be aware that, as with all ACH entries, internet-initiated debit entries may be returned for any valid reason, with the following exception; for the new WEB SEC Code, they will not be able to utilize Return Reason Code R07 for single-entry internet-initiated entries. For unauthorized internet-initiated debit entries to consumer accounts, the RDFI may transmit the return entry so that it is made available to the ODFI no later than the opening of business on the banking day following the sixtieth calendar day following the Settlement Date of the original entry. For such return entries, the RDFI must have the Receiver’s affidavit that the entry was not authorized. RDFIs will need to ensure that their operations and customer service departments understand how these entries were initiated in order to be prepared to respond to customer service inquiries related to these transactions.


Members should be aware that by providing their authorization over the Internet, along with their bank information (routing and account number), they have authorized the initiation of an ACH debit to their accounts for the purposes of purchasing goods or services. Members should be aware that they need to be in a secure session prior to entering financial information over the Internet for purposes of purchasing goods or services. Members should understand that information relating to the transaction (i.e., merchant name, amount of transaction, etc.) would be provided to them on their monthly share draft statements to assist in reconciling their accounts. Information pertaining to such entries will be located in the electronic payments section of the bank statement. For the final rule implementing a new SEC Code, members should be aware that they may not return a single entry transaction on the basis that the authorization was revoked. Members do retain the right to place a stop payment order on such an entry or to be recredited for such a transaction if it is unauthorized.

NACHA states that this pilot would benefit RDFIs in the following manner:





Street Address:_____________________________________


Phone:_______________________ Fax:_________________


Eric Richard • General Counsel • (202) 508-6742 •
Mary Mitchell Dunn • SVP & Associate General Counsel • (202) 508-6736 •
Jeffrey Bloch • Assistant General Counsel • (202) 508-6732 •
Catherine Orr • Senior Regulatory Counsel • (202) 508-6743 •