Guide to ACH Authorization Requirements
Your guide to accepting ACH payments with the appropriate ACH authorization requirements.
Download to keep the guide for reference.
FREE DOWNLOAD
An ACH authorization is the legal foundation for every electronic bank transfer, granting an Originator (business) the right to debit or credit a Receiver’s (customer’s) account.
To remain compliant with National Automated Clearing House Association (Nacha) payment rules, businesses must understand and follow specific ACH authorization requirements. In addition, updated Nacha rules require increased fraud monitoring and reporting.
Nacha ACH debit authorization requirements vary depending on the transaction type, like for recurring payments versus one-time entries.
What is an ACH Authorization?
An ACH authorization is a legally binding agreement between a customer and a business, permitting the merchant to take funds from the customer’s bank account.
Proof of authorization is important:
- For consumer protection: Proof of authorization prevents instances of fraud and gives customers control during ACH payment transactions.
- For payment compliance: Businesses should follow ACH authorization requirements to comply with payment rules and regulations. Otherwise, your organization risks fines and may lose the ability to process payments.
ACH Authorization Requirements by Transaction Type
The authorization a company needs will change depending on the ACH transaction type. These transactions are segmented using different Standard Entry Class (SEC) codes.
The ACH authorization requirements for each SEC transaction type relate to the communication channel you are using to take an ACH payment.
There are several codes, but the most relevant to business transactions are:
- PPD (Prearranged Payment and Deposit)
- TEL (Consumer authorizes payment over the phone)
- WEB (Payment initiated by a consumer over the internet)
ACH Debit Authorization Requirement Checklist
SEC (Stand and Entry Class Code)
ACH authorization Requirements for One-Time Payments
ACH Authorization Requirements for Recurring Payments
How PDCflow Helps Fulfill Proof of Authorization Requirements
PPD-Written Authorization
(or "similarly authenticated" electronic) authorization
Your Responsibility:
- Get signed authorization of receiver’s consent
- Give customer copy of signed authorization form (mandatory under Regulation E and Nacha rules)
PPD-Written Authorization
(or "similarly authenticated" electronic) authorization
Your Responsibility:
- Get signed authorization of receiver’s consent
- Give customer a copy of signed form (mandatory under Regulation E and Nacha rules)
- Must provide at least 10 days' notice if the payment amount or date changes
How PDCflow simplifies ACH authorization
- Delivers email receipt/notice of debit
- Acquires an electronic wet signature instantly from customers
- Emails a copy of signed authorization to customer
- Emails payment reminder 10 days prior to debit for recurring payments
- Emails receipt or payment failure notice after each recurring payment
- Emails copy of recurring payment schedule to customer
TEL-Telephone Authorization
(oral authorization or written confirmation)
Your Responsibility:
- Get verbal permission
- Record verbal permission or
- Provide written confirmation notice before the debit with cancellation information
Note: TEL can generally only be used if there is an existing relationship with the customer or if the customer initiated the call.
TEL-Telephone Authorization
(oral authorization or written confirmation)
Your Responsibility:
- Get verbal permission
- Record verbal permission and
- Provide written confirmation notice before the first debit with cancellation information
Note: TEL can generally only be used if there is an existing relationship with the customer or if the customer initiated the call.
How PDCflow simplifies ACH authorization
- Emails receipt/notice of debit with cancellation information
- Acquires an electronic wet signature while on the phone with customer
- Emails a copy of signed authorization to the customer
- Emails payment reminder 10 days prior to debit
- Emails receipt or payment failure notice after each recurring payment
- Emails copy of schedule to customer
WEB-Online Authorization
Electronic authorization that includes the customer’s identity and clear assent (e.g., a digital signature or "I Agree" button).
Your Responsibility:
- Customize receipt to display phone number and revocation language
- Account Validation for the first WEB debit to a consumer account. You must verify that the account is legitimate and open using a "commercially reasonable" method.
- You must capture the customer’s IP address and a timestamp of the authorization as proof.
WEB-Online Authorization
Electronic authorization that includes the customer’s identity and clear assent (e.g., a digital signature or "I Agree" button).
Your Responsibility:
- Customize receipt to display phone number and revocation language
- Customize account to allow online recurring payment set up
- Account Validation for the first WEB debit to a consumer account. You must verify that the account is legitimate and open using a "commercially reasonable" method.
- You must capture the customer’s IP address and a timestamp of the authorization as proof.
How PDCflow simplifies ACH authorization
- Offers receipt text customization
- Emails receipt/notice of debit with cancellation information
- Requires consumer to enter account number, address information to validate identity
- Requires consumer to check authorization box in order to submit payment
- PDCflow’s ACH Verify used to screen account numbers prior to first use for WEB debits
- PDCflow captures recipient IP address for every transaction
2026 Compliance Highlights
Effective March 20, 2026, and June 22, 2026, all non-consumer Originators must follow enhanced rules. Some of those include:
- Proactive Fraud Monitoring: As of June 22, 2026, every business must have a process to identify entries initiated under "False Pretenses" (e.g., vendor impersonation or payroll redirection).
- Record Retention: Valid authorizations must be retained for at least two years following the date of revocation or termination.
- Authorization Types: Permission can be granted orally, electronically, or in writing, but must always include clear terms on how the customer can revoke consent.
Why Compliance Matters
According to Nacha’s new 2026 risk management rules, failure to gather compliant authorizations will result in:
- Increased return rates for “Unauthorized” or “Administrative” returns
- Fines issued by Nacha, if you fail to provide proof of authorization
- Fraud liability, if your company doesn’t work to detect and prevent fraud.
For any transaction type, using a service like PDCflow can help automate compliance requirements by acquiring electronic "wet" signatures, emailing copies of signed authorizations, and sending required payment reminders and receipts.
Frequently Asked Questions About ACH Authorization Requirements
▸What is an ACH authorization?
▸Is an ACH authorization form required to process echecks?
▸Who enforces ACH authorizations?
▸What is a SEC ACH code?
A SIMPLE, FLEXIBLE PLATFORM
PDCflow for Payment Collection
Flow + Payments
A continual struggle in AR is turning the promise of a payment into a guaranteed payment.
Flow Technology lets staff send a payment request through email or text. This way, staff can stay on the phone to ensure the payment goes through.
PDCflow for Compliance
Take agent-assisted payments with Flow.
Staff can send payment terms and a payment request during negotiations. The consumer keys in cardholder details, which are captured and stored outside your company’s systems. This reduces PCI compliance scope and keeps payments secure.
Recurring Payments
Payment flexibility makes negotiation easier. PDCflow recurring payments let admins control minimum payment amounts and maximum terms.
PDCflow also offers schedules through your company’s online payment page. Let people pay the way that works for them, without the hassle of a live payment negotiation.
