What are my obligations as an ACH Originator?

What Are My Responsibilities as an ACH Originator?

As a customer of Plaid using the Transfer product, you are considered to be an ACH Originator. 

Key responsibilities of being an ACH Originator include:

• Understand and abide by the National Automated Clearing House (Nacha) Rules
• Authenticating the account owner and verifying their identity.
• Obtaining proper authorization before debiting or crediting an account.
• Establishing risk and fraud monitoring tools.
• Monitoring return rates and ensuring compliance with thresholds.
• Ensuring proper security and data protection.
• Appropriate information retention and production.

How Do I Obtain a Copy of the Nacha Rules?

You can obtain a basic version of the Nacha Rules at no cost by following these steps:

1. Go to www.nachaoperatingrulesonline.org
2. Click “Claim your subscription” and enter your email address.
3. Fill in information to create an online account. Leave the “Subscription Code” field blank, and check the box under this field to receive Basic Access. Check “I agree to the Terms of Use”, then click “Redeem”.
4. The page will show “Click here to log in”. Click the button and enter your email and temp password.
5. You will be taken to the 2025 Nacha Operating Rules Online page. At the top of the screen, click “Resources”.
6. From this page, you can access the Basic Version of the Nacha Rules, which includes all rules and the appendices. To access the guidelines, you will need to purchase a subscription or a hard copy of the rules.
7. You can access the Rules by logging in at www.nachaoperatingrules.org. Since the Rules are re-published annually, you will need to complete this process each year to access the latest version of the Rules.

What Are the Authorization Requirements for ACH Debits?

Authorization for ACH debits should include:

• Debit Frequency (one-time, recurring).
• Payment Method Clarity (that it's ACH).
• Debit Amount Transparency (exact or range for variable amounts).
• Debit Timing (specific date or range).
• Receiver Identification (name matches bank account).
• Debited Account (clearly identified).
• Revocation Instructions (for recurring debits).

Below are some examples of UIs that include all requirements needed for an ACH Debit authorization:

Example of an ACH authorization captured Plaid's Transfer UI

Example of an ACH authorization in an e-commerce checkout page

What Are Standard Entry Class Codes (SEC Codes)?

SEC codes are three-character codes that identify the type and intent of an ACH transaction and the authorization method for debit transactions. They indicate whether the transaction is business-to-business, business-to-consumer, or consumer-to-consumer. They are crucial because they help the RDFI assess the validity of authorization when a customer disputes a transaction.

Plaid permits only the following SEC codes to be utilized for ACH Transfers:

As an Originator, it's crucial that you understand what SEC codes are relevant to your use case and ensure that you code the transfers with the right SEC code.

What is an ACH Return?

An ACH return occurs when an originated transaction is returned by the customer's bank (RDFI) for various reasons, identified by a three-character return code. This can happen due to insufficient funds, account closure, unauthorized debits, or other issues. Unauthorized returns are considered the most risky. 

As an ACH originator you must stay aware of your Return rates and ensure compliance with the return rate thresholds as defined below:

ACH Debit Return-Rate Thresholds

How the Return-Rate Is Calculated

For each category, divide the number of debit entries returned within the previous 60 calendar days (≈ two full months) by the total number of debit entries originated in that same period.

Return Timing Rules

To understand more about what each return code means, and to learn how to prevent them, please refer to this article.