Ca$hTrac Reference Guide
This page contains important information for using Ca$hTrac, including the complete Reference Guide. Below are key points to reference when originating ACH transactions through Ca$hTrac.
- Obtain written authorization from all ACH participants
- PPD or CCD? Use PPD if sending a debit/credit to a PERSON. Use CCD if sending a debit/credit to a COMPANY.
- ACH entries must be initiated at least one day prior to the effective date
- Your company name must be easily recognized by Receivers
- Enter in the full name of the receiver
- Take immediate action on all Notifications of Change
ACH Rules – Highlights of your responsibilities
The topics detailed below summarize key points contained in the service agreement when originating ACH transactions through Ca$hTrac. Originating companies acknowledge and must follow all terms and conditions outlined in the most current ACH Rules as defined in the service Agreement for Payment and Collection of Funds by Electronic Means.
For more information, please contact your First American Bank Treasury Management consultant.
The Rules require originating companies to maintain a minimum standard of network security encrypted using a commercially reasonable security technology that complies with current applicable regulatory guidelines. In addition to the Rules, network security for ACH and online banking are detailed in service agreements. Security Awareness and Best Practice documents are located in the Business Fraud Prevention/Resources page of our website.
- ACH Security Framework Amendment
All ACH Originators are required to establish, implement and as appropriate, update security policies, procedures and systems related to the initiation, processing and storage of Entries and resulting Protected Information. Protected Information is defined as the non-public personal information, including financial information of a natural person that is used to create, or contained within, an Entry and any related Addenda Record. These policies, procedures and systems must:
- Protect the confidentiality and integrity of Protected Information.
- Protect against anticipated threats or hazards to the security or integrity of Protected Information; and
- Protect against unauthorized use of Protected Information that could result in substantial harm to a natural person
- Internet-Initiated Entries/Mobile Payments
The WEB transaction type is required when originating single or recurring debit entries to consumer accounts and the payment instructions and/or authorization of the Receiver is obtained through the Internet or another Unsecured Electronic Network. Originating companies must 1) take precautions to identify and authenticate the consumer Receivers that provide instructions and authorizations; 2) verify the bank routing numbers provided by the Receivers are valid; 3) employ fraudulent transaction detection systems; and, 4) undergo and be prepared to provide an annual data security audit to ensure minimum requirements are met for the security and integrity of the systems and networks involved with all aspects of ACH WEB origination.
- ACH Returns
Click here for detailed ACH return reason code definitions. Ca$hTrac provides notices of ACH Returns to authorized users within Ca$hTrac under the ERD Reports menu.
- OFAC Enforced Sanctions (Warranties of the Company)
- It shall be the responsibility of the Company that the origination of ACH transactions complies with the laws of the U.S. This includes, but is not limited to sanctions enforced by the Office of Foreign Assets Control (OFAC). It shall further be the responsibility of the Company to obtain information regarding such OFAC enforced sanctions. (This information may be obtained directly from the OFAC Compliance Hotline at (800) 540-OFAC. Or http://www.treas.gov/offices/enforcement/ofac/).
- Notifications of Change (NOC)
The Rules provide six banking days from receipt of an NOC to investigate and implement corrections to entries prior to initiating another entry to the Receiver's account. Your Company should be thoroughly familiar with the NOC codes and their meanings.
- Company Name Identification
The name of your Company must be easily recognized and meaningful to Receivers within the Entries you originate. This requirement is designed to reduce the number of unrecognized entries requiring investigation and unnecessary return.
- Company Entry Description
The Company Entry Description filed must describe the purpose of the entry to the receiver. For instance, Payroll or Donations.
- Participant Authorizations (Warranties of the Company)
The Company shall retain written authorizations of participants (or a reasonable facsimile of the original) for a period no less than 2 years after the revocation or cessation of the authorization. Participant Authorizations must also provide the Receiver with the method of revocation in accordance with the Rules. The Company must ensure that it is able to provide copies of said authorizations to their Originating Depository Financial Institution (ODFI) in a timely manner.
It is strongly recommended by the Bank that the Company send a Pre-notification ('Prenote') of any new debit/credit entry for distribution through the Bank to the appropriate Receiving Depository Financial Institutions (RDFI); the Prenote must be provided by the Company to the Bank at least 5 banking days prior to initiation of any debit/credit entry processed hereunder. Upon receipt of any returns relating to prenotifications indicating that the RDFI cannot accept such entry, the Company will cease initiating live entries.
- Reinitiating Entries (Processing Entries)
Any entry returned for insufficient or uncollected funds may only be reinitiated by the Company no more than two times following the return of the original entry. In addition, any entries returned for Customer Revokes Authorization (R07) Customer Advises Not Authorized (R10) or Item is Ineligible, Notice Not Provided, Signature Not Genuine or Item Altered (R51) may not be reinitiated. You would have to contact the receiver regarding these entries.
- Reversing Entries
The Originator must notify the Receiver of and the reason for reversing an entry no later than the settlement date of the reversing entry. This will ensure that Receivers are made aware of ACH reversal activity to their accounts prior to the receipt of their periodic account statements. The choice of method is at the discretion of the Originator. (i.e., mail, telephone, fax, etc.) This must be reversal of a previous transaction, you must enter in a description of “REVERSAL”, and the REVERSAL has to be submitted by the 5th banking day from the settlement date of the erroneous entry.
- UCC4A (Processing Entries)
Credits given by the Receiving Depository Financial Institution (RDFI) to the Receiver with respect to credit entries subject to Uniform Commercial Code Article4A (UCC4A), is provisional until the RDFI has received final settlement through a Federal Reserve Bank or otherwise has received payment as provided in Section 4A-403 (a) of UCC4A, and if such settlement or payment is not received, the RDFI shall be entitled to a refund of the amount credited from the Receiver, and the Originator shall not be deemed to have paid the Receiver the amount of the entry.
It is very important to understand and stay in compliance with the ACH Rules to avoid the possibility of Rule violations and fines. Check www.nacha.org regularly to stay informed about the Rules and upcoming amendments.