How ACH works: Ultimate Guide

Disclaimer

This article aims to introduce the technical principles related to financial systems. All content is for educational and informational reference only and does not constitute any investment, financial, legal, accounting, or tax advice.
The information may be based on public sources and the author's understanding, or may be incomplete, outdated, or contain errors; relevant standards, interfaces, regulations, and industry practices may change over time. We make no express or implied warranties regarding the accuracy, completeness, or applicability of the content.
Before designing, developing, deploying, or operating any financial system, product, or process, readers should conduct independent compliance assessments and adhere to applicable laws and regulations (including but not limited to AML/CFT, KYC/KYB, data and privacy protection, consumer protection, sanctions and suspicious transaction reporting, and money transmission/payment institution licensing), and consult qualified professionals or relevant regulatory authorities.
References to organizations, standards bodies, networks, and trademarks are for illustration purposes only and are owned by their respective rights holders. Unless expressly stated otherwise, the author has no agency, endorsement, or partnership with the aforementioned entities.
To the maximum extent permitted by law, we are not liable for any direct, indirect, incidental, or consequential loss arising from reliance on or use of this content.
Regulatory obligations vary by jurisdiction, and readers should interpret and implement them in light of local laws and policies.
This article may be updated at any time without prior notice.

Part of the content in this article uses GenAI technology to streamline the original content and generate corresponding tables.

Chapter 1: Core Concepts of the ACH Network#

Automated Clearing House (ACH) is one of the cornerstones of the U.S. financial system, a vast and efficient electronic network specifically designed to process large volumes of credit and debit transactions. For any reader wishing to understand the operational mechanisms and principles of the ACH system, this guide will start with core concepts and gradually delve into technical details, aiming to provide a comprehensive reference.

1.1 What is ACH?#

The ACH network is not a real-time payment system but a batch processing system based on the "store-and-forward" model. This means that transaction instructions are collected and bundled into batches at specific times during the day, and then sent and processed collectively, rather than being completed individually in real-time. This design allows for extremely high efficiency and low costs when processing large volumes of non-urgent payments.

The network primarily supports two core types of transactions, which together constitute its breadth of application:

Direct Deposit (ACH Credit): This is a "push" operation where the payer actively sends funds to the payee's bank account. Common applications include businesses disbursing employee wages, government disbursing social benefits and pensions, tax refunds, and companies paying dividends and interest. ACH credit transactions constitute the main channel for payroll and benefit disbursements in the U.S.
Direct Payment (ACH Debit): This is a "pull" operation where the payee withdraws funds from the payer's bank account based on prior authorization. Typical applications include consumer-authorized recurring bill payments (such as mortgages, utilities, insurance premiums) and automatic deductions for various subscription services.

To better position ACH, it is necessary to compare it with other key systems in the U.S. payment ecosystem:

Wire Transfer: ACH primarily serves domestic payments, with transaction costs typically much lower than wire transfers. Wire transfers (via the Fedwire system) can handle international transactions, incurring higher fees, but their advantage lies in being real-time gross settlement (RTGS), where funds can be credited almost immediately and considered final. In contrast, ACH's batch processing model results in some settlement delays.
Real-Time Payments (RTP/FedNow): In recent years, the U.S. has launched true 24/7/365 real-time payment networks, such as The Clearing House's RTP® and the Federal Reserve's FedNow® service. These systems provide instant clearing and settlement. Nacha (the governing body of the ACH network) positions these emerging real-time payment systems as a complement to ACH rather than a replacement. The two serve different application scenarios: ACH excels at handling scheduled, large-volume recurring payments, while real-time payments are better suited for high-value or urgent transactions requiring immediacy and finality.

1.2 Key Participants in the ACH Network#

The smooth operation of the ACH network relies on a sophisticated ecosystem composed of multiple roles. Each participant has specific responsibilities and legal obligations clearly defined by Nacha rules, and understanding these roles is key to grasping the operational logic of ACH.

To initiate an ACH credit or debit on someone's bank account, one must first find a bank willing to process these transactions on your behalf. Only banks are allowed to initiate ACH transactions directly. You need to open a business account at the bank and apply for permission to originate ACH transactions through them. If they agree, they will become your ODFI, which stands for "Originating Depository Financial Institution," but essentially, it's just a fancy term for "bank."

Originator: This is the starting point of the entire transaction process and can be any entity wishing to initiate an ACH payment, including individuals, companies, or government agencies. The core responsibility of the originator is to obtain clear and verifiable authorization from the receiver before initiating any debit or credit transaction.
Originating Depository Financial Institution (ODFI): This is the bank of the originator and must be a member of Nacha. The ODFI acts as the "gatekeeper" of the network. It receives payment instructions from its clients (the originators), packages these instructions into ACH files that comply with Nacha specifications, and submits them to the ACH operator. The ODFI guarantees to the entire network that all transactions it submits have been legally authorized. This role carries significant underwriting and compliance risks. In practice, the ODFI often advances or deducts funds from the originator's account before the transaction is finally settled, thus assuming initial credit risk.
ACH Operator: This is the central clearing facility of the network, responsible for processing transactions between ODFIs and RDFIs. There are two ACH operators in the U.S.: the Federal Reserve's FedACH and The Clearing House's Electronic Payments Network (EPN). The systems of these two operators are fully interoperable, ensuring complete network coverage. They receive batches of ACH files from all ODFIs, classify massive entries by destination RDFI, and then distribute the organized files to the corresponding RDFIs. Additionally, the operators are responsible for calculating net settlement positions between their member financial institutions. FedACH processes both government and commercial transactions, while EPN, as a private operator, primarily handles commercial transaction volumes.
Receiving Depository Financial Institution (RDFI): This is the bank of the receiver. It receives ACH files from the ACH operator and credits or debits the funds to its customer's (the receiver's) account based on the instructions in the file on the effective entry date. The primary responsibility of the RDFI is to process incoming transactions promptly and accurately and to initiate any necessary return operations.
Receiver: This is the ultimate object of the transaction, whose bank account is credited or debited. The core role of the receiver is to provide authorization for the transaction to the originator.
Third-Party Service Providers (TPSP) and Third-Party Senders (TPS): In the complex payment ecosystem, many entities act as intermediaries providing ACH processing services. For example, a payroll processing company is a typical TPS that aggregates payroll payment instructions from multiple businesses (originators) and submits these transactions to the ACH network through its single relationship with an ODFI. Nacha has established specific rules to clarify the roles, responsibilities, and risk assessment requirements for TPS, including more complex "nested TPS" relationships, where one TPS processes through another TPS.

This multi-party participation structure brings an important asymmetry, especially in the distribution of risk and responsibility. The ODFI, as the party introducing the transaction into the network, bears the primary underwriting responsibility. They must conduct rigorous due diligence and risk assessments on their clients (the originators) because if an originator engages in fraud or violations, the ODFI faces direct financial loss and compliance penalties. For businesses or developers wishing to initiate ACH transactions, this means obtaining services from an ODFI is not easy; banks will conduct comprehensive reviews of the originator's business model, financial condition, and anti-fraud capabilities. Therefore, risk management in ACH is not only best practice but also a prerequisite for participating in the network, enforced by the ODFI that bears the primary risk.

Participant	English Name	Core Responsibilities
Originator	Originator	Initiates transactions; obtains and retains authorization from the receiver.
ODFI	ODFI	Receives instructions from the originator; creates and submits ACH files to the ACH operator; guarantees the validity of transactions; assumes initial credit risk.
ACH Operator	ACH Operator	Receives, classifies, and distributes ACH files; clears transactions; calculates net settlements between financial institutions.
RDFI	RDFI	Receives files from the ACH operator; credits or debits the receiver's account; processes returns and notifications of change.
Receiver	Receiver	Authorizes the originator to conduct transactions; receives funds or is debited.
TPS	TPS	Acts as an intermediary between the originator and ODFI, submitting transactions on behalf of one or more originators.

1.3 Regulation and Rules: The Role of Nacha#

The stability and reliability of the ACH network depend on a strong governance framework, at the core of which is Nacha.

Role of Nacha: Nacha (formerly known as the National Automated Clearing House Association) is a non-profit organization responsible for managing and governing the ACH network. It is important to clarify that Nacha is not a federal government agency, but it maintains close collaborative relationships with the Federal Reserve, the U.S. Department of the Treasury, and other banking regulatory agencies. Its core function is to develop, manage, and enforce a comprehensive set of operational rules known as the Nacha Operating Rules.
Nacha Operating Rules: This set of rules serves as the legal and operational foundation for every ACH payment, detailing the roles, responsibilities, and legal obligations of all participants in the network. The rules cover all aspects from transaction authorization, data security, file formats, settlement processes to exception handling. This set of rules is not static but continuously evolves through a formal, inclusive, and consensus-based rule-making process to adapt to technological developments and market demands.
Enforcement of Rules: Nacha has a formal rule enforcement mechanism to correct violations and maintain the overall quality and reputation of the network through warnings, fines, and arbitration. Participating financial institutions can report suspected violations. For serious violations, such as intentional or reckless behavior involving large transactions or significant amounts, Nacha can impose fines of up to $500,000 and instruct ODFIs to suspend the transaction authority of the violating originator.

Chapter 2: The Lifecycle of ACH Transactions#

To truly understand ACH, one must grasp the complete process from the birth to the conclusion of a transaction. We will break down the various stages of a standard ACH transaction in detail, clarifying its timeline and unique settlement confirmation mechanisms.

2.1 Detailed Transaction Process: From Initiation to Settlement#

We will take a typical ACH debit transaction (for example, paying a utility bill) as an example to track its lifecycle step by step. It should be noted that the process and timeline for ACH credit transactions are identical.

Step Zero: Initiation & Authorization
This is the step before the ACH transaction begins and is not part of the ACH transaction processing timeline. But the ACH transaction starts when the originator (in this case, Acme, Inc.) obtains payment authorization from the receiver (the customer). This authorization must be clear and explicit, and the originator is responsible for properly maintaining the authorization records for verification.
Step One: ODFI File Submission
The originator creates an ACH file containing all necessary transaction details based on the authorization information. This file is then securely transmitted to its partnering ODFI, typically via a secure FTP server. Each ODFI has its own daily file receipt cut-off time; transactions submitted after this time will be processed on the next business day.
Step Two: ODFI Batching & Transmission
Upon receiving the file, the ODFI aggregates it with files from other originators, packaging them into larger batches. At the scheduled processing time, the ODFI sends these batch files to an ACH operator (FedACH or EPN).
Step Three: ACH Operator Clearing
After receiving massive transaction data from various ODFIs, the ACH operator begins the clearing process. It classifies and sorts entries based on the destination RDFI routing numbers in each entry, then packages all transactions belonging to the same RDFI into new files, preparing for distribution. Meanwhile, the operator calculates the net settlement positions among all participating banks.
Step Four: RDFI Processing
The RDFI retrieves the prepared files from the ACH operator. On the effective entry date specified in the file, the RDFI debits the corresponding amount from the receiver's account.
Step Five: Settlement
This is the final step where funds actually flow between financial institutions. The ODFI and RDFI complete the final fund transfer through their reserve accounts at the Federal Reserve. Only after this step is the ODFI considered to have truly recovered the funds it may have advanced to the originator at the beginning of the transaction.

In practice, the transmission of ACH files relies almost entirely on FTP servers, with the ACH operator providing a large FTP server for ODFIs and RDFIs to submit various ACH files.

2.2 ACH Credit vs. ACH Debit#

Although the processes are similar, credit and debit transactions have essential differences in the flow of funds and risk characteristics.

Credit Transactions ("Push"): In credit transactions, the originator actively "pushes" funds into the receiver's account. The entire process is essentially the same as the debit transaction described above, with the only difference being that in Step Five, during RDFI processing, the receiver's account is credited (funds deposited).
Debit Transactions ("Pull"): In debit transactions, the originator "pulls" funds from the receiver's account based on authorization.

The risk profiles of these two transaction types differ significantly, which is crucial for developers designing payment systems. ACH debit transactions inherently carry a higher risk of fraud because they involve withdrawing money from another person's account. Unauthorized debits can lead to direct financial losses for victims. Therefore, Nacha rules impose strict authorization requirements for debit transactions, typically requiring written or "similar certification" authorization. Particularly for consumer debit transactions, the rules provide a 60-day refund window to protect consumer rights. This means that businesses initiating debit transactions must establish very robust authorization management and identity verification processes to control risk.

In contrast, the risk in credit transactions is more focused on "operational risk," which involves ensuring that funds are pushed to the correct account. Once a credit transaction is sent incorrectly, it can be very difficult to recall the funds. In recent years, "credit-push fraud" has also been on the rise, where fraudsters deceive payers into authorizing funds to be sent to accounts they control.

Whether Push or Pull, the transaction fees charged by ACH operators are always paid by the ODFI. However, all participants must pay network participation fees to the ACH operator.

2.3 Transaction Timeline and Fund Availability#

The batch processing nature of ACH determines its unique settlement timeline and fund confirmation logic.

Standard ACH (Next-Day Settlement): Traditionally, ACH is a next-day settlement system. ACH files submitted before the cut-off time on a business day (Day 1) are processed by the operator that evening and delivered to the RDFI for settlement the next day (Day 2).

"No news is good news" principle: This is key to understanding ACH settlement. The ACH network itself does not provide a "success" confirmation receipt for a successful transaction. The originator will only receive notification if the transaction fails (i.e., is returned). Therefore, in the absence of any return notifications, the transaction is assumed to be successful.
Actual Fund Credibility Time: Because of the above principle, the originator cannot assume that funds are "safe" or "settled" on the same day that a debit transaction is settled. The RDFI has the right to initiate a return within a certain timeframe. For most routine errors (such as insufficient funds), the return window is typically 2 business days. However, for consumer claims of unauthorized debits, the return window can be as long as 60 calendar days. Therefore, the common practice in the industry is to wait at least 3-4 business days after the settlement of a debit transaction before considering the funds reliable and available.

Same-Day ACH:

Functionality: To meet market demand for faster payments, Nacha introduced Same-Day ACH rules. It allows originators to complete fund settlements on the same day they submit ACH files. The originator requests same-day processing by setting the "effective entry date" field in the ACH file to the current business day.
Processing Windows: ACH operators provide multiple same-day ACH processing windows each business day, with the earliest batches being settled within a few hours.
Limitations: Same-day ACH is not without limitations. It does not apply to international transactions (IAT), and each transaction has a limit of $1 million, and splitting a larger transaction into multiple smaller transactions to circumvent this is not allowed. Additionally, ODFIs may charge higher fees for same-day ACH transactions (in some cases up to 100 times that of standard ACH).

A key point to understand about same-day ACH is that it accelerates the speed of fund settlement but does not change the timing of risk confirmation. Same-day ACH shortens the time for funds to flow from the originator to the receiver's account (i.e., the first three steps of the lifecycle) but does not shorten the statutory timeframe for the RDFI to initiate a return (i.e., the last two steps of the lifecycle). The RDFI still has the same return window as standard ACH (e.g., 2 business days for R01 and 60 calendar days for R10). This means that even if funds from a same-day ACH debit reach the originator's account on the same day, those funds are essentially still "at risk" and could be withdrawn in the coming days or even weeks. Therefore, same-day ACH is a powerful tool for improving cash flow efficiency, but it should not be misunderstood as a mechanism for reducing settlement risk. When designing system logic, it is crucial to recognize this clearly to avoid misclassifying funds that arrive on the same day as having been finally settled.

2.4 Transaction Example#

To make it easier for you to understand what happens throughout the process and the corresponding time points, let’s now play the role of a utility company named Acme, Inc. The company's partner bank is Expel Bank, which has a good relationship with Acme, Inc. and allows us to process payments directly using ACH files.

Day 1 19:00 / 07:00AM | Originator -> ODFI (Our Bank)
Depending on the agreement between the customer and the bank, the bank will require the customer to submit the ACH file for processing by a certain time. In this story, Expel Bank requires Acme, Inc. to submit the ACH file by 7 PM every day. At the cut-off time of 7 PM, Expel Bank will verify whether Acme, Inc.'s ACH file passes a series of basic reasonableness checks (e.g., whether the account number is reasonable, whether the amount does not exceed certain underwriting thresholds, etc.). They will also take measures to confirm that the file indeed comes from us and not someone impersonating us.
Day 2 00:01 / 12:01AM | ODFI -> Federal Reserve -> RDFI (Receiving Bank)
Once Expel Bank determines that our ACH file is valid, they will forward the ACH file to the Federal Reserve for processing. Since the fees for same-day ACH are higher than standard ACH, as a super company operating in all 50 states, we want to save costs for our shareholders, so we choose to use standard ACH (next-day ACH). This means that the ACH debit request sent to the Federal Reserve will be processed around midnight and provided to the RDFI (receiving bank) at approximately the same time.
Day 2 05:00 / 05:00AM | RDFI -> Receiver
The receiving bank will obtain the debit notification when it opens for business in the morning (for simplicity, assume it is 5 AM) and will deduct the funds from its customer's account at that time.

As you can see, for ACH transfers that are not returned, the timing is quite straightforward: ACH files initiated before 7 PM will settle the next morning.

When an ACH file is returned, the processing time will be longer.
Day 4 00:01 / 12:01AM RDFI -> Federal Reserve -> ODFI
Oops, our customer lost their job due to an executive order issued by the greatest president in U.S. history, and they are now in an economic crisis and unable to pay our bill.
When the RDFI receives the ACH debit notification on Day 2, they are allowed to notify the Federal Reserve by the end of the next business day at the latest that they wish to return the ACH debit. Sometimes, banks act quickly and notify the Federal Reserve by the end of the same day. However, in most cases, banks will delay notifying the Federal Reserve as much as possible, typically until the end of Day 3.

Once the Federal Reserve receives the return, they will notify the ODFI that the ACH debit has been returned that evening.

There is a significant exception to the next-day cut-off: if the customer informs the bank that they did not authorize the ACH debit (for example, if a fraudster used a stolen bank account), the RDFI is allowed to return the ACH debit within 60 days. This is why ACH agreements are very consumer-friendly, as the originator of the ACH debit must now return the funds they deducted and attempt to recover any consideration provided due to that debit.
Day 4 05:00 / 05:00AM | ODFI -> Originator
The ODFI bank will receive the return notification at some time when it starts business in the morning (for simplicity, still using 5 AM as an example) and will forward it to the originator.

It is important to note that the ACH system never provides a positive confirmation that an ACH debit has been successfully processed. The only response the ACH originator may receive is a notification that there has been a return. Because of this "no news is good news" practice, ACH debit originators should cautiously wait an additional 3 business days after receiving "no news" before shipping products to customers. Although the ACH system is referred to as a next-day settlement system, in practice, this is not the case due to this reason.

Therefore, for example, an ACH debit submitted by a business on Monday is generally not considered to have no issues until Thursday morning. An ACH debit submitted on Wednesday should not be considered secure until the following Monday morning.

Let’s summarize this timeline in a simple table.

Description	Cut-off Time
Originator submits ACH request to ODFI	Day 1 19:00
ODFI forwards ACH request to the Federal Reserve (Fed), then sends to RDFI	Day 2 00:01
RDFI receives ACH request, then forwards to the receiver	Day 2 05:00
RDFI sends ACH return to the Federal Reserve (Fed), then sends to ODFI	Day 4 00:01
ODFI receives ACH return request, then forwards to the originator	Day 4 05:00

What if we want to receive payments faster and choose same-day ACH?

Now, the second and third steps in the table above can occur earlier on the first day. The ODFI will forward the ACH request to the Fed (and RDFI), and the RDFI will settle the funds, all with new time windows.

Window 1: The Federal Reserve receives the ACH request before 7:30 AM Pacific Time, and the RDFI completes fund settlement before 10 AM Pacific Time.
Window 2: The Federal Reserve receives the ACH request before 11:45 AM Pacific Time, and the RDFI completes fund settlement before 2 PM Pacific Time.
Window 3: The Federal Reserve receives the ACH request before 1:45 PM Pacific Time, and the RDFI completes fund settlement before 3 PM Pacific Time.

Additionally, the new rules also require the RDFI to make funds available to the receiver by 5 PM local time.

Now, we will submit the ACH file early in the workday and use same-day ACH, so the timeline becomes as follows.

Description	Cut-off Time
Originator submits ACH request to ODFI	Day 1 9:00
ODFI forwards ACH request to the Federal Reserve (Fed), then sends to RDFI	Day 1 10:45
RDFI receives ACH request and forwards to the receiver	Day 1 5:00 (RDFI local time)
RDFI sends ACH return to the Federal Reserve (Fed), then sends to ODFI	Day 3 12:01
ODFI receives ACH return request and forwards to the originator	Day 3 5:00

Chapter 3: Technical Core: NACHA File Format#

For developers needing to interact with the ACH network on a technical level, understanding its file format is an indispensable part. This chapter will delve into the structure and specific fields of NACHA files, providing a detailed blueprint for file generation and parsing.

3.1 Overview of File Structure#

All ACH transactions are carried in a strictly defined text file.

Format: An ACH file is a fixed-width ASCII text file. Each line in the file, known as a "record," has a strictly fixed length of 94 characters. Any deviation will result in the file being rejected.
Structure: The file adopts a layered, nested structure, which can be visually understood as "envelopes within envelopes":
- File: The outermost envelope, starting with a file header record and ending with a file control record. A file can contain one or more batches.
- Batch: The inner envelope, starting with a batch header record and ending with a batch control record. A batch contains a group of transactions with common characteristics (such as originating company, SEC code, effective date).
- Entry: The core content, representing a single transaction. It is represented by an entry detail record, which may be followed by one or more optional addenda records.
Padding Rules: This is a detail that is easy to get wrong during file generation. All fields must be padded strictly according to their defined data types and lengths.
- Numeric Fields: Must be right-aligned and padded on the left with leading zeros (0). For example, a length 10 amount field with a value of 12345 should be represented as 0000012345.
- Alphanumeric Fields: Must be left-aligned and padded on the right with spaces. For example, a length 16 company name field with MYCOMPANY should be represented as MYCOMPANY .
Blocking Factor: This is a historical specification. ACH files are organized into "blocks," each containing 10 records. If the total number of records in a file is not a multiple of 10, the file must be padded with several lines of pure 9s (94 nines) at the end until the total number of lines is divisible by 10.

3.2 Detailed Record Types#

ACH files consist of five required record types and one optional record type. The following table provides a detailed analysis of these records and their key fields, serving as a core reference for any developer needing to generate NACHA files.

94 ASCII Character Width ACH File
File Header Record
Batch Header Record
PPD Entry Detail Record
PPD Entry Detail Record
Batch Control Record
Batch Header Record
PPD Entry Detail Record
Batch Control Record
File Control Record

File Header Record - Record Type '1'

Purpose: As the first record of the file, it provides metadata about the entire file, identifying its source and destination.

Field Name	Position	Length	Description and Key Information
Record Type Code	1	1	Fixed as `1`.
Priority Code	2-3	2	Priority code, usually `01`.
Immediate Destination	4-13	10	Routing number of the ODFI. Preceded by a space, total of 10 digits.
Immediate Origin	14-23	10	Identifier of the originator, usually the company ID or tax number assigned to the originator by the ODFI.
File Creation Date	24-29	6	File creation date, format `YYMMDD`.
File Creation Time	30-33	4	File creation time, format `HHMM` (24-hour format).
File ID Modifier	34	1	File ID modifier. Used to distinguish multiple files created on the same day, from `A` to `Z`, then from `0` to `9`.
Record Size	35-37	3	Record size, fixed as `094`.
Blocking Factor	38-39	2	Blocking factor, fixed as `10`.
Format Code	40	1	Format code, fixed as `1`.
Immediate Destination Name	41-63	23	Name of the ODFI.
Immediate Origin Name	64-86	23	Name of the originator.
Reference Code	87-94	8	Reference code, optional field for internal use by the originator.

Company/Batch Header Record - Record Type '5'

Purpose: Marks the beginning of a new batch, defining common attributes for all entries within that batch.

Field Name	Position	Length	Description and Key Information
Record Type Code	1	1	Fixed as `5`.
Service Class Code	2-4	3	Service class code: `200` (mixed debit and credit), `220` (credit only), `225` (debit only).
Company Name	5-20	16	Name of the originating company (up to 16 characters).
Company Discretionary Data	21-40	20	Company custom data, optional, for internal use by the originator.
Company ID	41-50	10	Company ID, usually the originator's tax number (EIN) prefixed with `1`.
Standard Entry Class (SEC) Code	51-53	3	Standard classification code (e.g., PPD, CCD, WEB). This field is crucial as it determines the transaction type and applicable rules.
Company Entry Description	54-63	10	Company entry description, the text that will appear on the receiver's bank statement (e.g., `PAYROLL`).
Company Descriptive Date	64-69	6	Company descriptive date, optional, format `YYMMDD`.
Effective Entry Date	70-75	6	Effective date, format `YYMMDD`. The date the originator wishes the transaction to settle. Setting it to today requests same-day ACH.
Settlement Date	76-78	3	Settlement date, filled in by the ACH operator, left blank by the originator.
Originator Status Code	79	1	Originator status code, usually `1`.
Originating DFI ID	80-87	8	Routing number of the ODFI (first 8 digits).
Batch Number	88-94	7	Batch number, sequentially assigned by the originator.

Entry Detail Record - Record Type '6'

Purpose: The core of the file, representing a specific transaction. Each payment corresponds to one entry detail record.

Field Name	Position	Length	Description and Key Information
Record Type Code	1	1	Fixed as `6`.
Transaction Code	2-3	2	Transaction code. Defines the account type and transaction direction, such as `22` (checking account credit), `27` (checking account debit), `32` (savings account credit), `37` (savings account debit).
Receiving DFI Identification	4-11	8	Receiving DFI identification, i.e., the RDFI's routing number (first 8 digits).
Check Digit	12	1	The 9th digit check digit of the routing number.
DFI Account Number	13-29	17	Receiver's bank account number.
Amount	30-39	10	Amount, in cents. For example, $123.45 is represented as `0000012345`.
Individual Identification Number	40-54	15	Individual identification number, optional, defined by the originator.
Individual Name	55-76	22	Receiver's name or company name.
Discretionary Data	77-78	2	Optional data.
Addenda Record Indicator	79	1	Addenda record indicator. `1` indicates this entry is followed by an addenda record, `0` indicates none.
Trace Number	80-94	15	Trace number. Composed of the ODFI's routing number (first 8 digits) and a unique sequence number assigned by the originator (last 7 digits). This number is crucial for tracking and processing returns.

Entry Detail Addenda Record - Record Type '7' (Optional)

Purpose: Provides supplementary information for the immediately preceding entry detail record. In business-to-business (B2B) payments (such as CTX type transactions), it is widely used to transmit remittance information, such as invoice numbers, amounts, etc. An entry can be followed by up to 9,999 addenda records.

Company/Batch Control Record - Record Type '8'

Purpose: Acts as the "footer" of the batch, containing checksums to ensure the integrity and accuracy of batch data.

Field Name	Position	Length	Description and Key Information
Record Type Code	1	1	Fixed as `8`.
Service Class Code	2-4	3	Must match the code in the batch header record.
Entry/Addenda Count	5-10	6	Total number of type `6` and `7` records in the batch.
Entry Hash	11-20	10	Entry hash value. The sum of the RDFI routing numbers (first 8 digits) of all entry detail records in the batch. A simple checksum.
Total Debit Entry Dollar Amount	21-32	12	Total amount of all debit transactions in the batch (in cents).
Total Credit Entry Dollar Amount	33-44	12	Total amount of all credit transactions in the batch (in cents).
Company ID	45-54	10	Must match the company ID in the batch header record.
Message Authentication Code	55-73	19	Message authentication code, usually left blank.
Reserved	74-79	6	Reserved field, left blank.
Originating DFI ID	80-87	8	Must match the ODFI ID in the batch header record.
Batch Number	88-94	7	Must match the batch number in the batch header record.

File Control Record - Record Type '9'

Purpose: The last record of the file, containing checksums for the entire file content.

Field Name	Position	Length	Description and Key Information
Record Type Code	1	1	Fixed as `9`.
Batch Count	2-7	6	Total number of batches in the file (i.e., number of type `5` records).
Block Count	8-13	6	Total number of blocks in the file (total number of records divided by 10, rounded up).
Entry/Addenda Count	14-21	8	Total number of all entry and addenda records in the file.
Entry Hash	22-31	10	The sum of the Entry Hashes of all batches in the file.
Total Debit Amount	32-43	12	Total amount of all debit transactions in the file.
Total Credit Amount	44-55	12	Total amount of all credit transactions in the file.
Reserved	56-94	39	Reserved field, left blank.

Chapter 4: Classification and Authorization: Standard Entry Class (SEC) Codes#

In the world of ACH, not all transactions are created equal. The Standard Entry Class (SEC) code is a three-letter code that precisely defines the "lineage" of a transaction and the "laws" it must follow. For originators, selecting the correct SEC code is one of their core responsibilities, as it directly determines authorization requirements, applicable rules, and most importantly—the risk exposure.

4.1 Uses and Importance of SEC Codes#

SEC codes must be specified in the header record of each batch. Their primary function is to inform the RDFI how the receiver authorized the transaction. For example, was it authorized via the internet (WEB), by phone (TEL), or through an agreement between businesses (CCD)?

This choice is not merely a technical detail; it has far-reaching business and legal implications. Different SEC codes correspond to different provisions in Nacha rules, especially regarding the refund time limits for unauthorized transactions. Incorrectly using an SEC code, such as marking a business-to-business transaction as a consumer transaction, could expose the originator to significant risks that they should not bear.

This mechanism can be viewed as a built-in risk management switch. For example, Nacha rules provide strong protections for consumers, allowing them 60 days to dispute unauthorized debit transactions (using PPD or WEB codes). However, for business-to-business transactions (using CCD codes), this window is significantly shortened to 2 business days. This difference reflects the varying levels of information symmetry and business practices in the two scenarios. If an originator incorrectly uses the PPD code when collecting from another business, they inadvertently grant their business counterpart consumer rights, extending their risk exposure period from a mere two days to two months. Therefore, any well-designed ACH payment system must enforce the correct SEC code selection based on the nature of the counterparty (consumer or business) and the method of authorization, rather than treating it as an optional field.

4.2 Common SEC Codes Explained#

While Nacha defines multiple SEC codes, in practice, the vast majority of transactions concentrate on a few core codes. The following table summarizes the most common SEC codes and their key attributes, serving as important decision-making criteria when designing payment processes.

SEC Code	Full English Name	Primary Use	Account Type	Authorization Requirement	Unauthorized Refund Window
PPD	Prearranged Payment and Deposit	Prearranged payments or deposits initiated to consumer accounts. For example: payroll disbursements, recurring bill payments.	Consumer	Written or "similar certification" authorization.	60 calendar days
CCD	Corporate Credit or Debit	Fund transfers between business accounts. For example: B2B payments, internal fund consolidation.	Non-consumer	A trading partner agreement must exist between the originator and receiver.	2 banking business days
WEB	Internet-Initiated/Mobile Entry	Debit transactions initiated to consumer accounts via the internet or mobile devices. For example: online shopping payments, online bill payments.	Consumer	Must verify identity electronically and obtain authorization.	60 calendar days
TEL	Telephone-Initiated Entry	Debit transactions initiated to consumer accounts via oral authorization over the phone.	Consumer	Must have a recording of the authorization call or a written confirmation sent afterward.	60 calendar days
ARC	Accounts Receivable Entry	Converts consumer checks received by mail or drop box into a one-time ACH debit.	Consumer	Must have previously informed the check issuer that their check may be converted.	60 calendar days

PPD (Prearranged Payment and Deposit): This is one of the most traditional SEC codes, applicable in scenarios where there is a long-term, stable payment relationship between the originator and the consumer. Its core is based on a pre-existing authorization document that is either signed by the consumer or certified through other reliable means.
CCD (Corporate Credit or Debit): This is the dedicated code for B2B transactions. It assumes that both parties to the transaction are business entities and have reached a business agreement on ACH payment terms (Trading Partner Agreement). This business-to-business context is the fundamental reason for its much shorter refund window compared to consumer transactions.
WEB (Internet-Initiated/Mobile Entry): With the rise of e-commerce, the WEB code has become one of the most common SEC codes. It is specifically used for processing debit transactions authorized by consumers on websites or mobile applications. Nacha has additional security requirements for WEB transactions, mandating that originators implement "commercially reasonable" fraud detection systems and verify user identities.
TEL (Telephone-Initiated Entry): This code applies to sales or collections completed over the phone. Since the authorization is not in written form, Nacha rules require that the originator must record the authorization call or send a written confirmation to the consumer before the transaction occurs.
ARC (Accounts Receivable Entry): This code provides an efficient way to handle accounts receivable, allowing the payee to directly convert received paper checks (non-business checks) into an ACH debit in the background without having to deposit the checks into the bank. The prerequisite is that the payer must have been clearly informed of this possibility.

Chapter 5: Exception Handling: Returns and Notifications of Change#

A robust payment system must not only handle successful transactions but also gracefully address various exceptions. In the ACH network, exception handling is primarily achieved through two mechanisms: Returns and Notifications of Change (NOC).

5.1 ACH Returns Process#

When an ACH transaction cannot be completed for some reason, a return is generated. An ACH return is itself an ACH transaction created by the RDFI (in rare cases by the ODFI or ACH operator) with the purpose of returning the funds of the original transaction.

The lifecycle of a return is as follows:

Trigger: The RDFI receives an ACH entry that cannot be processed (for example, the target account is closed), or its customer (the receiver) notifies the bank that a transaction was unauthorized.
Creation and Sending: The RDFI selects a standard return reason code based on the specific reason for the failure and creates a return entry. This return must be sent to the ACH operator within the timeframe specified by Nacha rules for that code.
Routing: The ACH operator routes this return entry back to the original ODFI.
Notification and Accounting: Upon receiving the return notification, the ODFI will deduct the corresponding funds from the originator's account and provide the details of the return (including the reason code) to the originator.

5.2 Common Return Reason Codes#

Each return is accompanied by a two-digit code starting with 'R' to explain the reason for the return. Understanding these codes is crucial for originators to diagnose issues, contact customers, and take appropriate actions.

R-Code	Description	Return Time Limit	Common Handling Instructions
R01	Insufficient Funds	2 banking business days	The account balance is insufficient to cover the debit. The originator may retry up to two times within 30 days.
R02	Account Closed	2 banking business days	The account has been permanently closed. Do not retry; contact the customer for new payment information.
R03	No Account/Unable to Locate Account	2 banking business days	The account number does not match the name, or the account does not exist. Verify information with the customer.
R04	Invalid Account Number Structure	2 banking business days	The account number format is incorrect. Obtain the correct account number from the customer.
R07	Authorization Revoked by Customer	60 calendar days	The consumer notified the originator to stop payment, but the originator still initiated the transaction. The customer must provide a written statement to their bank. Do not retry.
R08	Payment Stopped	2 banking business days	The receiver has set a stop payment order with their bank for this transaction. Contact the customer to resolve the issue.
R09	Uncollected Funds	2 banking business days	The account has sufficient ledger balance, but the available balance is insufficient (e.g., a deposited check has not cleared). Retry according to R01 rules.
R10	Customer Advises Not Authorized	60 calendar days	The consumer claims they never authorized this transaction. This is the most common dispute code. The customer must provide a written statement to their bank. Do not retry.
R11	Check Truncation Entry Return	60 calendar days	Unauthorized returns for specific SEC codes (e.g., ARC, BOC, POP) or transactions where the amount, date, and authorization do not match.
R16	Account Frozen	2 banking business days	The account is frozen due to legal action or internal bank reasons.
R29	Corporate Customer Advises Not Authorized	2 banking business days	This is the business version of R10. Applicable to CCD and CTX transactions.

5.3 Notifications of Change (NOC)#

A Notification of Change (NOC) is a non-monetary ACH transaction, an active error-correction mechanism built into the ACH network. When the RDFI receives a transaction and finds that certain information (such as account number, transaction code) is not entirely correct but can still successfully process the transaction, it will send an NOC to the ODFI.

Purpose: The purpose of an NOC is to inform the originator to correct its records to ensure future transactions can proceed smoothly. For example, a customer's account changes from a checking account to a savings account, or a bank system upgrade causes minor changes to the account number. The original payment transaction will settle normally.
Processing: According to Nacha rules, the originator is obligated to update its records in its system within 6 banking business days of receiving the NOC, or before initiating the next transaction to that receiver (whichever is later).

C-Code	Description	Required Action
C01	Incorrect DFI Account Number	Update the receiver's bank account number.
C02	Incorrect Routing Number	Update the receiver's bank routing number.
C03	Incorrect Routing Number and DFI Account Number	Update both routing number and account number.
C05	Incorrect Transaction Code	Update the transaction code (e.g., from checking account `27` to savings account `37`).
C06	Incorrect DFI Account Number and Transaction Code	Update both account number and transaction code.
C07	Incorrect Routing Number, DFI Account Number, and Transaction Code	Update routing number, account number, and transaction code.
C09	Incorrect Individual ID Number	Update the receiver ID in the originator's system.

Chapter 6: Risk Management and Compliance#

Using the ACH network is not just about technical integration; it is a serious business activity that requires strict risk management and compliance practices. Nacha and ODFI set clear expectations and requirements for all network participants, especially originators.

6.1 Core Risk Areas#

Businesses participating in ACH transactions face four main risks:

Credit Risk: This manifests in two ways. One is the ODFI's credit risk regarding the originator, i.e., the risk that the ODFI advances funds to the originator before receiving final settlement. The second is the originator's credit risk, which occurs when ACH debit payments received after goods or services are provided are returned.
Operational Risk: Refers to losses due to inadequate internal processes, human errors, or system failures. For example, generating incorrectly formatted ACH files, failing to timely process NOCs leading to subsequent transaction failures, or mishandling returns.
Fraud Risk: Malicious actions from both internal and external sources. The most typical is unauthorized debit transactions, which involve illegally withdrawing funds from others' accounts. Additionally, credit-push fraud is also an increasingly severe challenge.
Compliance Risk: Refers to the risk of facing fines, liability for damages, or even suspension or termination of network access due to failure to comply with Nacha operating rules.

6.2 Nacha Compliance Requirements#

To manage these risks, Nacha has established a series of core requirements that all originators must adhere to:

Authorization Management: Originators must obtain valid authorization from the receiver for each transaction and must retain proof of authorization for two years from the termination of the authorization. This is the cornerstone of ACH compliance.
Data Security: All sensitive financial data (such as bank account numbers, routing numbers) must be protected during transmission and storage. It is strictly prohibited to transmit this information via unencrypted means (such as regular email).
Identity Verification and Fraud Detection: Originators must employ "commercially reasonable" methods to verify customer identities and detect fraudulent transactions. Specific measures can include micro-deposit verification, using third-party identity verification services, or monitoring for unusual transaction patterns. Nacha rules are also continuously updated to require financial institutions to enhance monitoring for credit-push fraud.
Return Rate Threshold Monitoring: Nacha places great importance on monitoring return rates and considers them a key indicator of the operational quality and risk level of the originator. Originators must keep their various return rates below specified thresholds; otherwise, they will face scrutiny from ODFIs and Nacha.
Overall Debit Return Rate: Must be below 15%.
Administrative Return Rate: For returns related to R02, R03, R04, must be below 3%.
Unauthorized Return Rate: For returns related to R05, R07, R10, R11, R29, must be below 0.5%.

These thresholds are not arbitrarily set. A high administrative return rate (above 3%) typically indicates poor data quality control or operational issues on the part of the originator (e.g., failure to timely update information based on NOCs). A high unauthorized return rate (above 0.5%) is a strong warning sign, potentially indicating fraudulent activity or poor authorization practices. Therefore, for businesses and developers building ACH systems, establishing a dashboard capable of real-time monitoring and reporting of these key return rates is not an optional feature but a core compliance and risk control module.