Skip to main content

Supplemental NACHA WEB Debit Mandate

Zuora

Supplemental NACHA WEB Debit Mandate

What does the new NACHA mandate encompass?

NACHA, the National Automated Clearing House Association, has implemented a new rule to combat fraudulent ACH transactions in response to a rise in fraudulent activity in recent years. 

This new WEB Debit Account Validation Rule requires that WEB Debit Originators or Third Party Services must provide a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud.

NACHA has defined commercially reasonable as being neutral in meaning but suggests one of the following four solutions:

  • Prenotification Entry
  • ACH micro-transaction verification
  • Use of a commercially available validation service provided by either an ODFI or a third-party (ex. Plaid or Yodlee)
  • Use of account validation capabilities or services enabled by APIs

The rule takes effect on March 19, 2021.

What happens in the event of non-compliance? 

In the case that fraudulent ACH activity is observed, NACHA will use this as a point to investigate.

Who is impacted by this mandate? 

WEB Debit Originators, Third-Party Originators, and all of Zuora’s new customers processing ACH payments are responsible for making changes to verify ACH account information. 

All existing ACH payment methods within Zuora are not subject to this additional validation as successful transactions with an ACH account are deemed as commercially reasonable methods of validation.

How is Zuora addressing this?

As was noted above, NACHA has not clearly defined what it means to have a “commercially reasonable fraudulent transaction detection system" because the concept of commercial reasonableness is dependent on the particular situation of each customer. However, NACHA has provided examples of what it believes to be sufficient. 

Where possible, our intent is to grant our customers the ability to own their customer experience. This rule is no different and so we are committed to providing you with the flexibility to choose the experience that best works for you. You can choose to use existing gateways’ native verification engines if your gateway supports, your own verification service if you have built one, or any third party service you want to choose.

Customers choosing not to use Zuora’s Hosted Payment Pages or Direct POST, and instead use our APIs will be responsible for managing the verification. In this instance, please contact your gateway representative for more details on whether you are covered.

What updates are required from me?

All of our partners have their own solutions for handling the ACH verification with you, either in a completely transparent manner or through the addition of a validation service. We encourage you to contact your relationship manager for these gateway solutions to better understand what they can and cannot do to support you.

Which payment gateways support ACH verification?

Our gateway partners that have native ACH verification support should be contacted for more information on what needs to be done.

Payment gateway Payment gateway integration in Zuora Native ACH verification? Action Required?
Adyen Adyen Integration v2.0 check.png TBD
Adyen cross.png Migrate to Adyen Integration v2.0
Authorize.net Authorize.net check.png No
BlueSnap BlueSnap, Payment API v2.0 check.png No
CardConnect CardConnect check.png TBD
Checkout.com checkout.com check.png Yes
Citi CitiConnect TBD TBD
CyberSource CyberSource, Payment API v2.0 check.png No
CyberSource Enterprise Gateway, API v1.97 check.png No
CyberSource Enterprise Gateway, API v1.28 check.png No
GoCardless GoCardless check.png Yes
JPMorgan Chase Paymentech Orbital Chase Paymentech Orbital Gateway check.png TBD
Chase Paymentech Orbital Gateway, API v7.0.1 check.png TBD
Merchant eSolutions Merchant eSolutions TBD TBD
NMI NMI check.png No
Stripe Stripe v2 check.png Yes
Stripe v1 cross.png Migrate to Stripe v2
Worldpay WorldPay 1.4 check.png No
Access WorldPay (Note: this gateway will be available soon) check.png No 
Vantiv (Litle) cross.png Migrate to Access Worldpay
WorldPay (Corporate Gateway) cross.png Migrate to Access Worldpay