Micro-entries: Preparing your financial institution for the updated NACHA rules
By George Thomas
The National Automated Clearing House Association (NACHA) has updated their rules for how organizations should process micro-entries, with a focus on security and fraud detection.
Micro-entries remain one of the most used and low-cost options to validate accounts. And the regulations and formatting requirements by NACHA have made micro-entries a more secure method of micro deposit verification.
Here’s what your financial institution needs to know about these important updates to the NACHA rules:
What is a micro-entry?
According to NACHA, a micro-entry is a credit or debit entry used by an originator for the purpose of verifying a receiver’s account or for verifying an individual’s access to an account. They are often referred to as test transactions or test deposits.
Financial institutions use micro-entries for things like account opening and general account verifications. They can also be used before initiating a payroll credit to validate details such as account numbers, the account holder’s name and the receiving bank’s name.
Each credit micro-entry must be in an amount less than $1. And an originator may originate one or more micro-entries to a receiver’s account prior to initiating future credit or debit entries to the receiver’s account.
Like other automated clearing house (ACH) entries, micro-entries may be returned for any valid reason. Originating depository financial institutions (ODFIs) will then need to forward returned micro-entries to the originator for action.
NACHA micro-entries rule changes and effective dates
The new micro-entry rules become effective in two phases.
Effective September 16, 2022, an ODFI must:
- Define micro-entries within the NACHA operating rules.
- Standardize formatting elements for micro-entries.
- Establish other micro-entry origination requirements.
Effective March 17, 2023, they must:
- Apply risk management requirements to the origination of micro entries.
ODFIs should consider whether updates made to their ACH origination agreements appropriately address these new obligations.
Originators and ODFIs may need to institute changes to their current system and practices to comply with both phases. Some possible changes include developing an implementation plan; updating policies, procedures and documentation; completing testing and training their staff on the changes.
Other potential impacts on ODFIs and originators
According to the rule, an ODFI or originator of micro-entries should implement commercially reasonable fraud detection practices, such as:
- Monitoring of forward and return micro-entry volumes
- Velocity checks
- Anomaly detection
- Knowing customer behavior
- Identifying normal activities
- Following internal guidelines and authorization requirements
The new rule does not impose a specific return threshold for micro-entries. Instead, it requires originators to understand and establish a baseline for normal forward and return volumes and to recognize and react to activity outside of those levels.
For example, an unusually high volume of micro-transactions or a micro-entry completed at an unusual time can indicate fraud. Those sorts of high-risk activities will need to be reviewed.
To that end, velocity monitoring — which works by recognizing the number of transactions and the number of times an account number is used in various formats, such as being padded with zeros or truncated — can be an important tool in an originator’s fraud monitoring efforts.
ODFIs that have originators that use micro-entries should educate them to ensure they are following the updated rule requirements. Unlike requirements for WEB debit account validation, the account number for a micro-entry does not need to be individually validated, and originators are not required to perform an entry-by-entry review.
ODFIs are also responsible to ensure they understand how third-party senders or service providers originate these entries on their behalf.
Vendor management practices will help ODFIs to reduce the risks when the third-party sender uses software to automate the process relating to these entries. They should ensure authorization requirements align with the nature and type of the request, be it by phone, in-person or online, and do not differ from the standard authorization rules.
Addressing the above will help the originator understand any red flags and implement adequate measures to reduce fraud risk and non-compliance.
How can Wipfli help:
Wipfli is here to assist your financial institution with the required changes. We apply our knowledge and experience in advising and evaluating your organization so that you can be confident in your NACHA compliance. Contact us today for more on how we can support you.
Sign up to receive more financial industry information or continue reading:
