Precautions to Implementing an ACH Payment System

If you are just starting as a collection agency, then you realize that you have a number of methods to collect payments. One of those methods is payments through Automated Clearing House (ACH) payments. ACH is a government-regulated electronic network through which financial institutions can transmit funds between each other. The process is similar to taking payments through credit cards, except that senders and receivers use bank routing codes instead of 16-digit credit card numbers.

The ability to collect ACH payments has several advantages to both collection agencies and the consumers who owe debt:

  • Collection agencies save both time and money by accepting ACH payments. Processing paper checks is a drain on resources as well as possible non-compliance.
  • Consumers benefit from the convenience of ACH payments. Payments are made online so there is no check-writing. In addition, regular automated transactions can be set up through ACH payments, so the consumer does not need to think about it anymore.

However, before you set up your system to accept ACH payments, there are certain precautions you must take to protect both your agency and the consumers.

Ensure PCI-Compliance for Financial Data Security

The most important component of ACH functionality is ensuring that it meets Payment Card Industry Data Security Standards (PCI-DSS) compliance. ACH transactions provide direct access to bank accounts so therefore PCI-compliance in financial information use and storage is critical. If you are wondering if your business must be PCI compliant, here is the answer: If your business makes just one financial transaction (such as taking a credit card for a payment), your business must be PCI compliant.

Financial Data Storage

Another critical consideration is how the business stores user financial data. Some agencies, when they are small, simply create their own internal database to store the consumer’s financial data. These homemade databases are relatively easy to break into by hackers and the data can be stolen. In addition, homemade databases are very rarely PCI compliant. Data storage is an important part of PCI certification. If your agency is using a homemade database, it is probably out of compliance.

Fraud detection and security

This is a part of “good customer service”. Even though electronic payments are convenient and have advantages for everyone, they have a weakness; they are the target of hackers. Cyber-thieves are always looking for ways to obtain consumers’ sensitive financial information. One of the methods to connect with the consumer and attempt to obtain their financial information through email scams known as “phishing”. These email messages are branded to look like official communications from your company, so the consumer may respond to them and give out their sensitive information, which the cyber thief then uses to steal money electronically.

Ultimately, it is the customer's responsibility to look out for email scams. But your company can build goodwill by educating the consumers about the most common phishing tactics and what to watch for. In addition, a good ACH system will have a fraud detection system that will set off alarms when the financial information is used for anything other than making payments.

In short, ACH payments have definite advantages, but they also have some precautions that you need to address before setting up the system. BillingTree’s payment processing system offers ACH systems that are easily integrated into your system and are PCI compliant. To learn more about how BillingTree can help you, contact BillingTree or call us at 877-424-5587.