Electronic Checking - SEC Code Documentation

ACH transaction types are easily identified by (SEC) or Standard Entry Class Code. Proper use of SEC codes is crucial in insuring that your company and the ODFI are in compliance with NACHA rules.
Each SEC code has different rules, authorization and/or disclosure requirements. As a merchant, it is up to you to determine and pass the correct SEC code.
You should select the SEC code that your ACH processor has approved you for and that matches the transaction type.

* NOTE: A SEC code of CCD will be passed in place of PPD, WEB, or TEL, if the check account holder or merchant indicates he is providing a business checking account. The proof of authorization required for a CCD code would need to be obtained and retained.

Below you will find a list of transaction types, (with referenced SEC code), that are supported.

PPD (Prearranged Payment and Deposit Entry)

This SEC Code is used for a credit or debit entry to effect a transfer to or from a consumers checking and savings accounts only.

Any transaction targeted at a receiver’s account using the PPD code must have a written, signed authorization.

The authorization must include the receiver’s name(s) the ABA (RTN) number, the account number, the date of the authorization, the date on or after which the transaction is to be made, and the amount of the transaction.

For recurring transactions, the authorization must include the frequency of the transaction (how often the transaction will be made), and how many transactions will be made. If the recurring transactions are for an indefinite period of time (like membership payments), the authorization may state that the transactions will occur until cancelled.

If the authorization is for recurring transactions, but each transaction will be for a different amount, the authorization must state a range of transaction amount that is authorized by the receiver. The authorization must include a revocation provision, and in all cases the Receiver must receive a copy of each authorization.

Authorizations must be maintained for a period of 2 years from the termination or revocation of the authorization.

  • Direct Debit - Your company (Originator) may debit the account of your customer (Receiver) for goods or services as they become due, provided you have obtained written authorization from your customer.

  • Direct Deposit - Your company (Originator) may credit the account of your employees or customers (Receiver) for payroll, interest, dividends or pensions. Although written authorization is not required, it is recommended as a method of obtaining valid routing and account numbers.

  • This type of transaction can only be submitted to Consumer accounts.

CCD (Cash Concentration and Disbursement)

This SEC Code is used for business accounts only. It must be passed when In the case of CCD entries, the receiver has an agreement with the originator under which the receiver has agreed to be bound by the rules as in effect from time to time.

The authorization must include the receiver’s name(s) the ABA (RTN) number, the account number, the date of the authorization, the date on or after which the transaction is to be made, and the amount of the transaction. CCD authorization must also include the provision that the Receiver agrees to be bound by the Rules of the National Automated Clearing House Association (NACHA).

For recurring transactions, the authorization must include the frequency of the transaction (how often the transaction will be made), and how many transactions will be made. If the recurring transactions are for an indefinite period of time (like regular invoice payments), the authorization may state that the transactions will occur until cancelled.

If the authorization is for recurring transactions, but each transaction will be for a different amount, the authorization must state a range of transaction amount that is authorized by the receiver. The authorization must include a revocation provision.

  • Your company (Originator) can collect, distribute or consolidate funds between corporate entities provided that you have obtained written authorization or have an agreement in place with the corporate entity.

  • This type of transaction can only be submitted to Corporate accounts.

WEB (Internet-Initiated Entries)

This SEC Code applies only to transactions that are 100% web-based and have no human interaction as part of the transaction.

The Authorization requirements include that the transaction must include a digital signature, or must be ‘similarly authenticated’ by means of a PIN or other unique identifier.

If a copy of the authorization is requested, this means the originator must be able to produce data that shows that the receiver did authorize the transaction(s).

Such authorization must be provided to the RDFI within ten (10) days of the date of the original request. WEB transactions may be single transactions or recurring. Authorizations must be retrievable for a period of two (2) years from the termination or revocation of the authorization.

All WEB transactions include the security requirement that transaction communication must occur over an encrypted connection (minimum 128 bit SSL). If, as an Originator of WEB transactions, your company captures any consumer financial information, you must complete an annual security audit to insure that such information is secure and protected at all times.

This includes physical security, personnel and access control, and network security. Credit Entries are not allowed using the WEB SEC Code.

The WEB SEC code cannot be used to initiate credit entries except for reversals of WEB debit entries.

  • Your company (Originator) can accept payments, both single or recurring, over the Internet from your customers (Receiver) using their savings or checking account information provided that you;

  • Obtain electronic authorization by posting of appropriate disclosure on the site.

    • Have incorporated commercially reasonable authentication and verification methods.

    • Are providing a secure session for the transaction.

TEL (Telephone Initiated Entries)

This SEC Code is used when receiving authorization to debit an account over the telephone and has very strict requirements.

Telephone initiated entries can only be made when the call was an inbound call from the consumer unless there is a pre-existing relationship between the consumer and the company in which there has been a purchase from the company, by the consumer during the previous two years.

For further definition, a pre-existing relationship means DIRECTLY with the company under its current business name, not from a different company that is now in a joint venture or merged with the current company, or any other such relationship.

All TEL transactions require a recorded voice authorization of the transaction which contains the following:

  1. The date on or after which the debit to the consumer account will occur.

  2. The amount of the transaction.

  3. The consumer’s name.

  4. A telephone number or the consumer for inquiries that are answered during normal business hours.

  5. The date of the consumer’s oral authorization.

  6. A statement by the merchant that authorization obtained from the consumer is for a single entry debit.

Authorizations must be maintained and easily retrieved for two (2) years.

Credit Entries are not allowed using the TEL SEC Code.

  • Your company (Originator) can accept payments over the phone from your customers (Receiver) using their savings or checking account information when there is either:

  • An existing relationship between your company (Originator) and your customer (Receiver)

  • No existing relationship between the Originator and Receiver, but the Receiver has initiated the telephone call.

  • Oral authorization is obtained via recording or notice is sent prior to debit entry posting to customers account.

  • TEL entries are for one-time payments, recurring payments authorized in this manner are not permitted.