ACH Best Practices

ACH allows a bank client to transfer funds electronically between financial institutions using the ACH network. Debits, credits and other transaction information can be passed through the network.  The items below are an attempt to provide our clients with the “Best Practices” for providing security and protecting funds and information.

  • Physical Location
    • ACH transactions should be initiated using a secure computer.
    • ACH-specific information, including account numbers, transaction totals, etc., should be kept in a locked drawer when not being used to create ACH transactions.
    • Computers used for processing ACH items should have password-protected login.
    • Passwords should be protected, not left on the desk or computer monitor.
  • Computer software maintenance
    • ACH user should strive to use updated operating systems.
    • ACH user should employ virus scan software and update regularly.
    • ACH user should employ the use of Firewall.
    • ACH user should have access to knowledgeable IT staff or use qualified IT vendor.
    • ACH user should limit browser use to specific, secure, known sites.
  • Password Security
    • Passwords should be unique and be changed regularly.
    • Login credentials and passwords should not be shared among employees.
    • Each user should have unique login credentials.
    • Passwords should contain both numbers and letters.
    • Client should notify bank immediately of designated user termination.
  • ACH Transaction Security
    • Account information should be verified prior to initiating ACH transactions.
    • Account information changes received via e-mail should be verbally confirmed by ACH user.
    • ACH user should establish alerts in Online Banking to notify them of any file changes and when file is originated.
    • The bank recommends the use of dual control for all ACH transactions.
    • ACH user should regularly review processed ACH files, account activity and bank statements for any unusual transactions.
    • ACH user should notify bank immediately if any suspicious activity is detected.
    • ACH user should obtain authorization for any ACH debit transactions.

It is recommended that all ACH users visit to obtain additional information on ACH transactions, requirements, processing and security.

For more information about wire transfers, please contact the Solutions Group at (205) 263-4700.