ACH

The ACH network is the backbone of recurring bank-account billing in the United States. Operators collecting subscription payments, insurance premiums, loan repayments, or B2B invoice settlements from US bank accounts route those transactions through ACH. Understanding the ODFI/RDFI structure, SEC code requirements, and return code framework is the operational baseline for a compliant ACH billing program.

ACH credit vs ACH debit

ACH credit (ACH push) originates with the payer: the payer instructs their bank to send funds to the payee. Payroll and supplier disbursements are common ACH credit use cases.

ACH debit (ACH pull) originates with the payee: the operator instructs their ODFI to pull from the payer’s bank account, which the RDFI then honors against a valid mandate. Direct debit billing uses ACH debit.

The ODFI is responsible to Nacha for all transactions it originates. This means ODFI compliance obligations flow through to operators: elevated return rates, improper authorization practices, and incorrect SEC code use are the operator’s problem even though the ODFI is the nominal originator.

Standard Entry Class (SEC) codes

SEC codes classify the authorization type and account type. Operators must use the correct SEC code for each transaction:

• PPD (Prearranged Payment and Deposit): Consumer accounts, recurring or one-time, with written or electronic authorization. The standard code for consumer subscription billing.
• CCD (Corporate Credit or Debit): Business accounts; requires a separate written authorization. Used for B2B recurring collections.
• WEB (Internet-Initiated/Mobile Entry): Consumer accounts with authorization captured over the internet or a mobile device. Requires additional account-verification procedures for first-use entries. WEB is the correct code when mandate setup happens through a web form or app.
• TEL (Telephone-Initiated): Consumer accounts with authorization obtained by telephone; requires specific notification language at the time of authorization.

Using an incorrect SEC code is a Nacha rule violation and can complicate returns and indemnity processes.

Settlement timing

Standard ACH processes through the Federal Reserve’s ACH network and The Clearing House in batch cycles, settling in one to three business days. Same Day ACH allows eligible debit entries — including PPD, CCD, and WEB — to settle on the same business day they are submitted, via three daily processing windows. The per-item cap is $1 million per Nacha rule. Same Day ACH carries a slightly higher per-transaction cost than standard ACH.

Return codes

When the RDFI cannot honor an ACH debit, it returns the transaction with a Nacha reason code. The codes most operationally significant for billing programs:

R07 (authorization revoked) and R10 (not authorized) must not be retried without new authorization from the receiver. Retrying after an authorization-related return is a Nacha rule violation and increases the unauthorized return rate.

Return rate thresholds

Nacha monitors return rates at the ODFI level. Two thresholds are operationally significant for billing programs:

• Overall debit return rate above 15% triggers Nacha compliance review
• Unauthorized debit return rate above 0.5% triggers Nacha compliance review

These thresholds apply to the ODFI’s portfolio, not individual operators — but operators with elevated rates expose their ODFI and therefore their processing relationship. Return rate monitoring should be a standard operational KPI for any ACH billing program.