US ACH debit/credit, returns

1) Basic ACH mechanics

Network: operator - Nacha, settlements through Federal Reserve/ENP.

• Originator (you/partner), ODFI (your bank/PSP), RDFI (customer bank), Receiver (customer).

• ACH Debit (pull) - debiting from the client's account (deposits).
• ACH Credit (push) - credited to the client's account (payment).
• Same Day ACH: 2-3 day windows; crediting on the day of sending when hitting deadlines (limits by amount/type).

2) SEC codes (purpose and risk profile)

WEB - consumer online debits: high risk of chargeback analogues → account verification is required.
PPD - consumer authorized debits/credits (lower risk, mandate).
TEL - telephone debits (medium risk, mandatory recording of consent).
CCD - B2B (corporate) credits/debits.
CIE - consumer → biller (credit).

3) Account verification and risk mitigation

Goal: to reduce admin and unauthorized returns.

Micro-deposits (1-2 trial credits, confirmation of amounts) - cheap, T + 1.
IAV (Instant Account Verification) via aggregators (Plaid/Finicity/Yodlee) - fast, more expensive.
Account/Routing validation + OFAC name screening.
Fraud signals: account age, name matchings (CoP analogue), negative base of devices/banks, velocity by account/device/IP.
Rules for WEB: mandatory verification of new accounts; NSF retreats - no more than 2 times.

4) Timing and clearing

Normal ACH: sending → clearing T + 1/T + 2.
Same Day ACH: entering the window → enrolling on the day of sending; higher network fees, limits on the amount.
Cut-off: depends on ODFI; Plan the scheduler with storage and weekends/holidays in mind.

5) Returns and key R codes

Returns are initiated by RDFI and sent to ODFI. Most - before the opening of the 2nd banking day after the settlement date; "unauthorized" for consumers - according to Reg E up to 60 days from the date of discharge (the client submits an application).

Retrays: according to R01 (NSF), up to 2 repeated debits are allowed; by R07/R10, retry is not allowed without new authorization.

• Unauthorized Return Rate (URR — R05/R07/R10/R11/R29/R51) ≤ 0. 5%.
• Administrative Return Rate (R02/R03/R04) ≤ 3%.
• Overall Return Rate ≤ 15%.

6) Changes of details: NOC (Notifications of Change)

RDFI sends NOC within 2 banking days.
Originator is obliged to make corrections within 6 banking days or until the next entry - otherwise the growth of admin returns and fines.

7) Regulation and compliance

Nacha Operating Rules - operational requirements, retro limits, ticket storage, logging.
Reg E (Electronic Fund Transfers Act) - consumer protection: 60-day window on disputes over unauthorized debits.
OFAC - sanctions lists (interdiction before sending).
KYC/KYB/AML - for receiving/payments; risk-based limits, velocity-constraints, rapid in-out monitoring.

8) Policies for iGaming (recommendations)

• Account verification (IAV or micro-deposits).
• Limits per-tx/per-day by risk segment; hold until the verification mandate/results are confirmed.
• Repeat over NSF ≤2 times, with backoff and notification.

• KYC/KYB + OFAC before dispatch.
• Whitelist props with TTL and reverification.
• Same Day for VIP/urgent; standard ACH - default.

• Device/IP/behavioral scoring; name/account mismatch → hold.
• Velocity by routing/account/device; negative lists.

9) Lager, reconsilation and investigations

Мэппинг: `payment_id / withdrawal_id ↔ trace_number / company_id / SEC / effective_entry_date`.
Statements - automatically parsing files from ODFI (NOC/Returns) → updating statuses.
T + 1 reconciliation: amounts, fees, returns, unmatched lines to the investigation queue.
Logs: store tickets/consent log (WEB/TEL), rule versions, access audits.

10) Metrics and OKR

Approval/Success Rate by Debit/Credit; Same Day share.
URR/Administrative/Overall Return Rate vs. Nacha Target Thresholds.
Time-to-Funds (in) / Time-to-Payout (out) p50/p95.
Proportion of NOCs and SLAs corrected (≤6 days).
Cost of approval (all-in), cost of manual case/return.

11) Anti-patterns

WEB-debit without account verification.

Ignoring NOC/untimely editing of details.
Lack of OFAC screening and mandate logs.
No idempotency/anti-takes → double entries.
One bank/one operator without degradation plan.

12) Implementation checklist (short)

• Contracts with ODFI/PSP: WEB-debit, CCD/PPD/CIE-credit, Same Day ACH.
• Account verification: IAV or micro-deposits, routing/account check.
• Retray policies: NSF ≤2, ban on unauthorized retrays.
• OFAC + KYC/KYB + RBA limits and velocity filters.
• Processing Returns/NOC: parsing files, SLA fixes ≤6 days.
• Lager, T + 1 reconsilation, trace/company/SEC mapping.
• Same Day routing by amount/segment and deadlines.
• Дашборды: URR/Admin/Overall, Time-to-Funds, NOC-rate, cost-per-approved.
• Support training: R-codes, Reg E scripts, notification templates.
• Incident playbooks: spike in returns, NOC storm, cut-off misses.

13) Summary

ACH is a powerful, cheap and scalable rail for the USA, if you follow the discipline: account verification for WEB-debit, strict work with R-codes/NOC, OFAC/KYC/KYB, reasonable limits and T + 1 reconstitution. Use Same Day ACH where speed is important and keep returns below Nacha thresholds - this way payment flows will be fast, compliant and cost effective.