This article provides guidelines for processing ACH transactions in Enhanced PCI Compliance Mode. It describes the various settings that impact this functionality, how the settings interact, and how they should and should not be used.
- Section 2 provides a quick summary of ACH transaction processing in the IDI platform.
- Section 3 describes how to set up the system to allow processing of E-Pay ACH transactions directly through the carrier’s banking institution rather than going through the PCI-complaint payment gateway.
- Section 4 describes how to block the sending of E-Pay ACH transactions to the PCI-compliant payment gateway.
- Section 5 provides a configuration matrix to help users configure their system to process E-Pay ACH transactions to meet their specific needs.
ACH Transaction Processing in the IDI Platform
The Authorized Clearinghouse (ACH) Network is a nationwide payments system used by financial institutions, businesses, and consumers to move funds electronically. Rules and standards governing the network are developed and administered by NACHA (previously the National Automated Clearing House Association). ACH transactions in CostGuard refer to E-check transactions and are processed in one of the following ways.
RECURRING E-PAY PAYMENTS
Processing recurring payments is a two-step process. First the recurring transactions must be created in the IDI database. For versions 9.07 and higher, the customer is responsible for creating the recurring transactions using a menu option in Accounts Receivable Management called E-Pay Transaction Export. For earlier versions, this step is completed by the IDI Billing team.
The next step is to send the transactions either to the PCI-compliant payment gateway or some other destination for processing.
If the transactions are to be processed via the PCI-compliant payment gateway, there are no further manual procedures. The transactions will be picked up by the PCI Payment Gateway Transaction Processing scheduled job. These transactions use tokens in place of actual bank account information.
If the transactions are to be processed by the customer’s bank, the customer must create an ACH export file using a menu option in Accounts Receivable Management called Transaction Export Search. This file includes actual bank account numbers, and this method requires the account numbers to be available in the CostGuard database. Once this file is created, the customer is responsible for transmitting it to their bank by some means outside the IDI platform.
Note: Customers that use the Transaction Export Search to create an ACH export file for transmission to a banking institution should be made aware of the following potential race condition. Once the transactions are created in the database via E-Pay Transaction Export, if the PCI Payment Gateway Transaction Processing scheduled job runs before the file is created, the transactions will be sent to the PCI-compliant payment gateway and will not be available for the Transaction Export Search.
ONE-TIME E-PAY PAYMENTS
On a per-transaction basis, one-time E-Pay payments can be marked to be processed immediately as shown below. For example, a subscriber may request to process a payment immediately to avoid a late charge. In this case the transaction is sent directly to the PCI-compliant payment gateway and does not wait for the nightly job.
Transactions that are not processed immediately can either be put into the ACH file using the Transaction Export Search, or be picked up by the PCI Payment Gateway Transaction Processing scheduled job.
MAKE SALE AND TENDER BILL PAYMENTS
E-check transactions in Make Sale and tender bill payments via POS or Customer Management are always processed immediately via the PCI-compliant payment gateway.
ACH File Export in Enhanced PCI Compliance Mode
PCI compliance capability was added to the IDI platform via FR 1644. Compliance is mandatory for credit card transactions. While there are currently no similar regulations for ACH, the ability to perform tokenized ACH transactions was built into the IDI platform anticipating that NACHA may someday follow suit with the credit card industry and impose strict regulations for handling/storing bank account information.
With FR 1644 the option to Allow ACH Export is available to support users that want to continue to send E-Pay ACH transactions directly to their banking institutions rather than the PCI-compliant gateway. One reason users may choose this option is that banks tend to process transactions more quickly so that users receive funds from these transactions sooner.
When this check box is unchecked (default setting), the IDI platform will not store bank account information needed for processing by a banking institution. Consequently, all ACH transactions must go through the PCI-compliant payment gateway.
When the check box is checked, the system stores the bank account information to support creation of the ACH export file via Accounts Receivable Management >Transaction Export Search.
Whether users intend to use the ACH export or not, the process of setting up recurring billing generates a payment token, so the ability to make ACH payments via the PCI-compliant gateway is still available.
Notes:
- If Allow ACH Export is to be used, it must be selected at the time Enhanced PCI mode is enabled. Once Enhanced PCI mode is operational the option to turn on ACH exports will no longer be available. This limitation is required to maintain the integrity of the PCI-compliant environment. Also, once enabled, Allow ACH Export cannot be disabled by the customer.
- If the system is set up to allow ACH export and also allow sending E-Pay ACH transactions to the PCI-compliant gateway (see Section 4 – Bypass E-Check Transaction Processing), the ACH file export is in a race condition with the PCI Payment Gateway Transaction Processing scheduled job. If the ACH file is not generated before the job runs, the ACH transactions will be picked up by the job and sent to the PCI-compliant gateway.
Bypass E-Check Transaction Processing
PRs 71018 (for Authorize.Net) and 76177 (for all payment gateways), added the Bypass E-Check Transaction Processing check box to the E-Pay Business Rules form. Checking this check box prevents all recurring and one-time E-Pay ACH transactions from being sent to the PCI-compliant payment gateway.
Note: This setting does not affect E-Check transactions in POS Make Sale, nor does it affect tender bill payments through POS and Customer Management. These transactions are always sent to the PCIcompliant payment gateway when operating in Enhanced PCI Compliance Mode.
Caution: The system should not be configured to bypass e-check processing and not allow ACH export at the same time. This would prevent ACH transactions from being processed by either means.
BREAKING THE ACH EXPORT FUNCTIONALITY
When the PCI functionality was originally deployed, it was anticipated that users would process all E-Pay ACH transactions uniformly, i.e. either through the PCI-compliant payment gateway or by ACH file export. So, when the Bypass… checkbox was originally added to CostGuard, it was designed such that leaving the check box unchecked would cause the CostGuard system to not store bank account information. This setting negated the possibility of using the Allow ACH Export functionality. Even if the Allow ACH check box was checked, the bank account information needed to generate the ACH file was not available in the system.
This created a problem for users who wanted to employ a hybrid approach where, in general, ACH transactions would be exported via the ACH file; however, the option was available to process one-time transactions immediately via the PCI-compliant payment gateway. Not realizing the consequence of leaving the Bypass check box unchecked, by doing so users would break the Allow ACH Export functionality.
THE FIX
PR 79580 modifies the clear bank account logic in CostGuard to not consider the Bypass E-Check
Transaction Processing check box. Thus bank account numbers will only be cleared if the Allow ACH Export setting is unchecked. This lets users configure the system to allow the ACH File Export, and at the same time support immediate processing for one-time transactions via the PCI-compliant payment gateway.
System Setup
| ACH Processing Method | Check Box | Status |
| Process all E-Pay ACH transactions via PCI-compliant Gateway
Note: Once you enable the Enhanced PCI Compliance Mode and choose not to allow ACH export, neither setting can be reversed. If you anticipate that you may want to use the ACH file export in the future, the option must be selected when you enable the Enhanced PCI Compliance mode. |
Allow ACH Export | Unchecked |
| Bypass E-Check Transaction Processing | Unchecked | |
| Export ACH transactions for transmission to a banking institution and maintain option to process one-time E-Pay transactions immediately via the PCI-compliant Gateway
Notes:
|
Allow ACH Export | Checked |
| Bypass E-Check Transaction Processing | Unchecked | |
| Export all E-Pay ACH transactions with no option to process EPay ACH transactions via the PCI-compliant Gateway
|
Allow ACH Export | Checked |
| Bypass E-Check Transaction Processing | Checked | |
| DO NOT USE
ACH file export will not be supported, and at the same time ACH transactions cannot be sent to the PCI-compliant payment gateway. |
Allow ACH Export | Unchecked |
| Bypass E-Check Transaction Processing | Checked |
