ACH Security Guidelines - Are You Ready?

Last June, the first phase of new security requirements went into effect for certain ACH payments. Now the second phase is expected this coming June 30, according to the National Automated Clearing House Association (Nacha) which manages the development, administration and governance of the ACH Network.


If you are a Fidesic AP user, rest assured, you are already compliant with the new rules when using our solution. If you are a Microsoft Dynamics GP user or service provider, it’s important to note that GP does not meet these requirements natively. Here’s what you need to know… 

New ACH Security Guidelines 

In a nutshell, the new guidelines require Encryption at Rest to make recipient bank account numbers invisible to human eyes for all ACH payments. Get the details from Nacha here.  


Phase 1: This applied to ACH originators and 3rd parties making more than 6 million ACH payments annually. Phase 1 became effective on June 30, 2021 

Phase 2: This will apply to ACH originators and 3rd parties making more than 2 million ACH payments annually. Phase 2 goes into effect on June 30, 2022. 

Like we said, Dynamics GP does not meet the Encryption at Rest requirement natively, but that doesn't mean it can't be done. Fidesic AP makes it easy to stay compliant with the latest rules and guidelines in accounts payable. If you are running payroll or you make ACH payments through any Dynamics GP module or integration, you may also want to verify this data is encrypted as well.

Further Reading: Are ACH Payments Safe? How to make ACH Safe 

What is ACH? 

ACH is the primary transfer method used for payroll direct deposit, but many businesses use it to pay their vendors as well. 

“More than 29 billion ACH Network payments were made in 2021, valued at close to $73 trillion,” according to Nacha. 

ACH stands for automated clearinghouse and it's a method of electronically transferring funds from one bank account to another. An automated clearing house is a financial institution used to transfer funds from one account to another by using the clearinghouse as an intermediary. The ACH network then approves the transaction and sends the funds to the receiving account. 

Related: How does Direct ACH Transmission Work? 

What is Encrypted at Rest 

“Data at Rest” is just what it sounds like--data that is not in a state of transit, i.e. data that is not being transferred over the internet. This basically refers to all the natively-stored data on your server, desktop, mobile or other hard disk. “Encrypted at Rest” simply refers to any method used to encrypt any of that at-rest data. The best way to think about Encrypted at Rest is to compare it to storing your data in a bank vault, vs Encrypted in Transit which would be more like moving data with an armored truck service. 

Related: ACH vs. Wire Transfer & When to Use Them 


Are you a Microsoft Dynamics GP user or partner? 

Fidesic AP is the best way to manage your entire GP vendor payment process. Pay vendors from multiple-bank accounts by ACH, EFT and paper check through a single, easy-to-use, workflow. Learn more about Vendor Payment Automation for GP.


Back to Blog