Banking

Supplementing Fraud Detection Standards for WEB Debits

The National Automated Clearing House Association (NACHA) has issued a new Operating Rule which impacts all entities originating ACH Internet-initiated (WEB) Debits that will go into effect on March 19, 2021. Internet-initiated Entries (WEB) can be either a single entry or a recurring ACH debit that takes place when a consumer’s authorization for a transfer of funds is received via the Internet. 

Currently, ACH Originators of Internet-initiated (WEB) debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. Under the new Rule, the existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.

ACH Originators of Internet-initiated (WEB) debits should review the following information from the National Automated Clearing House Association (NACHA) web site and take the necessary steps to ensure your entity is compliant with this new Rule prior to March 19, 2021: Supplementing Fraud Detection Standards for WEB Debits.

The Frequently Asked Questions (FAQ) section of this page provides valuable information to assist in your efforts to ensure compliance. Please note you may need to make changes to internal systems or processes to ensure compliance and/or confirm with any Third-parties you contract with for ACH Origination Services or Payment Gateways to ensure they are compliant.

Supplementing Data Security Requirements

The National Automated Clearing House Association (NACHA) has issued a new Operating Rule that will affect all entities involved with the storage of bank account numbers associated with ACH transactions such as direct deposits or drafts. Details of the pending rule, along with frequently asked questions, can be viewed at NACHA’s Supplementing Data Security Requirements webpage.      

Effective/Enforcement Date
The effective date for ACH originators and third-parties with more than 6 million ACH payments annually is June 30, 2021. For ACH originators and third-parties with more than 2 million ACH payments, the effective date is June 30, 2022.

General Requirement
If you are an ACH originator and meet the requirements specified in the new Rule, you are required to protect deposit account information by rendering it unreadable when it is stored electronically (at rest). This applies to both database records and to paper documents (e.g., authorizations) containing ACH account numbers that have been scanned.

Actions Required by Affected ACH Originators
ACH Originators should identify all its processes involving ACH-related records and ascertain how the new rule applies to its operations and to its vendors. Compliance by all parties will be a necessity before the specified enforcement date.

Bank of America is closing the CashPay Payroll Card Program, effective November 1, 2023. The State Treasurer’s Office is working with state agencies to enroll their employees in an alternative payment method by August 21, 2023. Click the link below for more information.

Banking Division Resources and Policies

The SC State Code requires financial institutions accepting public deposits to secure the deposit of funds for amounts that exceed FDIC insurance coverage. In the case of deposits of political subdivisions, the financial institutions have the option to pledge securities under either the dedicated method or pooling method. The Banking Division coordinates and monitors the collateralization process for banks depositing funds with the State Treasurer and for those banks utilizing the pooling method to secure deposits of the political subdivisions.

Banking Division Resources and Policies

Various state agencies and universities disburse funds electronically. One of the disbursement methods utilized is Automated Clearing House (ACH) payments. Another term for ACH payment is direct deposit. The State Treasurer has issued a policy for agencies to follow regarding the effective date of ACH payments.

Banking Division Resources and Policies

If you're interested in learning more about electronic disbursements, please visit our Electronic Payment Information page.

The State has two contracts for use by eligible entities desiring to accept merchant cards. The State Treasurer has a contract with First Data Merchant Services LLC (FDMS) which is required for any state agency or university desiring to accept merchant card (credit or debit card) as a form of payment. The contract with FDMS is also available to local government entities in South Carolina on an optional basis. In addition, there is a contract through the SC Department of Administration with Tyler Technologies (formerly NIC-SC) which is an optional contract supporting card payments via a web portal. The State Treasurer’s Office has guidance regarding options available when a payment gateway is required.

Banking Division Resources and Policies

State agencies and universities accepting credit cards must comply with the Payment Card Industry Data Security Standard (PCI DSS). The State Treasurer’s Office has issued a policy for agencies’ compliance responsibilities, as well as providing materials to assist agencies in their compliance efforts.

Banking Division Resources and Policies

The Banking Division coordinates the designation of financial institutions that various state agencies and universities use for banking services. These financial institutions are referred to in the SC Code of laws as “qualified public depositories.” Banking services pertain to functions related to both the receipt of funds and the disbursement of funds. The State Treasurer has issued a policy relating to the designation of qualified public depositories.

Banking Division Resources and Policies