Customer protection

The ACH scheme takes a number of measures to ensure customers are protected when payments are being taken.


When making ACH payments, customers are protected by the ACH rules and also through Federal Regulation, via Regulation E.

Customers can request a return in any situation if they believe the payment was unauthorized (called an unauthorized return). This includes:

  • If the customer never authorized payment
  • If the customer revoked authorization
  • If payment was processed earlier than authorized
  • If payment is for a higher amount than the amount authorized
  • If a corporate debit has been taken from a consumer account

The customer requests the return via a written statement to the bank, which may refer to more than one unauthorized debit payment. Under the ACH rules, the customer’s bank is obliged to refund the debits without question, as long as the statement was received within 60 days from when the customer receives their bank statement containing the unauthorized debit. (In contrast, businesses have only 2 days to request a return.)

After the bank receives the written statement, it has 10 days to investigate the error and issue a credit to the customer. Provided the credit is issued within the 60 day window for ACH debit returns, it will be initiated via the ACH network. Importantly, the originating bank will attempt to retrieve the funds from you, the merchant. If the credit is issued outside the 60 day window instead, then the return will be processed between the banks themselves.

It’s important to remember that, even for claims submitted outside the valid window, you as the merchant could be required to prove that you hold valid authorization for the payment. This could happen at any point during the 2 year period after you made the last debit to the customer. If you’re unable to produce valid authorization, then the receiving bank can still request that funds are returned (although the ACH rules don’t oblige the originator to accept this late return). This action could cause the receiving bank to start court proceedings to recover the funds, or submit an ACH rules violation. The ACH network doesn’t have its own appeals process, so if you believe a customer has wrongly requested a return on a payment, you’ll need to settle the matter in court.

Unauthorized return rules in practice

In practice, a very low number of ACH debits are returned, although the rate does vary according to the type of business. Particularly risky transactions include high-value goods like cars, liquid assets (such as currency), gambling, or payday loan services.

It’s important that businesses follow best practices for taking ACH debits. Nacha has established an inquiry process which includes:

  • Investigating originators who exceed 3% administrative returns (i.e. returns due to administrative or account data errors)
  • Investigating originators who exceed 15% total returns
  • The right to revoke access to the ACH network if a 0.5% unauthorized returns threshold is breached

You can take measures to reduce the risk of your customers requesting returns, such as:

  • Giving customers ample advance notice of a payment, so they can raise any issues or cancel the payment before it’s taken
  • Providing clear contact information and easy to reach customer service, to encourage customers to bring complaints to you before seeking a refund from their bank
  • Processing all cancellation requests without delay, including authorization cancellation requests
  • Ensuring you and your payment processor follow the ACH debit scheme rules

Unauthorized return management in GoCardless

GoCardless removes the stress of the payment returns process by helping you manage any returns.

If one of your customers requests a return, GoCardless will notify you, allowing you to review the request and ask us to retake the payment if appropriate. Our processes are designed to minimize the risk of unauthorized returns, and ensure you always abide by Nacha’s scheme rules.

You can find out more about collecting ACH debit with GoCardless in Chapter 4.

‹ View table of contents Next page ›

Latest features

The Global Recurring Payments Tracker: July 2019 edition

The Global Recurring Payments Tracker, a collaboration with PYMNTS.com, is your monthly resource for tackling the complexities and challenges of the international recurring payments space.

Strong Customer Authentication (SCA): The complete downloadable guide

The in-depth guide to Strong Customer Authentication (SCA), including what the new requirements mean for businesses with recurring revenue and key exemptions you can leverage.

Webinar: Surviving SCA - Lessons for businesses with recurring revenue

Learn everything you need to know about Strong Customer Authentication (SCA), and how you can prepare your business in our on-demand webinar.

View all


Reference guides

View all