The ACH scheme takes a number of measures to ensure customers are protected when payments are being taken.
Customers can request a return in any situation if they believe the payment was unauthorized (called an unauthorized return). This includes:
If the customer never authorized payment
If the customer revoked authorization
If payment was processed earlier than authorized
If payment is for a higher amount than the amount authorized
If a corporate debit has been taken from a consumer account
The customer requests the return via a written statement to the bank, which may refer to more than one unauthorized debit payment. Under the ACH rules, the customer’s bank is obliged to refund the debits without question, as long as the statement was received within 60 days from when the customer receives their bank statement containing the unauthorized debit. (In contrast, businesses have only 2 days to request a return.)
After the bank receives the written statement, it has 10 days to investigate the error and issue a credit to the customer. Provided the credit is issued within the 60 day window for ACH debit returns, it will be initiated via the ACH network. Importantly, the originating bank will attempt to retrieve the funds from you, the merchant. If the credit is issued outside the 60 day window instead, then the return will be processed between the banks themselves.
It’s important to remember that, even for claims submitted outside the valid window, you as the merchant could be required to prove that you hold valid authorization for the payment. This could happen at any point during the 2 year period after you made the last debit to the customer. If you’re unable to produce valid authorization, then the receiving bank can still request that funds are returned (although the ACH rules don’t oblige the originator to accept this late return). This action could cause the receiving bank to start court proceedings to recover the funds, or submit an ACH rules violation. The ACH network doesn’t have its own appeals process, so if you believe a customer has wrongly requested a return on a payment, you’ll need to settle the matter in court.
Unauthorized return rules in practice
In practice, a very low number of ACH debits are returned, although the rate does vary according to the type of business. Particularly risky transactions include high-value goods like cars, liquid assets (such as currency), gambling, or payday loan services.
It’s important that businesses follow best practices for taking ACH debits. Nacha has established an inquiry process which includes:
Investigating originators who exceed 3% administrative returns (i.e. returns due to administrative or account data errors)
Investigating originators who exceed 15% total returns
The right to revoke access to the ACH network if a 0.5% unauthorized returns threshold is breached
You can take measures to reduce the risk of your customers requesting returns, such as:
Giving customers ample advance notice of a payment, so they can raise any issues or cancel the payment before it’s taken
Providing clear contact information and easy to reach customer service, to encourage customers to bring complaints to you before seeking a refund from their bank
Processing all cancellation requests without delay, including authorization cancellation requests
Ensuring you and your payment processor follow the ACH debit scheme rules
Unauthorized return management in GoCardless
GoCardless removes the stress of the payment returns process by helping you manage any returns.
If one of your customers requests a return, GoCardless will notify you, allowing you to review the request and ask us to retake the payment if appropriate. Our processes are designed to minimize the risk of unauthorized returns, and ensure you always abide by Nacha’s scheme rules.
You can find out more about collecting ACH debit with GoCardless in Chapter 4.