# Nacha rule changes

Nacha is the governing body that oversees the ACH network, which processes payments from US bank accounts. Non-compliance with Nacha’s operating rules could result in penalties and, in some cases, account termination. Starting March 20, 2026, Nacha will begin enforcing a set of rules focused on risk management, reducing the incidence of successful fraud attempts, and improving the ability to recover funds after fraud has occurred.
### What are the new requirements?
Effective March 20, 2026, **Company Entry Descriptions** is a new required field for transactions.
* **Payroll:** This is a new standard description for PPD Credits sent for the payment of wages, salaries and similar types of compensation. The Company Entry Description field must contain the description PAYROLL.
* **Purchase:** This is a new standard description for consumer e-commerce purchases. The Company Entry Description field must contain the description PURCHASE.
  * For this purpose, an e-commerce purchase is an ACH debit transaction authorized by a consumer for the online purchase of goods and use the [SEC](https://docs.stripe.com/payments/ach-direct-debit/sec-codes) code WEB or TEL.
### Fraud Monitoring
This rule change will require all parties in the chain of submitting ACH transactions to establish and implement risk-based processes and procedures to identify ACH transactions initiated due to fraud and review these processes and procedures on an annual basis to address evolving risks.
This requirement currently only applies to merchants who originate WEB debits and micro-deposits. This amendment expands the scope of the requirement to include all ACH entry types and applies to all parties in the chain of submitting ACH transactions. The intent of this change is to reduce incidences of successful fraud attempts.
* **Phase 1:** Effective March 20, 2026 for any merchant with annual ACH origination  volume of 6 million or greater in 2023.
* **Phase 2:** Effective June 22, 2026 for all other merchants not in scope for Phase 1.
### Who do these requirements apply to?
These requirements apply to any Stripe user who:
* Originates payroll or similar compensation payments (company entry description - payroll)
* Originates ACH debits to consumer accounts using WEB or TEL SEC codes (company entry description - purchase)
* Any Stripe user originating ACH debits and credits (Fraud Monitoring)
### How can I comply with these requirements?
Follow Configure your account for Nacha compliance which details the configuration options available on Stripe.
### Fraud Monitoring
When designing risk‑based fraud controls, the goal is simple: stop fraud without hurting legitimate customers. Consider practical approaches to risk management that combine both proactive prevention and reactive detection and are appropriate for your business.
Here are some factors to consider when assessing risks associated with ACH processing:
* Current fraud losses and unauthorized return rates (i.e. disputes)
* Account validation methods used when adding a bank account
* Transaction limits
* Customer and transaction profiling, such as using IP geo, device fingerprint, and customer history to determine the riskiness of the transaction
Learn how Stripe can help you meet these amended requirements through Stripe [Radar](https://docs.stripe.com/radar) and [Financial Connections](https://docs.stripe.com/financial-connections).