Finance glossary

What are eft best practices?

Bristol James
6 Min

EFT best practices are principles businesses should follow to ensure the secure, efficient and compliant processing of electronic fund transfers.

What is an EFT payment?

An electronic funds transfer (EFT) payment describes any transaction where money is moved from one bank account to another electronically.

Though not a new technology, the prevalence of EFT payments has increased substantially in recent years. EFT payments were favoured by consumers during the COVID-19 pandemic, with this trend also coinciding with the rise of eCommerce.

In general, however, EFT payments are a fast and secure form of payment that enables consumers to make automatic bill payments, transfer money to friends or family and receive a direct deposit of salary or wages.

Increasingly, EFT payments are being used in a B2B context. Businesses are utilizing technology to improve efficiencies and beginning to understand payments by check are cumbersome at best.

What are the different types of EFT payments?

Various types of EFT payment are in common use today. There are specific types for a variety of use cases, and each is associated with particular costs and processing times.

So what’s available? Let’s take a look.

ACH payments

ACH payments are the predominant form of EFT payment in the United States.

These payments are processed on the Automated Clearing House (ACH) network – a global payments ecosystem that processed 31.5 billion payments worth $80.1 trillion in 2023 alone.

Wire transfers

Wire transfers involve the electronic transfer of funds from one bank to another.

Since these payments are typically processed in real-time or in a few hours, wire transfers tend to be used for high-value or urgent transactions where the transferred funds need to be available immediately.

Direct deposits

Direct deposits, as the name suggests, are electronic payments where money is deposited into a recipient’s bank account.

Direct deposits comprise some of the most recognizable EFT payments such as payroll deposits, tax refunds, government-related benefits, and other recurring payments.

Digital wallet payments

Digital wallet payments are made from a connected device (typically a smartphone or smartwatch).

The type of device is unimportant, but each stores the consumer’s payment information and passwords in the cloud. This means they avoid having to carry around physical bank cards.

According to Forbes, 53% of Americans use this form of EFT payment over traditional payment methods. The most popular digital wallets are Google Pay, Apple Pay, and Samsung  Pay.

EFT payments and best practices
The various types of EFT payments (Source: Zomentum)

The Electronic Fund Transfer Act

No matter the type of EFT payment, the Electronic Fund Transfer Act (EFTA) outlines the rights, liabilities, and responsibilities of entities involved in EFT systems.

The Act, which was established in 1978, primarily protects individual consumers across a variety of related services. These include:

  • Automated teller machine (ATM) transfers.
  • Telephone bill payment plans.
  • Remittance transfers.
  • Remote banking programs.
  • Point of sale (POS) terminals, and
  • Automated clearing house (ACH) systems.

Consumer protection is enabled via Regulation E, which sets out rules for how financial institutions must protect sensitive information during electronic transactions.

Specifically, these institutions must adopt certain practices and procedures in regard to:

  • Transaction accounting.
  • Error resolution.
  • Liability limits (for losses as a result of unauthorized transfers), and
  • Preauthorized transfers.

Preauthorized EFT transfers

For most businesses, the requirements related to preauthorized transfers are the most salient. Preauthorized transfers can simply be defined as any repeated or recurring EFT transfer that is authorized in advance and at regular intervals.

In this context, the business (merchant) is required to:

  • Authenticate the consumer (and then provide them with a copy of the authorization), and
  • Prove that the consumer consented to the preauthorized transfer.

ACH payment best practices

Since ACH payments are the most prevalent form of EFT payment in the United States, it is worth spending some time explaining how businesses that use these networks can stay compliant.

ACH payments must comply with requirements set out in Regulation E, but they must also comply with those established by the National Automated Clearing House Association (Nacha).

Nacha, which governs the ACH network where the payments take place, has established certain rules for ACH payment processing. Like those set out in Regulation E, these rules serve to keep consumers safe and are continually revised and updated as new threats or technologies emerge.

For businesses that accept payments, clear rules exist for:

  • Obtaining authorization from a customer for recurring or one-time ACH debits, as well as making it clear to the customer which type it is.
  • Properly securing sensitive information before initiating the transfer.
  • Cancelling a subscription if the customer chooses to opt out.
  • Providing appropriate notice if the business needs to adjust the amount of a debit or the day it is debited.

As the ACH network becomes the payment network of choice, it is imperative businesses stay abreast of the latest guidelines.

This is particularly true for third-party payment processors (TPPPs) that handle payments on behalf of other businesses. In some cases, those who repeatedly break the rules may be suspended from the network entirely.

Disputed payments on the ACH network

While most businesses that utilize ACH payments will have a trouble-free experience, disputed payments are the primary area of focus for Nacha and one metric it endeavors to keep as low as possible.

To maintain the integrity of the ACH network and ensure merchants are accountable to consumers, overall return rates should never exceed 15% and administrative return rates should never exceed 3%. Nacha is especially stringent on unauthorized ACH payments with that threshold set at just 0.5% of all transactions.

When can a customer dispute an ACH transaction?

According to Nacha, there are three acceptable reasons for a consumer to dispute an ACH payment:

  1. When a payment is processed early. That is, on a date before it was authorized.
  2. When a transaction is processed for an amount other than the amount authorized, and
  3. If a payment was never authorized by the individual account holder or if the authorization was later revoked.

Proof of authorization on the ACH network

From time to time, merchants may be asked to prove they are complying with ACH network guidelines around payments. More specifically, they may be asked to provide proof that a customer consented to a payment. This is otherwise known as a proof of authorization.

Proof of authorization depends on the ACH payment type, which is itself dependent on the origin of the transaction. There are 13 such payment types on the ACH network and each has a three-letter identifier.

Here are a few of the most common types and what sort of authorization is required.


WEB payments are any that are initiated via the internet or mobile. Authorization may be in writing, signed, or authenticated by Nacha’s Web Debit Account Validation Rule.

The rule, which became enforceable in March 2022, requires ACH originators of web debit entries to screen such debits for fraud with commercial systems. Nacha also requires that account validation be part of the aforementioned system whenever an account number is changed or used for the first time.


A Prearranged Payment and Deposit Entry (PPD) is a debit or credit transaction initiated by a business that can be one-time or recurrent.

In this case, authorization depends on the nature of the transaction. In a consumer debit, authorization must be in writing, signed, or similarly authenticated. Consumer credits, on the other hand, can be authorized orally or by other non-written means.


A Telephone-Initiated Entry (TEL) describes a single or recurring debit that is initiated over the phone.

These transactions typically involve the payer (individual or business) providing their bank account information to a payee over the phone, which also serves as authorization for the transaction.

In summary:

  • EFT best practices are principles businesses should follow to ensure the secure, efficient and compliant processing of electronic fund transfers.
  • The Electronic Fund Transfer Act (EFTA) governs EFT payments in the USA. Primarily, it requires that businesses protect the sensitive information of consumers across various financial services.
  • EFT payments on the Automated Clearing House (ACH) network are subject to additional rules imposed by Nacha – the network’s regulator. Nacha imposes several rules on businesses that accept EFT payments, with a particular focus on minimizing disputing payments.
  • There are 13 different types of payment type on the ACH network, and many require context-dependent authorization. Telephone-initiated debits can be authorized verbally, for example, while internet or mobile payments can be authorized in writing or via signature.

Related articles

Finance glossary

How to read a check

Reading a check may appear straightforward at first glance, but the various elements that comprise a check play a crucial role in …

Read more
Finance glossary

What is a hedging strategy?

A hedging strategy is a risk management strategy to avoid large financial statement losses due to investment fluctuations. Hedges work like an …

Read more
Finance glossary

What is an external audit?

An external audit is an assessment of the accuracy of your financial statements by an independent third party. Independent examination gives lenders, …

Read more

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.