Session 25 - Nacha Helps Drive Safe, What does Nacha stand for ?

Nacha governs the ACH Network, the payment system that drives Direct Deposits and Direct Payments with the capability to reach all U.S. bank and credit union accounts. We advance the nation’s payments system and deliver payments education, accreditation and advisory services.

You might already be familiar with ACH payments, a popular type of US electronic bank transfer used for a variety of transactions, including consumer purchases, bill payments, employee pay cheques and tax payments. Thanks to the versatility of ACH payments, the ACH network processed 26.8 billion payments that totalled over £48 trillion in 2020 alone. But even if ACH payments are a fixture in your personal finances and your business’s payment operations, you might not know much about Nacha, the organisation that runs the ACH network.

It’s useful for businesses to become familiar with the purpose that Nacha serves as well as its extensive operating rules. Here’s what you need to know about the entity that governs the ACH network and what it takes to follow Nacha rules, stay compliant and derive the maximum benefit from using ACH payments with your business.

What does Nacha stand for?

Nacha stands for the National Automated Clearing House Association. Previously, Nacha was written as "NACHA".

What is Nacha?

Nacha is an independent organisation that operates the Automated Clearing House (ACH) network, which is a centralised US financial network through which banks and credit unions send and receive electronic payments and money transfers. Nacha is owned by a large group of banks, credit unions and payment processing companies. Nacha provides a way to directly transfer money between accounts at different banks without using paper cheques, bank transfers, credit cards or cash.

Some of Nacha’s roles and responsibilities include:

Taking federal legislation and any executive rules that impact ACH payments and translating them into clear directions for the financial institutions, individuals and businesses that participate in the ACH network

Enforcing those operating rules for member banks and everyone else using the ACH network

Managing the continual evolution and development of the ACH network to make it relevant and serviceable to current needs in the world of payments

Promoting adoption and use of the ACH network

Functioning as a trade organisation by driving thought leadership, advocacy and education

What’s the difference between Nacha and ACH?

ACH is the network through which payments are sent and received and Nacha is the organisation that owns and manages that network and the technology that powers it. Nacha is also responsible for establishing and enforcing the rules and guidelines that govern the ACH network and ACH payments.

What is an ACH payment?

An ACH payment is an electronic transfer of funds sent using the ACH network. ACH payments are very common. ACH payments can be used for a variety of transactions, including:

Employee payments

Customer bills

Tax refunds

Tax payments

Retirement and investment account contributions

Commercial purchases

Charitable donations

University tuition payments

Funds sent between family and friends

How do ACH payments work?

Here’s an overview of the basic mechanics of ACH payments:

The banking institution that issues the ACH transfer request is called the Originating Depository Financial Institution (ODFI).

The banking institution that receives the ACH transfer request is called the Receiving Depository Financial Institution (RDFI).

An ACH payment begins when the ODFI sends a request to the RDFI to transfer funds from an account at the RDFI to an account at the ODFI.

Because the flow of an ACH transfer can work in either direction – the ODFI pushing funds to the RDFI or the ODFI requesting funds to be sent from the RDFI – the terms don’t necessarily indicate which banking institution is sending or receiving the funds, but rather which one is initiating the transfer request.

The ODFI creates a file containing all the key information about the transfer request, including:

Transaction type (credit or debit)

Routing numbers

Account numbers

Amount to be transferred

Within a set period of time, the ODFI gathers all ACH transfer requests into a batch and sends the batch of files to an ACH operator that then sends the files to the RDFI.

At this point, the bank from where the funds are being withdrawn releases the funds, which travel via the ACH network to the receiving account.

This process can take anywhere from several hours to a few days.

Nacha operating rules

Nacha has an extensive set of operating rules and regulations that apply to the different types of ACH payments. If your business wants to accept ACH payments from your customers, there are certain requirements to which you must adhere. Failure to do so might result in a series of warnings, fines and even suspension from using ACH payments altogether. Some fines can be as high as £389,000 per month (that’s an extreme case, but it can happen), so it’s important to make sure that your business is ticking every box that Nacha requires.

What exactly are those requirements? First, it’s important to note that Nacha’s operating rules can (and often do) change, so it’s a good idea to check the Nacha website regularly to make sure that your business still complies with the latest set of rules. Here are a few key requirements that businesses must follow:

Obtain authorisation from customers when they make an ACH debit payment to your business.

Communicate clearly to the customer during the payment process that they’re authorising either a one-off or recurring ACH payment.

Give adequate notice if you’re changing the amount of the ACH debit or the date.

Provide adequate security measures to protect customer payment information, such as:

Bank account and routing numbers

Social security numbers

Driving licence numbers

Billing addresses

When necessary, cancel recurring ACH payments in a timely manner and cease future debits.

There are also detailed requirements around the transmission and storage of sensitive data, including the level of encryption on web forms and emails, as well as rules about how to store physical copies of customer information.

These are just a few highlights from Nacha’s operating rules. If your business deals with ACH payments, especially as a customer payment method, you’ll want to get a full copy of Nacha’s rules and check for updates annually.

Why does Nacha compliance matter?

The goal of these operating rules is to keep customers’ financial and personal data safe at all times, while also making sure that payments are sent and received on time and with minimum hassle.

What is the Nacha file format?

A Nacha file is the document that contains all the crucial information and transfer instructions related to a requested ACH transaction. Just as Nacha has precise operating rules for every aspect of using the ACH network, they also have a protocol for putting together this file.

While there are some variables, depending on transfer type, most of the specifications remain the same from file to file. Here are some typical specifications:

Each line of the file is 94 characters long.

The file must contain:

Account numbers for the ODFI and RDFI accounts

Routing numbers for the ODFI and RDFI accounts

File header and trailer

Batch header record with service-class code

Entry detail record

Because of the specificity required by the Nacha file format, most banking institutions automate the process of compiling these documents to avoid human error.

With billions of ACH transactions happening every year, it’s important to understand the basic aspects of how ACH payments work, how the ACH network operates and what businesses and consumers need to know. For more information about how to accept ACH Direct Debit payments with Stripe, start here.

Please follow me for more jobs opening -

 https://www.linkedin.com/in/prashantppohare/

Blog - https://bankingpayments.blogspot.com/

Banking Group- https://www.linkedin.com/groups/9809571/

Source of information - https://stripe.com/in/resources/more/nacha-explained

Session 25 - About The Clearing House

 About The Clearing House

The Clearing House operates U.S.-based payments networks that clear and settle more than $2 trillion each day through wire, ACH, check image, and real-time payments. It is the nation’s most experienced payments company, with a long track record of providing secure and reliable systems, payments innovation, and strategic thought leadership to financial institutions. Learn more at www.theclearinghouse.org.

New York –The CHIPS® network, the largest private-sector high-value clearing and settlement system in the world, which is operated by The Clearing House, successfully migrated to the ISO 20022 message format on the April 8 banking day. The adoption of the ISO 20022 message format by the CHIPS network enhances the efficiency of payments processing; allows participants and end-user customers to glean value from enriched data content, such as extended remittance information; enables users to query structured message formats for multiple purposes, including sanctions and compliance screening; and supports the dollar as a global reserve and settlement currency.

On Monday, April 8, the CHIPS network concluded its first day of operations on the ISO 20022 message format, releasing 555,345 payments for a value of $1.81 trillion.

“These figures exceed expectations for volume and value for Day 1 and parallel a typical operating day on the CHIPS network,” said Margaret Weichert, Chief Product Officer, The Clearing House. “They reflect confidence in the performance of the CHIPS ISO 20022 platform and the promise that the new message format will deliver meaningful benefits to participants and customers.”

The CHIPS network’s migration to the ISO 20022 message format follows parallel migrations of high-value payment systems in other jurisdictions. ISO 20022 is the international standard for financial messaging developed by the International Organization for Standardization (ISO) with the goal to create a common language for financial communications globally.

https://lnkd.in/drFNHQrj

Session 160 - The Clearing House Interbank Payments System (CHIPS) is the largest private sector USD clearing system for wire transfers.

 Session 160 - The Clearing House Interbank Payments System (CHIPS) is the largest private sector USD clearing system for wire transfers.

CHIPS is the largest private sector USD clearing system in the world, clearing and settling $1.8 trillion in domestic and international payments per day.

CHIPS provides fast and final payments and the most efficient liquidity savings mechanism available today. Its patented algorithm matches and nets payments resulting in an extremely efficient clearing process.

This large value payment system has more than 40 participants and is the private-sector counterpart to Fedwire

CHIPS is privately operated by The Clearing House, owned by the approximately 50 financial institutions that participate in its system, and governed by Article 4A of the Uniform Commercial Code.

CHIPS allows transactions to be netted, so it doesn’t process every transaction instantly in real-time. For payments that are not time-sensitive, CHIPS is a less expensive option to Fedwire, which is a real-time gross settlement system.

How CHIPS works
CHIPS operates from 9 a.m. to 6 p.m. Eastern Time. The extension to 6 p.m. was announced in March 2021 to help support late-day payments, especially from the West Coast. During operating hours, CHIPS nets and settles payments. Afterhours, CHIPS releases and nets unresolved payments and sends payment orders to Fedwire to settle. That’s right—CHIPS is not just a competitor, but also a customer of Fedwire.


CHIPS is a netting engine, which means the system allows multiple payments between the same parties to be aggregated. Let’s say that Modern Bank wants to send $2.5M to Card Network X. At the same time, Card Network X is paying Modern Bank $1.5M. Instead of allowing two transactions for the full amounts, CHIPs would consolidate these into a single payment of $1M from Modern Bank to Card Network X. Though this means that CHIPS payments take longer than real-time transactions, most payments still settle intraday.

CHIPS was organized in 1970 by the New York Clearing House Association, a group of the largest commercial banks in New York City. Originally for 8 of its bank members, CHIPS participation expanded in the 1970s and 80s to additional commercial banks, as well as Edge corporations, US branches of foreign banks, and other financial institutions. In 1981, to prevent risk exposure that could occur from waiting overnight or through a weekend to settle large volumes, the Federal Reserve agreed to provide same-day settlement to CHIPS participants through Fedwire.

In 1998, CHIPS eliminated the requirement that members have an office in New York City. Today, CHIPS has around 50 direct participants.
#payments #data #data #network #bank #corporations #chips #usa

Session 22 A Hardware Security Module (HSM)

 Hardware security module (HSM)

Physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.^[1] These modules traditionally come in the form of a plug-in card (so called internal HSM) or an external device that attaches directly to a computer or network server (so called network HSM). A hardware security module contains one or more secure cryptoprocessor chips.^[2][3]

Design[edit]

HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection.^[4] Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. Some of the HSMs are also using secure multi-party computation to protect the keys they manage.^[5] A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on a computer disk or other media, or externally using a secure portable device like a smartcard or some other security token.^[6]

HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models including clustering, automated failover, and redundant field-replaceable components.

A few of the HSMs available in the market have the capability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native C language, .NET, Java, or other programming languages. Further, upcoming next-generation HSMs^[7] can handle more complex tasks such as loading and running full operating systems and COTS software without requiring customization and reprogramming. Such unconventional designs overcome existing design and performance limitations of traditional HSMs while providing the benefit of securing application-specific code. These execution engines protect the status of an HSM's FIPS or Common Criteria validation.^[8]

HSM main keys and functionalities:


1. **LMK (Local Master Key)**: The Local Master Key is a key used to encrypt other keys stored within the HSM. It is essential for the security of the HSM itself and is typically managed by the HSM administrator.

2. **ZMK (Zone Master Key)**: The Zone Master Key is a key used for encrypting and protecting other keys, usually at a higher level than LMK. It's often used for key exchange between systems or HSMs.

3. **ZPK (Zone PIN Encryption Key)**: The Zone PIN Encryption Key is used for encrypting and decrypting Personal Identification Numbers (PINs) during PIN verification processes in payment transactions.

4. **TPK (Terminal PIN Key)**: The Terminal PIN Key is used for encrypting PINs at the terminal level, typically for PIN pad devices.

5. **SMI (Static MAC Initialization Key)**: The Static MAC Initialization Key is used for generating Message Authentication Codes (MACs) in static mode, often used in ISO 8583 message formats for ensuring data integrity.

6. **SMC (Static MAC Check Key)**: The Static MAC Check Key is used for verifying Message Authentication Codes (MACs) generated using the Static MAC Initialization Key.

7. **CVV (Card Verification Value)**: The Card Verification Value is a security feature printed on payment cards or stored in their magnetic stripe or chip, used to verify that the card is physically present during a transaction. It's also known as CVC (Card Verification Code) or CVC2 (Card Verification Value Code).

8. **PVV (PIN Verification Value)**: The PIN Verification Value is a value calculated from the PIN and the PAN (Primary Account Number) used during PIN verification processes to ensure the PIN entered matches the one associated with the card.
Certainly, here's the description for CVK:

9.**CVK (Card Verification Key)**: The Card Verification Key is used in conjunction with the CVV (Card Verification Value) or CVC (Card Verification Code) to verify the authenticity of payment card transactions. It's typically derived from the issuer's master key or another secure key within the payment system. The CVK is used to generate or verify the CVV/CVC, which helps prevent fraudulent card-not-present transactions.


These keys play critical roles in securing payment transactions and ensuring the confidentiality, integrity, and authenticity of sensitive data within the payment ecosystem.

Card payment system HSMs (bank HSMs)[edit]

Specialized HSMs are used in the payment card industry. HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards. They normally do not feature a standard API.

Typical applications are transaction authorization and payment card personalization, requiring functions such as:

• verify that a user-entered PIN matches the reference PIN known to the card issuer
• verify credit/debit card transactions by checking card security codes or by performing host processing components of an EMV based transaction in conjunction with an ATM controller or POS terminal
• support a crypto-API with a smart card (such as an EMV)
• re-encrypt a PIN block to send it to another authorization host
• perform secure key management
• support a protocol of POS ATM network management
• support de facto standards of host-host key | data exchange API
• generate and print a "PIN mailer"
• generate data for a magnetic stripe card (PVV, CVV)
• generate a card keyset and support the personalization process for smart cards

The major organizations that produce and maintain standards for HSMs on the banking market are the Payment Card Industry Security Standards Council, ANS X9, and ISO.

SSL connection establishment[edit]

Performance-critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 1 to 10,000 1024-bit RSA operations/second.^[15][16] Some performance at longer key sizes is becoming increasingly important. Specialized HSM devices can reach numbers as high as 20,000 RSA operations per second.^[17] To address this issue, some HSMs ^[18] now support ECC.

DNSSEC[edit]

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. OpenDNSSEC is an open-source tool that manages signing DNS zone files.

On January 27, 2007, ICANN and Verisign, with support from the U.S. Department of Commerce, started deploying DNSSEC for DNS root zones.^[19] Root signature details can be found on the Root DNSSEC's website.^[20]

Blockchain and HSMs[edit]

A Trezor model T hardware wallet

Blockchain technology depends on cryptographic operations. Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography.

The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions.^[21][22] Cryptocurrency private keys can be stored in a cryptocurrency wallet on a HSM.^[23]

Cryptographic operations performed by Fabric nodes in the Hyperledger framework support delegation to a Hardware Security Module.^[24]

Client-side encryption with HSM[edit]

Cloud providers (eg. Google announced its client-side encryption solution in 2023) introduced different methods for allowing customer data stored on their servers to be encrypted (and decrypted) with HSM devices owned or controlled by the customer.

Reference https://en.wikipedia.org/wiki/Hardware_security_module

Please follow me for more jobs opening - https://www.linkedin.com/in/prashantppohare/

Banking Group- https://www.linkedin.com/groups/9809571/

JobGroup - https://www.linkedin.com/groups/9322201/

Blog - https://bankingpayments.blogspot.com/

VBLOG- https://www.youtube.com/@LoveBanking

#jobsbeanbag #lovebanking #bankingpayments

Session 22 - What is 𝐒𝐖𝐈𝐅𝐓? Workflow ? How does SWIFT wire transfer work in 𝐜𝐫𝐨𝐬𝐬-𝐛𝐨𝐫𝐝𝐞𝐫 𝐩𝐚𝐲𝐦𝐞𝐧𝐭𝐬?

What is 𝐒𝐖𝐈𝐅𝐓? How does SWIFT wire transfer work in 𝐜𝐫𝐨𝐬𝐬-𝐛𝐨𝐫𝐝𝐞𝐫 𝐩𝐚𝐲𝐦𝐞𝐧𝐭𝐬?    

.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is the main secure 𝐦𝐞𝐬𝐬𝐚𝐠𝐢𝐧𝐠 𝐬𝐲𝐬𝐭𝐞𝐦 that links the world’s banks.

The Belgium-based system is run by its member banks and handles 𝐦𝐢𝐥𝐥𝐢𝐨𝐧𝐬 𝐨𝐟 𝐩𝐚𝐲𝐦𝐞𝐧𝐭 𝐦𝐞𝐬𝐬𝐚𝐠𝐞𝐬 per day. The diagram below illustrates how payment messages are transmitted from Bank A (in New York) to Bank B (in London).

Note that the SWIFT network handles the 𝐢𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧 𝐟𝐥𝐨𝐰 of money, not the 𝐟𝐮𝐧𝐝 𝐟𝐥𝐨𝐰. The fund flow involves central bank systems.

Step 1: Bank A sends a message with transfer details to Regional Processor A in New York. The destination is Bank B.

Step 2: Regional processor validates the format and sends it to Slice Processor A. The Regional Processor is responsible for input message validation and output message queuing. The Slice Processor is responsible for storing and routing messages safely.

Step 3: Slice Processor A stores the message.

Step 4: Slice Processor A informs Regional Processor A the message is stored.

Step 5: Regional Processor A sends ACK/NAK to Bank A. ACK means a message will be sent to Bank B. NAK means the message will NOT be sent to Bank B.

Step 6: Slice Processor A sends the message to Regional Processor B in London.

Step 7: Regional Processor B stores the message temporarily.

Step 8: Regional Processor B assigns a unique ID MON (Message Output Number) to the message and sends it to Slice Processor B

Step 9: Slice Processor B validates MON.

Step 10: Slice Processor B authorizes Regional Processor B to send the message to Bank B.

Step 11: Regional Processor B sends the message to Bank B.

Step 12: Bank B receives the message and stores it.

Step 13: Bank B sends UAK/UNK to Regional Processor B. UAK (user positive acknowledgment) means Bank B received the message without error; UNK (user negative acknowledgment) means Bank B received checksum failure.

Step 14: Regional Processor B creates a report based on Bank B’s response, and sends it to Slice Processor B.

Step 15: Slice Processor B stores the report.

Step 16 - 17: Slice Processor B sends a copy of the report to Slice Processor A. Slice Processor A stores the report.

Banking Group- https://www.linkedin.com/groups/9809571/

JobGroup - https://www.linkedin.com/groups/9322201/

Blog - https://bankingpayments.blogspot.com/

VBLOG- https://www.youtube.com/@LoveBanking

#jobsbeanbag #lovebanking #bankingpayments