Direct Debit in US
Direct debit is a popular low-cost alternative to card payments in the US, but each solution carries different levels of risk. Merchants should carefully balance cost efficiency with fraud exposure and settlement certainty.
-
ACH Direct Debit allows US shoppers to pay from their bank accounts, but it operates on delayed settlement with no real-time validation. This creates financial risk for merchants, as invalid or fraudulent payments can be paid out and later reversed.
-
Pay by Bank (US), powered by Plaid, uses the same ACH rails but adds secure account linking, real-time validation, and balance checks. This reduces fraud, lowers rejection rates, and improves the customer experience. While slightly more expensive, it provides a safer and more reliable alternative for merchants processing significant ACH volumes.
ACH (Automated Clearing House)
ACH Direct Debit lets shoppers in the US pay directly from their bank accounts. It uses the ACH network, a batch-based system run by US banks.
How It Works
-
The shopper provides routing and account numbers.
-
Sana Pay initiates a debit request via the ACH network.
-
The merchant receives funds after settlement.
Key Characteristics
-
Settlement delay: Funds may be credited to the merchant before final confirmation.
-
Risk of returns: Banks can reject payments days later for reasons such as insufficient funds or invalid account numbers.
-
Account validation: New bank accounts and updated account details are validated via gVerify before a payment is initiated. A buyer may be declined if their account fails validation.
-
Enhanced fraud protection: All ACH transactions are screened pre-authorization via Adyen Protect Premium. Transactions exceeding the defined risk threshold are blocked before processing.
Recommendations
While ACH is attractive for its very low cost, it carries high financial risk due to delayed settlement and the absence of proactive account validation. To manage this risk, we recommend the following:
-
Restrict usage to trusted customers: Use ACH primarily with long-term, reliable buyers where the likelihood of fraud or insufficient funds is low.
-
Enable a T+5 payout delay for high-volume ACH: This ensures that most returns or chargebacks are identified before funds are released, reducing exposure to negative balances.
-
Protect Premium is enabled by default to support compliance with Nacha enhanced Risk Management Rules.
-
gVerify account validation is enabled by default for new accounts and credential changes.
-
Merchants must download the Sana Pay payment log from Sana Admin at regular intervals and retain it for a minimum of two years. This is the only additional step required from the merchants.
Nacha Enhanced Risk Management Rules
Nacha's enhanced Risk Management Rules are effective 19 June 2026 and apply to all ACH merchants.
To support compliance, Sana Pay includes the following protections:
-
ACH transaction screening: Every ACH transaction is screened before authorization using Adyen Protect Premium, a machine learning-based fraud protection service. Transactions that exceed the defined risk threshold are automatically blocked.
-
Bank account validation: New bank accounts are automatically validated via gVerify before a payment is initiated. This happens in the background with no change to the buyer experience. However, buyers using a new or unrecognized bank account may be declined if the account cannot be validated.
-
Record retention: Merchants are required to log and retain evidence of end-user authentication. Sana Pay already captures this in the Sana Admin payment log, which merchants must download at regular intervals and retain for a minimum of two years.
Account Validation
To support compliance with Nacha's enhanced Risk Management Rules, effective 19 June 2026, Sana Pay supports bank account validation via gVerify. Validation helps reduce returns caused by invalid account information and protects merchants from fraudulent or erroneous transactions.
When a buyer enters bank account details for the first time, or changes their existing bank account details, Sana Pay automatically sends a validation request to gVerify before the payment is initiated. The validation response is returned to Sana Pay and logged against the payment transaction.
-
If validation passes, the ACH payment proceeds as usual.
-
If validation fails, the payment does not proceed. The buyer is asked to check their bank account details or use a different payment method. The buyer may see the following message: Your bank account could not be verified. Please check your account details and try again, or use a different payment method.
Because gVerify is a paid validation service, Sana Pay uses Adyen's consumer ecommerce payments validation option, which triggers gVerify only when needed:
-
On a buyer's first use of a given bank account.
-
When a buyer changes their bank account details.
gVerify is not triggered on subsequent transactions using already-validated, unchanged bank account details.
Pay by Bank (US)
Pay by Bank (US) is an ACH-based payment method enhanced by Plaid. Instead of shoppers typing in account details, they securely connect to their bank accounts using online banking credentials.
How It Works
-
Shopper selects their bank and logs in securely.
-
Plaid verifies account ownership, retrieves account details, and checks the balance.
-
Sana Pay processes the payment through ACH rails with enriched data.
Key Characteristics
-
Real-time validation: Account ownership, identity, and balance are checked at the time of payment.
-
Reduced failures: Fewer rejected or returned transactions due to insufficient funds or fake details.
-
Improved fraud defense: Identity data and secure login help mitigate account takeover and fraudulent use.
Recommendations
Pay by Bank (US) leverages Plaid to provide real-time account validation and balance checks, reducing fraud and failed payments compared to standard ACH. To maximize its value, we recommend the following:
-
Use for high-volume ACH processing
Pay by Bank is especially suited for merchants handling large transaction volumes where fraud and return risk must be minimized. -
Offer as a default option for new customers
Since account validation happens during the first transaction, Pay by Bank provides safer onboarding than raw ACH. -
Balance cost against risk reduction
Transaction fees are higher than standard ACH, but the lower fraud exposure and reduced operational overhead justify the investment for most merchants. -
Nacha compliance
Pay by Bank satisfies all Nacha compliance requirements out of the box. Authentication is handled at the bank level via Plaid – no logs to retain, no authorization evidence to collect.
Comparison
| Feature | ACH (Direct Debit) | Pay by Bank (US) |
|---|---|---|
| Network | ACH | ACH (with Plaid) |
| Validation | gVerify account validation on first use and credential changes | Real-time account & balance validation |
| Settlement | Delayed; can be reversed days later | Same rails, but fewer reversals |
| Fraud Risk | Reduced (Adyen Protect Premium screens all transactions pre-authorization) | Lower (account login + identity checks) |
| Customer UX | Enter routing + account number manually | Secure bank login via Plaid |
| Typical сosts | Lower processing fees | Slightly higher (Plaid validation fees) |
| Best for | Less risk-sensitive merchants | Risk-conscious merchants |
| Nacha сompliance | Supported (merchant payment log retention required) | Fully supported out of the box (no additional merchant action required) |
