ACH rules are changing, and you should be prepared….

When Hossein N. and I founded Motionsoft 20 years ago, the general mix of recurring payments for gym memberships was about 20% ACH and 80% credit card. Over the last few years, the tide has shifted, and more and more businesses, not just in fitness, but across the board, are using promotions and fees like surcharges to incentivize ACH as their preferred form of payment. 

I’ve written about this before and believe it to be a good strategic choice. ACH is cheaper, and first-time decline rates on ACH are lower, making your time to revenue shorter. ALL GOOD THINGS!

The rules are changing, though, and you and your club management providers need to prepare for ACH proof of authorization. Here is a summary, and feel free to reach out if you’d like more info.

In ACH origination, authorization, and authentication aren’t the same thing — and treating them as if they are can create serious compliance exposure.

NACHA, the standard for ACH processing in North America, has published guidance on “Proof of Authorization for WEB Entries.” There is a critical new point: it’s not enough to capture consent; you have to be able to prove it. That means demonstrating both the customer’s intent and their verified identity.

This is a legal and compliance requirement. NACHA rules require retaining written or digital proof of authorization for at least two years, and the process must clearly link the consumer, the account, and the transaction.

In a world where more ACH transactions originate online or via mobile, a simple “click to agree” won’t cut it anymore. Institutions should be capturing and maintaining evidence such as timestamps, IP addresses, login data, and screenshots of the authorization flow.

It’s a good time for every ACH participant to review how their digital authorization processes align with NACHA standards. Compliance and trust start with proof.