Showing results for 
Search instead for 
Did you mean: 

Donation Software - eCheck NACHA Compliance (screenshot) Required?!?


We're developing a site (in Joomla) for a client that will have a basic shopping cart as well as a simple donations form. They are using as the payment gateway for both, and the components we're using have built-in support for this. Part of the reason for using was to avoid all the crazy PCI compliance issues that would come up with other processes.


But they need to also accept eCheck payments for their donations. The donations software we're using ( does include support for So all of the required fields for an eCheck donation are preset and working fine.


But apparently, in order for our client to accept eCheck payments, the process must be NACHA compliant. And for web transactions, this appears to mean that a screenshot of the payment form must be captured when the end-user hits the 'Submit' button and stored by the merchant (our client) for up to 2 years.


I've been searching around, even on these forums, and do not see much of anything describing how technically this process is possible or works. So if this is an absolute requirement for anyone in the US to take eCheck payments online, I'm puzzled why it's so hard to find examples or details on how to do this.


- Can anyone help me understand what exactly really needs to happen here for our donations form?


- Can anyone direct me to any software solutions that show this in action so we can see this?


Our form (which is still in development, so we appreciate all discretion here) can be found here: Donation Form.


Thanks a lot!




Can you supply a link to the applicable regulations?



Here's a link to the PDF that the eCheck/ underwriters forwarded to us:


And here's something else from with slightly different (and more vague) language (check page 19):


Thanks for any help! I'm really puzzled by what this is asking for. It just doesn't seem correct/proper.

They can't possibly mean an actual screenshot. I'm guessing some idiot at Cybersource wrote screenshot when the real requirement is just information retention. From the pdf:


All authorizations must be retained by the merchant for two (2) years after the
completion of a transaction, the completion of a final recurring transaction or after the
revocation of payment authorization... For authentications made over the telephone or via the
Internet, the merchant must retain a copy of the authorization and a record of the


It says "record", not "screenshot". Images are for physical checks, not eChecks.

Thanks for the response. Yes, I was thinking it couldn't be possible either.


But it does state this, and when I spoke with someone in their underwriting department he seemed to confirm this. I'm still waiting to speak with someone else about it, though. So without anything else more concrete, I'm kind of stuck.


But if this is not the way complicance is achieved, there must be a somewhat common way that it IS achieved. So can anyone point me to some good working examples of eCheck payments implementation that passes's 'interpretation' of NACHA compliance??? Does anyone actually do eCheck payments???



If you browse down through the posts far enough, you should find some about eCheck. Not many - but enough.

OK, I've searched these forums for 'eCheck NACHA' and 'eCheck compliance'. Nothing. All the threads I read are about getting the form setup properly or getting it to work with a testing environment (we're not even to that stage yet).


The frustrating thing is that this is where the people said we would have to search for help, as they were not able to give any more specific help here. But I would guess anyone using eCheck with had to get the same compliance request that we did, as they say it's a national standard. So either every other person just got it and I'm completely lost here, or we got a crazy standard that nobody else has to adhere to.



I want to let you know that I don't have a solid answer for you at the moment, but I've reached out to our underwriting team internally to see if I can find the original source of language you are being given.  I do understand the technical impracticality of taking a screenshot of your customer's screen, so I'll be sure to let you know as soon as I have some more information.



I have the same question, is there any update or detail documentation regarding this?


I have called the support desk and was told that the screenshot requirement is taken care by the api and nothing needs to be implemented on the web application form or process page. Is this statement valid?

The Authorize.Net API definitely does not obsolve you from following the NACHA requirements, it certainly does not retain any screenshots.  Unfortunately, the only advice that I Can provide in regards to the wording is that it is wording provided by NACHA themselves and not something that was written by Authorize.Net.