In an effort to reduce fraud, Nacha is tightening the rules in 2026 for ACH transactions, especially credit-push scams in which criminals trick legitimate account holders into authorizing payments under false pretenses.
These new requirements represent one of the most significant fraud prevention shifts in recent years. They will impact businesses, payment processers and financial institutions.
Q2 is uniquely positioned to help financial institutions prepare, with a multi-layered fraud prevention strategy that combines monitoring, anomaly detection, reporting, and identity verification.
In March 2026, Nacha will begin phasing in new fraud monitoring expectations for ACH participants. The intent is to strengthen the industry’s ability to detect and respond to suspicious or deceptive activity earlier in the payment lifecycle.
These updates do not require every ACH transaction to be monitored individually or mandate the use of any specific technology. Instead, Nacha expects participants to implement documented, risk-based processes that reflect their size, transaction volume, and risk exposure.
Here’s how that applies across the ACH network:
One of the most notable updates in Nacha’s 2026 rules is the expanded definition of fraud, which now include payments made under false pretenses. These are situations in which a legitimate sender is deceived into authorizing a transaction.
Examples of false pretenses include:
These examples illustrate Nacha’s broadened view of fraud risk, but they are not new rule categories or separate compliance mandates. Institutions are expected to incorporate these risk types into their broader fraud management programs through documented, risk-based procedures.
Q2’s fraud prevention solutions, including behavioral analytics, anomaly detection, and transaction monitoring, help financial institutions identify patterns that may indicate deception or false-pretense activity before losses occur.
| Date | Who Must Comply | Requirement |
| March 20, 2026 (Phase 1) |
ODFIs and Originators/TPSs/TPSPs with 6M+ originated entries in 2023. RDFIs with 10M+ received entries in 2023 |
Establish and document risk-based fraud monitoring processes |
| June 19, 2026 (Phase 2) | All ODFIs, Originators, TPSs/TPSPs, and RDFIs, regardless of ACH volume | Risk-based fraud monitoring required for all ACH activity |
Proactive fraud detection: This moves the ACH network toward continuous, risk-based monitoring.
Enhanced recovery potential: Earlier detection increases the likelihood of intercepting fraudulent transactions.
Higher industry standards: This establishes a uniform baseline for fraud prevention expectations across all ACH participants.
Q2’s comprehensive fraud monitoring framework is already designed to align with Nacha’s evolving requirements and support institutions in developing their own documented risk-based procedures. Here’s how:
Together, these capabilities give institutions flexible tools to support Nacha’s evolving fraud monitoring expectations without prescribing a specific technology path.
Here’s what your institution needs to do to make sure you’re prepared for the upcoming Nacha changes.
As Nacha’s 2026 rules take effect, financial institutions face heightened expectations for proactive, risk-based fraud monitoring.
Q2 is ready to help with layered fraud prevention, behavioral analytics, and monitoring capabilities institutions need to meet Nacha’s standards and strengthen customer trust and security.
Click here to learn more about Q2’s suite of fraud solutions.
If you’re a current Q2 customer, register here to join our Nov. 21 Innovation Series webinar, in which we discuss how Centrix ACH Processing and Risk Management (PIQS) can help you stay ahead of the Nacha rule changes.