What is ACH Payment Tokenization?
ACH Payment Tokenization replaces sensitive account and routing number data with a random string of alpha-numeric data. This data is called a reference token and is stored in lieu of full sensitive data.
When the bank account is future billed, the token is sent. The ACH processor has the full account and routing number securely stored and using the matching token, processes the ACH transaction.
In contrast to the credit card processing world, ACH payment transactions were not mandated to be tokenized, rendering the sensitive data unreadable.
While it's definitely a best practice to protect sensitive data, it has only recently become a mandate from NACHA that security measures be put in place.
ACH datapoints consist of a bank account number and routing #. The routing # identifies the consumer or businesses bank.
The new NACHA mandate requires that these numbers be replaced with a reference token. The token is then stored with the customer data and when payment is collected or disbursed the reference token is sent as part of the transaction string. The ACH tokenization gateway has the full account and routing #'s vaulted.