AUTHORIZATION - As a duly authorized representative for the Company named above, I authorize the account above to be debited and/or credited by PROCESSOR according to the ACH Agreement Terms and Conditions. I further authorize PROCESSOR to process electronic funds transfers as a Third-Party Processor through the account listed above. This authorization is also applicable for any new account information to PROCESSOR at least 10 days prior to closing or changing the above account.

CONSUMER CREDIT INQUIRIES - Credit reports may be made in connection with this application and, if the application is approved, may be later ordered for the continued credit monitoring of this account.
Applicant(s) authorize PROCESSOR or its agents to investigate information provided from the Company, or any of the above principals in accordance herewith.

AUTOMATED CLEARING HOUSE PROCESSING - PROCESSOR and Client have contracted for PROCESSOR to provide Automated Clearing House (“ACH”) services as a third-party processor of ACH transactions. These transactions will settle to a financial institution used by PROCESSOR who will be acting as the Originating Depository Financial Institution (“ODFI”). PROCESSOR will debit funds (“Debit Entry”) for the purpose of collecting Automatic Payments from the accounts of the Client’s customers (“Receivers”) and/or credit funds (“Credit Entry”) for the purpose of paying the Client in accordance with the terms of this agreement, the Operating Rules (“Rules”) of the National Automated Clearing House Association (“NACHA”), the Uniform Commercial Code (UCC) and UCC Section 4A for CCD entries, and applicable Federal regulations (“Regulations”) governing ACH transactions and the laws of the United States. The terms and conditions of this Agreement do not limit Client’s obligation to comply with the Rules. “Entry” or “Entries” shall mean either a Credit Entry or a Debit Entry. Uniform Commercial Code Article 4A (UCC-4A) Disclosure. Regarding the origination of “wholesale credit” Entries, (defined as incoming corporate ACH credit transfers containing Standard Entry Class Code “CCD”), the following disclosure is provided: 1. the Entry may be transmitted through the ACH; 2. the rights and obligations of the Originator concerning the Entry shall be governed by and construed in accordance with the laws of the State of Florida; 3. credit given by the RDFI to the Receiver for the Entry is provisional until the RDFI has received final settlement through a Federal Reserve Bank or otherwise has received payment as provided for in Section 4A-403(a) of the UCC Article 4A; and 4. If the RDFI does not receive such payment for the Entry, the RDFI is entitled to a refund from the Receiver’s in the amount of the credit to the Receiver’s account, and the Originator will not be considered to have paid the amount of the credit Entry to the Receiver.


ACH TRANSACTIONS: Client agrees to review and comply with the ACH rules as specified in an attachment to this document, and as amended by the National Automated Clearing House Association or the Federal Reserve board of Governors. The PROCESSOR relies on information submitted by the client being accurate and authorized. Client agrees to indemnify PROCESSOR for any losses, liabilities, costs, or expenses suffered or incurred as a result of the breach of these representations and warranties.
Consumer transactions are subject to return for up to sixty (60) days.

AUTHORIZATION: Some ACH transactions require written authorization. For these transactions, Client agrees to obtain authorization from Receiver prior to debiting the Receiver’s account. Client will maintain copies of the authorizations for a period of two years from the termination or revocation of the authorization.

PRE-NOTIFICATION: Pre-notes must be sent 10 days in advance of first debit or credit to customer’s account to ensure bank account information is correct.

REPRESENTATIONS: Client represents and warrants with respect to all Entries originated by PROCESSOR for the client that (1) each Receiver has authorized the debiting and/or crediting of its account, (2) each Entry is for an amount agreed to by the Receiver, and (3) each Entry is in all other respects properly authorized. Client agrees to indemnify PROCESSOR for any losses, liabilities, costs, or expenses suffered or incurred as a result of the breach of these representations and warranties. Items returned insufficient funds (R01) or uncollected funds (R09) may be resent a maximum of two additionaltimes.

IDENTIFYING NUMBERS: Client understands that PROCESSOR may rely solely on identifying numbers provided by the Client to determine the bank and account of a Receiver even if the numbers identify a bank or account holder different from the one identified by the Client by name. Client will indemnify PROCESSOR for any losses, liabilities, costs, or expenses suffered or incurred because of an incorrect account of other identifications.

OWNERSHIP. The applicant agrees to immediately notify PROCESSOR of any change in ownership or control of the applicant during the term of this agreement.

REGULATORY COMPLIANCE. Client bears the final responsibility to ensure that the Client’s policies and procedures meet the requirements of the NACHA Rules and Regulations and PCI DSS. Client is encouraged to consult counsel regarding compliance with authorization and payment procedures whenever there is any doubt about compliance. To ensure the security of Client’s cardholder data, PROCESSOR will maintain compliance to all applicable PCI DSS requirements to the extent that PROCESSOR processes, stores, or transmits Client provided cardholder data. PROCESSOR has the right to audit Client’s compliance with NACHA Rules.

NOTICE OF ERRONEOUS UNAUTHORIZED TRANSFERS. Client agrees to promptly and regularly review all entries and other communication received from PROCESSOR and to immediately notify PROCESSOR if there are any discrepancies between Client’s records and those provided by PROCESSOR, the ODFI or your bank, or with respect to any transfer not authorized by CLIENT. If Client fails to notify PROCESSOR within 7 days of the date PROCESSOR mails or otherwise provides a statement of account or other report of activity to Client, then the Client will be responsible for all losses or other costs associated with any erroneous or unauthorized transfer.

POP TRANSACTIONS: Client agrees to have the consumer complete any check, even though it is being electronically converted. This allows for the check to be processed as a Check 21 item if necessary as well as providing additional information should Client need it for secondary collection efforts.

CHECK 21. Client acknowledges that some incoming checks are ineligible for processing though the Automated Clearing House (ACH) and require processing as a paper check. PROCESSOR can process these items through image exchange or image replacement documents (IRD’s), depending on the capabilities of the financial institutions involved. Client agrees to have PROCESSOR process items that are ineligible for the ACH on its behalf. Client will have funds deposited into its account (10) banking days after the item is processed.

Client also agrees to immediately reimburse PROCESSOR or for any non-ACH item returned upon notification by an authorized representative of the PROCESSOR or as otherwise negotiated in this agreement.

ACCOUNT REVIEWS. Client agrees that the processing account may be reviewed at least annually, and the Client may be required to provide a photo ID upon account review, or any account change requests.


ACCEPTING TRANSACTIONS. PROCESSOR will only be responsible for processing Entries that have arrived at our premises in proper format and on a timely basis. PROCESSOR will advise client of any applicable cut- off time. Client does not have the right to cancel or amend any Entry after submission to the ACH.

ORIGINATING TRANSACTIONS. PROCESSOR will use the information provided by the Client to originate Entries to the ACH. Client acknowledges understanding that PROCESSOR may reject Entries for any reason permitted or required in the Rules or Regulations. Client also understands that an Entry may be rejected if the Entry would cause PROCESSOR to violate any Federal Reserve or other regulatory risk control program or any other law or regulation. At Client’s request, PROCESSOR will make reasonable efforts to reverse, modify, or delete an Entry, but will have no responsibility for the failure to comply with that request. All requests must be made in writing and faxed, delivered, or mailed to PROCESSOR.

RETURNED ENTRIES AND NOCS. PROCESSOR will apply returned entries to Client’s account when they are received. PROCESSOR will create and make available to the Client a report containing detailed information about returned Entries. If the Client requests that the returned Entries be provided electronically, PROCESSOR may do so according to the rules and regulations regarding those transactions.

SETTLEMENTS AND FINALITY. Client’s account will settle in the number of business days stated following the effective date of Entries originated. If any Entry is returned beyond this settlement, PROCESSOR will at PROCESSOR’s discretion, either apply the debit to the current day’s settlement, or debit the Client’s account for the amount of the returned Entry plus associated fees.

LIMITS OF LIABILITY. PROCESSOR will be responsible for the performance of ACH services as a Third-Party Processor in accordance with the terms of this Agreement and the Rules and Regulations. PROCESSOR will not accept responsibility for errors, acts, or failure to act by others, including but not limited to, banks communications common carriers or clearing houses through which Entries may be passed and/or originated. PROCESSOR will not be responsible for any loss, liability or delay caused by fires, earthquakes, war, civil disturbances, power surges or failures, acts of governments, labor disputes, failures in communication networks, legal constraints, or other events beyond the control of PROCESSOR.

REFUNDS. PROCESSOR will refund moneys to an account holder claiming unauthorized transaction. Company shall provide proper authorization to PROCESSOR upon request from PROCESSOR. Failing to provide proper authorization in 48 hours will result in a fine of $100.00 per un-provided authorization.

INFORMATION CHANGE. In order to allow proper processing time, any new account information, i.e., Financial Institution details, payment schedule, etc., must be provided to PROCESSOR at least 15 days prior to closing or changing the account(s) above.


Either party may cancel this agreement with 60 days written notice to above company, allowing the completion of prior transactions, which may be in process. Prior transactions will not be affected by cancellation of this agreement. This agreement will renew each anniversary unless directed in writing. PROCESSOR may cancel at any time in the event of breach. PROCESSOR may cancel or suspend this agreement at any time for breach of the Nacha Rules in a manner that permits PROCESSOR or ODFI to comply with the Nacha Rules.


FEES AND PAYMENT. PROCESSOR will notify Client in writing of fees due for services rendered. Any changes to the existing fee structure as stated in this Agreement must be made in writing to the Client with 30-day notice. Client has the right to cancel the agreement in writing at that time. Client also agrees to provide PROCESSOR the information necessary to ACH debit Client’s account(s) for fees due and authorizes PROCESSOR to debit said account 10 days after invoice date.

SECONDARY COLLECTIONS. Client may choose to send items uncollected by PROCESSOR to PROCESSOR’s secondary collection agent. Client understands that only the collected face value of the item will be reimbursed and that there is no rebate on items collected by the secondary collections agent.

VOLUME ANALYSIS. PROCESSOR will routinely analyze Client origination and return activity. In the event the Client exceeds its established threshold parameters or ceases to do business with PROCESSOR, PROCESSOR shall have the right at any time to place a percentage of the provisional or final credit provided to Client for each Debit Entry originated by it in Escrow for a period of 180 days after the last return.

CONFIDENTIALITY. Each party represents, warrants, and mutually agrees that all information concerning the other party which comes into its possession during the term of this Agreement shall be maintained as confidential and shall not be used or divulged to any other party except as necessary to permit the activities contemplated under this Agreement or as required by law.

GOVERNING LAW. This Agreement is governed by, and shall be construed under, the laws of the State of Florida without regard for the principals and conflicts of law. Any award may include an award for attorney fees and costs. All controversies, claims, disputes, and matters in question arising out of, or related to, this Agreement or any breach of this Agreement, or the relations between the parties to this Agreement shall be decided by arbitration by a single arbitrator in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The parties agree that the arbitration shall take place exclusively in Lee County, Florida, and shall be governed by the law of the State of Florida. Any award rendered by the arbitrator shall be final, and judgment may be entered upon it in accordance with applicable law in any court having jurisdiction thereof, including a federal district court, pursuant to the Federal Arbitration Act. The arbitrator may grant injunctive relief, including mandatory injunctive relief, to protect the rights of a party, but shall not be limited to such relief. This arbitration provision shall not preclude a party from seeking temporary or preliminary injunctive relief in a court of law to protect its rights, nor shall the filing of such an action constitute any waiver of its rights to arbitrate. In connection with the arbitration of any dispute between the parties to this Agreement, each party may utilize all methods of discovery authorized by the Federal and Florida Rules of Civil Procedure. The arbitrator shall award the expense of arbitration, including all reasonable attorneys’ fees and costs, to the prevailing in such proceeding.

AGREEMENT MODIFICATION AND TERM. Notice will be made in writing before this agreement can be modified. Use of services after any such modification will evidence acceptance of the modification(s). Agreements may be terminated at any time with 60 days written notice. Any termination will not affect the rights or obligations of either party arising before termination of this Agreement.

DAMAGE WAIVER. PROCESSOR will not be liable to the Client for any special, consequential, indirect, or punitive damages, whether or not (1) any claim for these damages is based on tort or contract law or, (2) either party knew or should have known the likelihood of these damages in any situation. PROCESSOR makes no representations or warranties other than those expressly made in this Agreement.

RESERVE. PROCESSOR may require a Reserve Deposit placed in escrow. This deposit will remain in escrow for a period of 90 business days following the last debit transaction initiated by PROCESSOR. Client acknowledges that no amount of this escrow account will be refunded until such time that this Agreement is terminated. For the purpose of funding the Reserve, PROCESSOR agrees to deduct the amount as stated under Reserve Deposit.

RIGHT OF SETOFF. Subject to applicable law, PROCESSOR may exercise its Right of Setoff or Security Interest against any and all collected funds, for any liability or debt of Client, whether joint or individual, whether direct or contingent, whether now or hereafter existing, and whether arising from overdrafts, returns, reversals, ACH credits, endorsements, guarantees, loans, attachments, garnishments, levies, attorney’s fees, or other obligations. All parties to this Agreement now and in the future authorize PROCESSOR to exercise its Right of Setoff against any and all collected funds, as well as any account made available to PROCESSOR through any agreements made between Client and PROCESSOR.

ENTIRE AGREEMENT. This Agreement makes up the entire Agreement between the parties concerning ACH services. If any provision of this Agreement is deemed unenforceable, the remaining provisions shall still be enforceable. There are no third-party beneficiaries of this Agreement.

  • Privacy Compliance / Data Security / Customer Information. “Customer Information” means nonpublic personal information of an individual Customer or former Customer of Client. Personal information includes but is not limited to telephone numbers, account numbers, customer lists,personal data, and demographic, financial and transaction information (either tied to a Customer of Client or in the aggregate), which, LLC (dba “iCG Pay”) may receive from Client, or from other sources on Client’s behalf, in the course of iCG Pay’s provision of Services to Client. In accordance with applicable privacy laws including but not limited to the Gramm-Leach-Bliley Act of 1999, the Health Insurance Portability and Accountability Act of 1996, the Fair Credit Reporting Act and any applicable state law regarding the protection of nonpublic information (the “Privacy Rules”), the parties agree as follows:
    • iCG Pay understands and agrees that all “nonpublic personal information” as defined in the Privacy Rules, related to any individual Customers, or former Customers of Client (collectively the “Customer Information”) is highly confidential. iCG Pay agrees to maintain the confidentiality of all Customer Information, whether in paper, electronic, or other form, that it receives from Client, or that it handles, maintains, processes, or otherwise is permitted access to or possession of, by or on behalf of Client or its affiliates, through its provision of services directly to Client. iCG Pay agrees that it is prohibited from disclosing or using Customer Information for any purposes other than (i) to carry out the terms of the Agreement, or (ii) under any exception under the Privacy Rules in the ordinary course of business while carrying out the terms of the Agreement.
    • iCG Pay agrees to establish and maintain reasonable and appropriate Customer Information security measures in accordance with industry standards, including disaster recovery and business continuity measures in accordance with industry standards, namely: (i) to ensure the security and confidentiality of Customer Information; (ii) to protect against any anticipated threats or hazards to the security or integrity of Customer Information; (iii) to protect against unauthorized access to or use of Customer Information that could result in substantial harm or inconvenience to Customers, or former Customers of Client, and (iv) to ensure the proper disposal of Customer Information. iCG Pay agrees to use its best efforts to ensure the security, confidentiality, and integrity of Customer Information, including instituting reasonable and appropriate measures to prevent unauthorized access to or possession of Customer Information by its employees and agents. iCG Pay will instruct its employees and agents that they are not permitted access to or possession of any Customer Information, except as may be necessary to perform their jobs, and that they may not copy, borrow, take, or use any Customer Information to which they may have access.
    • iCG Pay shall at all times during the term of the Agreement be in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”). During the term of the Agreement, iCG Pay agrees that Client may no more than once in any Twelve (12) month period during regular business hours and after reasonable prior notice, audit iCG Pay’s operations to determine compliance with PCI DSS and the terms of this Addendum, which audits may include on-site visits of iCG Pay’s premises and testing of its Customer Information systems, including penetration testing by Client or its agents. In addition, iCG Pay agrees that Client has the right to review and receive copies of any internal or external audits, summaries of test results, or other equivalent evaluations of iCG Pay’s Customer Information security measures. iCG Pay will reasonably cooperate with Client in its monitoring and audit activities, and Client will attempt to minimize any disruption of iCG Pay’s operations that might result from such activities. As an alternative to the above audit and monitoring provisions, iCG Pay shall submit to Client its annual Statement on Standards for Attestation Engagements 18, Type II (SSAE 18 Type II) report. Should any SSAE 18 Type II report disclose any material exceptions or weaknesses in iCG Pay’s data security systems, controls, practices, regulatory compliance or disaster recovery, Client may conduct additional auditing as provided in this Agreement.
    • As a part of its Customer Information security measures, iCG Pay agrees that it will establish and maintain an incident response plan that is designed to promptly investigate and respond to any compromise or suspected compromise of the confidentiality, security, or integrity of any Customer Information that it receives from Client, or that it handles, maintains, processes, or otherwise is permitted access to or possession of, by or on behalf of Client or its affiliates, pursuant to the Agreement (“security breach”). iCG Pay agrees that if a security breach occurs that, after assessment, results in or possibly could result in the unauthorized disclosure or use of, or any other compromise of, any Customer Information, that iCG Pay will immediately notify Client of the nature and extent of the security breach, including a complete description of the Customer Information that was or may have been affected by the security breach, and of the corrective actions taken, or to be taken, to respond to the security breach and to prevent future repetitions. iCG Pay shall provide to Client any forensic evidence relating to the security breach that Client shall request. iCG Pay shall cooperate with Client in investigating any security breach, and in timely notifying all of the individuals who are related to the Customer Information that was or may have been affected by the security breach, as required by applicable federal, state, or local laws and regulations. Notwithstanding any limitations contained elsewhere in this Agreement, iCG Pay shall indemnify, protect, and hold Client and its employees and agents harmless from and against any and all liabilities, penalties, claims, damages, settlement amounts, attorneys fees and costs, and any other costs or expenses that arise from or that are related to any security breach, including without limitation, any notifications of, or third-party services that are offered or provided to, any of the individuals who are related to the Customer Information that was or may have been affected by the security breach.
    • “Regulatory Authority” means any federal, state, or local regulatory agency or other governmental agency or authority having jurisdiction over iCG Pay or Client. iCG Pay and Client each agree to submit to any examination that may be required by a Regulatory Authority having jurisdiction over the other party, during regular business hours and after reasonable notice, and to otherwise cooperate with the other party in responding to such Regulatory Authority’s inquiries and requests relating to iCG Pay’s performance under the Agreement and this Section. Each party shall bear its own fees, costs, and expenses that it may incur in connection with any examination, inquiries, or requests by a Regulatory Authority.
All of the foregoing provisions of this Section shall survive the termination of the Agreement.
  • Confidentiality and Nondisclosure Obligations of Subcontractors. If iCG Pay utilizes a subcontractor that maintains or has access to Customer Information, iCG Pay shall obtain contractual confidentiality and nondisclosure obligations consistent with the terms hereof.
  • Vulnerabilities, Risks and Threats. iCG Pay shall use diligent efforts to identify vulnerabilities, risks and security threats related to the Services as early as possible at any time during the term of this Agreement. iCG Pay shall conduct an analysis of the most common vulnerabilities, risks and security threats related to the Services and document in writing that the risk of same has been mitigated. iCG Pay shall conduct risk assessment(s) to determine and prioritize risks, enumerate vulnerabilities, and understand the impact that particular security attacks might have on the Services to ensure that iCG Pay meets applicable contractual obligations, regulatory mandates and security best practices and standards. Upon request by Client iCG Pay shall share with Client in writing all security relevant information regarding the vulnerabilities, risks, and threats to the Services immediately and completely upon identification. Such security documentation shall describe security design, risk analysis, and/or mitigation issues.
ACH Processing Services

PROOF OF AUTHORIZATION: According to Nacha Rules, the Merchant is required to have and retain evidence that the Customer authorized the payment. This proof of authorization can be in the form of a written agreement signed by the Customer, a voice recording verifying a verbal authorization for a TEL transaction, an email confirmation sent to the Customer prior to the effective date of the debit, or a digital copy of the payment details supplied by the customer over the Internet indicating authorization when the transaction is initiated online for WEB transactions. All proof of authorizations must be maintained for a period of two years from the termination or revocation of the authorization. You must be able to provide proof of authorization upon request within 7 business days.

DEBIT WEB ENTRIES: According to Nacha Rules, the Merchant who processes debit WEB entries is required to establish a commercially reasonable fraudulent detection system to screen debit WEB entries that, at a minimum, validate the account to be debited for the first use of the account number and for any subsequent changes to the account number; verify the identity of the customer; and verify that the routing number used in the debit WEB entry is valid.

DEBIT WEB ANNUAL AUDIT: According to Nacha Rules, the Merchant who processes debit WEB entries is required to conduct, or have conducted on its behalf, annual audits to ensure that the Customers’ financial information is protected by security practices and procedures that include, at a minimum, adequate levels of physical security to protect against theft, tampering, or damage; personnel and access controls to protect against unauthorized access and use; and network security to ensure secure capture, storage and distribution.

Last modified on December 19, 2023.