Every NACHA ACH entry carries a 3-letter Standard Entry Class (SEC) code that selects the rule-set, authorisation requirements, and permitted addenda records. The code is set by the originator at file creation and cannot be changed by intermediaries.
The codes that matter today: PPD (Prearranged Payment and Deposit) for consumer credits/debits with a signed paper or electronic authorisation — payroll, recurring billing. CCD (Cash Concentration or Disbursement) for corporate-to-corporate credits/debits, no consumer-protection rules. WEB (Internet-Initiated Entry) for debits authorised through a website — requires fraud detection and a session-bound authorisation record. TEL (Telephone-Initiated Entry) for debits authorised by phone — requires call recording or a written confirmation. IAT (International ACH Transaction) for any cross-border entry — adds OFAC-screening fields, the most complex SEC code, dual-domain addenda.
Each SEC code has its own addenda-record schema. CCD allows one 80-character addenda; CTX (Corporate Trade Exchange, a CCD variant) allows up to 9,999 addenda for full EDI 820 / 822 remittance. WEB requires an "INDIVIDUAL ID NUMBER" field that ties the entry to the website session log.
iso-compliant's NACHA coverage is Phase-3 scope. The likely mapping when shipped: pain.008 with consumer debtor → PPD, pain.008 with corporate debtor → CCD, pain.001 cross-border → IAT (with the OFAC-screening overhead). Today, US ACH integration is via a NACHA file emitter outside iso-compliant; the value here is the camt.053 ↔ NACHA Return-Reason mapping inside the reconciliation engine.
Not yet implemented in iso-compliant; see FUTURES.md (Phase 3 — US ACH) for the roadmap context.