EPA Dual Authorization
In order to better understand EPA Dual Authorization, you must first understand ACH Direct EPA. Please refer to pre-requisite documentation (page 31) called ACH Direct – Electronic Payment Authorization (EPA)
6.1 Overview of EPA Dual Authorization
Segregation of duties and additional operational controls are becoming increasingly important due the changing security climate surrounding electronic transactions. This changing climate places pressure on organizations to ensure that effective controls are in place and are being utilized through sound business practices.
ACH Direct offers Multiple-Level Authorizations for you to enhance your controls around preauthorization and approval of incoming debits presented against the corporate account.
Automated solutions, such as dual verification, provide multi-level controls to enhance security and risk management for ACH Direct users. This solution offers the ability to mitigate fraud and tracking tools to document these controls.
Required authorization is customizable. The need for secondary approvals can vary by transaction amount and/or individual user in accordance with internal Corporate Security and Risk requirements.
6.2 ACH Direct Email Notifications
Once the EPA Dual Authorization service is activated, you will receive event triggered email notifications. Each notification type is assigned a number, making it easy for you to identify the type of notification and any action that may be required.
Email notifications can be added or removed for a user by the Corporate Administrator for your organization, or you may contact your Treasury Service Payments Advisor to request adding or removing of email notifications.
6.3 How ACH Direct Dual Authorization Works
When authorizations are added, modified or deleted in ACH Direct and reject decisions are performed by one user, they are sent to a work queue to be approved by another user. ACH Direct Dual Authorizations offers two types of parameters that can be established for each associate:
- Level 1 – Can add, modify or delete authorizations and decision pending rejects; cannot approve those actions taken by others
- Level 2 – Can perform the actions of Level 1 and also can approve the actions taken by others (either Level 1 or Level 2 associates).
EPA Maximum Dollar Limit
The EPA Max Dollar Amount defined to an associate is the maximum transaction amount not requiring secondary approval for authorizations added, deleted or modified and for reject decisioning actions. Secondary approval action does not take into account the user’s EPA Maximum Dollar Limit.
6.4 How to Navigate through all sections under EPA
Under EPA, the following options are listed if you are an authorized user for EPA with Dual Authorization:
- Authorization – View, modify, delete and add authorizations (also known as filters) for pre-authorized debits. The status of the authorization is displayed, such as active or revoked. If a new authorization is created or an existing one is modified and it exceed the user’s maximum authorized amount; it will automatically move to the EPA verification queue for secondary approval.
- Reject Decisioning – List of all rejected transactions which require action (pending, refuse or accept). No action will result in the debit being returned unpaid. Once an item is accepted, when dual authorization is enabled, it will move to reject verification for secondary approval if the item exceeds established limits.
- EPA Verification – This tab will display all added, changed or deleted authorizations (filters) requiring secondary approval. A designated approver level 2 associate will take action here. User will select the item using the radio button and then either approve or deny the transaction.
- Reject Verification – Decisioned pending rejects requiring dual approval will be displayed here for approval by a designated level 2 associate. User will select the item using the radio button and then either approve or deny the transaction.
When enabling dual authorization, it is important to ensure the correct numbers of users are set-up to ensure coverage when assigned users are out of the office.
Consider critical holidays and times throughout the year where many users may not be available. Failure to appropriately plan in advance could result in an item being returned if dual approval did not occur in a timely fashion.
NOTE: On the initial set-up, all users will be set up as a Level 2 approver with $0.00 maximum authorization amount. These default settings will allow every user to perform secondary approvals, but will also require secondary approval for every action.