Graduation Year


Document Type




Degree Granting Department

Business Administration

Major Professor

Carol Saunders, Ph.D.

Co-Major Professor

Gert-Jan d. Vreede, Ph.D.

Committee Member

Alan R. Hevner, Ph.D.

Committee Member

Matthew Mullarkey, Ph.D.


ACH, Payments, Simulation, Arena, Design Science Research (DSR), NACHA, ODFI, RDFI, Modeling


Since its beginnings in 1974, the Automated Clearing House (ACH) network has grown into one of the largest, safest, and most efficient payment systems in the world. An ACH transaction is an electronic funds transfer between bank accounts using a batch processing system.

Currently, the ACH Network moves almost $43 trillion and 25 billion electronic financial transactions each year. With the increasing movement toward an electronic, interconnected and mobile infrastructure, it is critical that electronic payments work safely and efficiently for all users. ACH transactions carry sensitive data, such as a consumer's name, account number, tax identification number, account holder name, address, or social security number.

ACH fraud consists of the theft of funds through the Automated Clearing House financial transaction network (Accounts Receivable & Order-to-Cash Network, 2012). If the transactions are intercepted by fraudulent activities, either during transit or during rest, the sensitive customer data can be used to steal the transferred funds, which can cause financial and reputational damage to ACH network participants and consumers.

Even though the National Automated Clearing House Association (NACHA) requires ACH participants to use commercially reasonable encryption and authentication procedures, the risks associated with employee error or negligence, physical theft, and insider theft of data remain substantial. The ACH network that handles 40 billion transactions annually has consumer and corporate financial information. As the ACH network emerges as a prominent payment channel, proactive steps must be taken to guarantee consumer safety.

The primary research question “How can opportunities to commit ACH fraud by insiders be inhibited by masking sensitive data in the ACH transactions life cycle?” is addressed employing design science research methodology with special focus on this specific question: Will use of Multi-step tokens in life cycle of ACH transactions lower the risk of sensitive data exposure?

To demonstrate the extent to which the Multi-step tokens in the life cycle of ACH transactions lower the risk of sensitive data exposure, the following two sub-questions will be answered:

• How to model and simulate sensitive data exposure risk in current ACH transaction life cycle?

• How to model and simulate sensitive data exposure risk in the multi-step tokenized ACH transaction life cycle?

The research findings through proof of concept simulations confirm that sensitive consumer personal identifiable information shared in ACH network can be made more secure from insider threat opportunities by multi-step tokenization of ACH data. In the to-be system, the real account number will not be used to post the actual financial transaction. Only tokenized account number will be used by RDFI (Receiving Depository Financial Institution) to post the financial transaction. Even if the ODFI (Originating Depository Financial Institution) initiate the financial transaction using real account number, RDFI will reject the transaction back to the originator to resend the transaction using the token value. For the same account number, RDFI will have different token values based on SEC (Standard Entry Class) code, origin, ODFI, transaction type etc. The account token value will be generated only if ODFI sends a token request separately to RDFI in a multi-step manner.

The research findings suggest that multi-step tokenization can be used to generate and validate unique transaction path as a function of the transaction origin number, originating depository financial institution, Standard Entry class, Receiving depository financial institution and account number. Even if the account or token value gets misplaced, the data will be of no use to the person having the information. The cipher can be further strengthened by including additional unique ACH data elements. The findings stem from proof of concept development and testing of conceptual, empirical and simulated models of current ACH network, insider breach scenarios, and multi-step tokenized systems. The study findings were augmented by running different model scenarios and comparing the outputs for breaches, network traffic and costs. The study findings conclude with an implementation proposal of the findings in the ACH network and opportunities for further research on the topic.