When accepting payroll change requests via email, what procedures do you have in place to ensure the changes aren’t fraudulent? Do you call to verify with your client they intended to make those payroll changes? If not, you could be setting yourself up for fraud losses in the future.

The number one reason we see companies fall victim to fraud is when a payroll change request was sent via email and was not verified. One of the most important steps you can take is to CALL and verify the changes. We know everyone is busy, but this small step could save you thousands of dollars.

Please take some time to review the information and ensure your staff is verifying each payroll change request. It takes all of us to do our due diligence to help prevent fraud.

As always, fraud resources are available on the Help page after you have logged in to Kotapay.com.

Brian Dresser
Fraud Specialist


Updated Company Authorization Agreement

The Company Authorization Agreement has been updated. Please ensure you are using the most updated version, dated 3/22 on page two. Older versions of this agreement will no longer be accepted after April 29th, 2022.


Upcoming Holiday Hours and Non-Processing Days

DateHours of OperationProcessing Notes
Monday, May 30th
Memorial Day
CLOSEDACH transactions cannot be dated for May 30th.

KotaConnect has replaced Jolokia

KotaConnect 

With the launch of KotaConnect in 2021, Jolokia will be sunset on April 1st, 2022.

KotaConnect is an easy-to-use web-based payment portal to manage your ACH and credit card transactions in one place. Learn more about using KotaConnect for ACH and credit card payments. We’re always looking to improve so please feel free to leave us a comment on KotaConnect.

We’re continuously looking to improve KotaConnect so please reach out to our Support Department with any improvements or features you would like to see.


Understanding SEC Codes -

SEC codes are a three-letter code within the Nacha file that describes the type of transaction utilizing the ACH network and the rules associated with each SEC code. It’s important that your transactions are coded correctly. As a reminder:

  • When depositing to a Consumer/Individual Account, the correct SEC code is PPD
    • Transaction types include: payroll, including 1099 employees with a consumer account
  • When depositing to a Company/Corporate Account, the correct SEC code is CCD
    • Transaction types include: vendor payments or tax payments

For more information, Learn more here or by watching a short video.


Pay key on keyboard 

Want to accept payments from your website? Add a pay now button to your website

Kotapay will design and build a custom payment portal to allow you to accept credit card or ACH payments via your website. Get started!



New Return Fees for Company Debit Returns

Effective May 1st, 2022, the following return codes will incur additional fees for company debit returns:

R02 Account ClosedR13 Invalid Routing Number
R04 Invalid AccountR20 Non Transaction Account
R08 Stop PaymentR29 Unauthorized Debit
R10 Unauthorized 

The returns listed are similar in nature to an R01 (NSF/Insufficient Funds), in that funds were disbursed by Kotapay prior to receipt of a return. Like an R01, the fees assessed are: First occurrence $25, Second occurrence $50, Third occurrence $100. Each occurrence is also charged a 23% annual rate for the number of days Kotapay is out the funds.


Nacha Rules Updates

  • Same Day ACH dollar limit increased to $1 million per payment went into effect March 18th
  • Supplementing Data Security Requirements (Phase 2) requires companies who send over 2 million ACH payments per year to protect account information by rendering them unreadable when stored electronically. Learn more about this rule by visiting the Nacha website.
    • Effective June 30th, 2022
  • Micro-Entries: this rule defines and standardizes the practice and formatting of micro-entries. Micro-entries are defined as ACH credits of less than $1 and any offsetting ACH debits used to verify a Receiver’s account
    • Phase 1 is effective September 16th, 2022. Originators will be required to use the standard Company Entry Description.
    • Phase 2 is effective March 17th, 2023. Originators will be required to use commercially reasonable fraud detection.

Fraud Corner: Email Red Flag Training

Learn how to help protect your business from potential fraud by knowing when to be extra cautious. Business Email Compromise (BEC) is a growing trend to be on the lookout for, especially when processing payroll for clients. Watch this video to learn how to spot red flags.

 Video