NACHA Raised the Bar on Identity Verification. Proof Already Cleared It.
NACHA Phase 2's False Pretenses mandate hits every mid-market recordkeeper on June 22 - and IAL2-compliant, real-time identity verification is the compliance floor. Proof is the only platform where every identity session becomes ODFI-defensible audit evidence.
AI scaled fraud. Analog controls have not caught up.
217%
ATO volume growth in the last 4 years
Projected regulatory penalties in 2026
Average fraudulent disbursement, deliberately below thresholds
Regulatory penalty surge since 2022
The tools most firms rely on were built for a different threat.
Knowledge-based authentication
Confirms that someone knows certain information. Does not confirm who is actually initiating the transaction.
eSign and generic RON
Verifies a signature, not the identity behind it. Falls short of the biometric binding and government ID match NACHA Phase 2 requires.
Manual review
Creates 48-72 hour blind spots. Produces no machine-readable audit evidence. Gives ODFIs nothing to examine under Phase 2 scrutiny.
The new compliance floor carries strict penalties.
Phase 1 activated March 20, 2026 for mega-recordkeepers. Phase 2 hits the entire mid-market on June 22 with no volume exceptions.
The mandate requires documented, auditable "Risk-Based Procedures" for identity verification. Knowledge-based authentication and "Best efforts" are no longer good enough - and penalties add up quickly.
Warning/Minor
Up to $1,000 for initial failure to document a process
Repeat/Significant
Up to $5,000 per occurrence
Egregious/Willful
Up to $500,000 per month for systemic failures that lead to high return rates or network risk
Under Phase 2, your ODFI bears direct legal liability for your fraud controls. Banks will audit your verification gaps and exit relationships with non-compliant originators. Loss of your ODFI relationship means loss of ACH access.
Identity verification built for the false pretenses mandate
Proof runs IAL2 identity verification across three execution layers, and every session generates ODFI-defensible audit evidence.
Identify
Proof cross-references government ID against facial biometrics before a transaction moves. Liveness detection defeats deepfakes in real time.
When a fraudster submits an impersonation request, the session flags it before money moves — and the evidence trail shows exactly what happened.
Verify
Every high-risk transaction runs through a live video session with a credentialed notary or verifier, replacing the manual callback process with an eight-minute digital experience your clients actually complete.
MISMO RON-compliant and accepted in all 50 states.
Certify
Session records are cryptographically signed to a verified identity, making them AI-proof and digitally verifiable.
Every ODFI auditor receives evidence that cannot be faked, altered, or disputed.
Defend
Every session generates an immutable recording with full audit metadata.
The evidence is timestamped, tamper-proof, and machine-readable for ODFI review.
79%
NIGO rate reduction
Savings opportunity with Proof
Processing speed, down from T+10
FA time recovered per transaction
Everything you need to comply before June 22
What Your Bank Will Ask: Readiness Checklist
The questions your ODFI auditors will ask, and what passing looks like.
Audit-Ready Playbook
A step-by-step implementation guide for Phase 2 compliance with Proof.
We've heard every objection.
Does knowledge-based authentication or SMS OTP satisfy the False Pretenses mandate?
No. NACHA's False Pretenses mandate requires active identity verification, not passive authentication. KBA and SMS OTP confirm device access. They do not verify the person initiating the transaction. NIST 800-63 IAL2 requires government ID verification and biometric binding. That is the compliance floor, and that is what Proof delivers.
What happens if we miss the June 22 deadline?
Phase 2 enforcement triggers on Day 1. Tier 1 penalties start at $1,000/day per violation and Tier 2 escalates to $2,500/day for repeat findings. Beyond the daily penalties, a NACHA violation triggers mandatory ODFI review of all your fraud controls. ODFIs can and will terminate originator relationships rather than absorb the regulatory liability themselves.
How quickly can Proof be implemented?
A two-week implementation pathway exists from first conversation to live IAL2 IDV deployment. Proof's platform is built for this window, and we have done it before.
We already have an eSign or RON solution. Does that satisfy Phase 2?
eSign workflows and generic RON platforms verify a signature, not an identity. NACHA Phase 2 requires documented identity verification at the transaction layer, including biometric binding, government ID matching, and an immutable session record. Proof is built to that standard. Most eSign and RON platforms are not.
What is ODFI exposure, specifically?
Your Originating Depository Financial Institution bears direct legal liability for your fraud controls under Phase 2. A NACHA audit finding requires your ODFI to review your entire fraud control stack. Banks will exit relationships with non-compliant originators rather than share that liability. Loss of your ODFI relationship means loss of ACH access and operational shutdown for all disbursement workflows.