An electronic payment is a generic term for any process by which a payment of money is made electronically, without paper. There are many forms of electronic payments and each has its own set of compliance requirements. Credit card payments, payments made using the automated clearing house (ACH), electronic check payments, transfers initiated by telephone, transfers resulting from debit card transactions, prepaid card transactions and electronic check conversions (ECK) are all examples of electronic payments. Understanding the various compliance requirements associated with each is the first step toward effectively processing compliant electronic payment transactions.Electronic payments are governed by laws, regulations, guidance bulletins, standard setting organizations and judicial decisions:
- Electronic Fund Transfer Act (EFTA), 15 USC 1693 et seq. of 1978
- Regulation E, 12 CFR Part 1005
- Fair Debt Collection Practices Act (FDCPA), 15 U.S. Code § 1692
- Electronic Signatures in Global and National Commerce Act (E-Sign Act), 15 U.S.C. Ch. 96
- Consumer Financial Protection Bureau Guidance Bulletin Preauthorized Electronic Fund Transfers (CFPB Reg E Bulletin), Bulletin 2015-06
- Payment Card Industry (PCI) Data Security Standard, https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf
- National Automated Clearing House Association (NACHA), https://www.nacha.org/rules
- Prepaid Accounts under the Electronic Fund Transfer Act, CFPB Rules, Prepaid Accounts under the Electronic Fund Transfer Act (Regulation E) and the Truth In Lending Act (Regulation Z)https://www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/prepaid-accounts-under-electronic-fund-transfer-act-regulation-e-and-truth-lending-act-regulation-z/
The Electronic Fund Transfer Act and Reg E provide the following key definitions for the processing of electronic transfers from consumer asset accounts such as a checking or savings accounts and prepaid cards. The transfers occur across the automated clearing house network. Money is electronically taken from the consumer’s bank/asset account and deposited in the payee’s bank/asset account. The CFPB’s November 2015 Guidance Bulletin further interprets the application of the EFTA and Reg E to electronic fund transfers along with numerous judicial decisions and the Federal Reserve Board’s Staff Commentary
Electronic check conversion (ECK) transactions are transactions where a check, draft, or similar paper instrument is used as a source of information to initiate a one-time electronic fund transfer from a consumer’s account. The consumer must authorize the transfer. (12 CFR 1005.3(b) (2))
Electronic fund transfer (EFT) is a transfer of funds initiated through an electronic terminal, telephone, computer (including online banking) or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account. EFTs include, but are not limited to, point-of-sale (POS) transfers; automated teller machine (ATM) transfers; direct deposits or withdrawals of funds; transfers initiated by telephone; and transfers resulting from debit card transactions, whether or not initiated through an electronic terminal. (12 CFR 1005.3(b)).
General-use prepaid card is a card, code, or other device issued on a prepaid basis primarily for personal, family, or household purposes to a consumer in a specified amount, whether or not that amount may be increased or reloaded, in exchange for payment; and is redeemable upon presentation at multiple, unaffiliated merchants for goods or services, or that may be usable at automated teller machines (12 CFR 1005.20(a) (3)). See ‘‘Exclusions from gift card definition.’’ The CFPB passed new rules for prepaid account transactions in October of 2016. The new rules have staggered effective dates, October 2017 and October 2018 respectively and are presently under attack by Congress.
Preauthorized electronic fund transfer is an EFT authorized in advance to recur at substantially regular intervals (12 CFR 1005.2(k)). The person that obtains the authorization shall provide a copy to the consumer .12 CFR 1005.10(b).
Credit card payments are electronic payments but are not transfers of money. Credit card payments are regulated by the Payment Card Industry Security Standards Council, a standards setting organization. The Payment Card Industry Security Standards Council (PCI Council) was formed by the major credit card companies in September of 2006 to establish a body of security standards for the processing of credit card payments. The standards are collectively known as the Payment Card Industry Data Security Standard (PCI DSS), and these standards consist of twelve significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines. Businesses can become accepted by the PCI Standards Council as compliant with the twelve requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis.
The Fair Debt Collection Practices Act (FDCPA) only applies to third party debt collection activity and imposes certain notice requirements on debt collectors that process post-dated electronic payments. 15 USC 1692f (1) – (4).
Each of these forms of electronic payments comes with its own set of compliance requirements. Companies are well advised to confer with independent legal counsel, their electronic payment processor service provider and their software partner to discuss the advantages, disadvantages of the various types of payment types and the technology they may need to process electronic payments.
Part II of this series will cover authorization requirements for electronic payments.
Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.
© 2017 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.