Electronic Payments Step Two – Understand Your Authorization Requirements

Editor's note: Rozanne Andersen, VP & Chief Compliance Officer for Ontario Systems, has written an informative and educational series of articles on payment systems. This is the second in the series. Read them all:

Electronic Payments Step One - Understand the Terminology
Electronic Payments Step Two - Understand Your Authorization Requirements
Electronic Payments Step Three - How to Create and Sign an Electronic Payment Authorization
Electronic Payments Step Four – Don’t Forget the FDCPA, the Consumer’s Rights, or the Proper Notices

This article previously appeared on Ontario System's blog and is republished here with permission.

-----

Sixty minutes into a presentation on electronic payments at a recent industry conference, an audience member’s question stops me in my tracks: They don’t understand the difference between an electronic payment authorization and an electronic signature. That’s an important piece of the puzzle, but one that requires a bit of discussion, at length. Let’s review:

An electronic payment authorization is the agreement setting forth the terms of the payment arrangement. It is electronic documentation of the terms of the payment agreement you and the consumer have entered into in connection with the debt.

By contrast, an electronic signature is a sound, symbol or voice the consumer uses to evidence their assent to the terms of the agreement. It is in effect a representation of the consumer’s signature on the electronic authorization. The two terms are not interchangeable and the reason you need to understand their differences is because each presents unique compliance challenges.

Electronic Payment Authorization Requirements: There are only two reasons why you need to obtain the consumer’s authorization to process an electronic payment.

[article_ad]

The first is grounded in common sense. If your organization has nothing in hand to prove the consumer authorized you to process a credit card payment, a debit card payment or any other ACH or prepaid card payment, you will have no defense to a claim that the payment was unauthorized. Nor will you be able to defend a claim the payment was processed under false pretenses made at the hand of one of your employees seeking to steal a consumer’s identity.

The second reason is because you must. The legal, security and contractual mandates require you to do so. For example, the Federal Electronic Funds Transfer Act (EFTA) and its corresponding Regulation E mandates the authorization requirements for electronic funds transfers. The Truth in Lending Act and its corresponding Regulation Z regulates prepaid cards with credit features. The National Automated Clearing House imposes contractual obligations on payments processed using the Automated Clearing House network (ACH). The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary security standard that imposes security requirements associated with branded credit cards from major card programs like Visa, MasterCard, American Express and Discover. Together these requirements impact your ability to process electronic payments.

Electronic payment authorization requirements differ in timing, form and content depending upon the type of electronic payment. Moreover, authorizations that must be signed or similarly authenticated by the consumer in compliance with the Electronic Signatures in Global Commerce Act (E Sign Act) require the consumer to “affix” their signature to the authorization as their electronic signature.

Credit card authorizations may be documented by a voice recording and need not be signed or similarly authenticated by the consumer. If your organization does not have the ability to record the credit card authorization using voice recording technology, you may want to use a web, email or paper exchange to create evidence of the consumer’s authorization. Among any other required disclosures, be sure to include these elements in your credit card authorization:

Confirmation of the consumer’s name or identity
The amount of the charge
The date of each charge
Credit card number, expiration date and card verification data [3-4 digit number]
Method to revoke the authorization

Single electronic funds transfers and/or single debit or single prepaid card authorizations may be documented by a voice recording and need not be signed or similarly authenticated by the consumer. If your organization does not have the ability to record the authorization using voice recording technology, you may want to use a web, email or paper exchange to create evidence of the consumer’s authorization. Among any other required disclosures, be sure to include these elements in your single debit or single prepaid card authorization:

Confirmation of the consumer’s name or identity
The amount of the debit
The date the debit transaction will be processed
Debit or prepaid card number, bank routing number, expiration date and card verification data [3-4 digit number]
Method to revoke the authorization

All of the information required for these authorizations may be obtained and documented in writing, webpage, voice recording, IVR or email. The consumer need not sign or similarly authenticate credit card or single debit or single prepaid card authorizations.

Preauthorized recurring electronic funds transfer payment authorizations (Pre-EFTA) require more information than credit card and single EFT payment authorizations, including:

Confirmation of the consumer’s name or identity
The amount of each recurring debit payment, or a reference to the method used to determine the amount of each recurring payment
The timing (including the start date), number, and/or frequency of each recurring payment
The debit card number, expiration date and CSC number or the number of the account to be debited and the bank routing number
A telephone number available to the consumer and answered during normal business hours for customer inquiries, revocations, cancellations and stop payments;
The method by which the consumer can stop payment, revoke or cancel the authorization [See below for more detailed information about this requirement]
Statement confirming the date of the consumer’s verbal authorization
The consumer’s verbal, tone or click indicating their assent to the agreement to pay and their intention to sign the authorization electronically by associating a sound or words or click agreement with the authorization

Of course, the trick here is the technology you use to automate. Documenting your treatment for each type of payment is one that’s fraught with human error when carried out manually. So your next step should involve thinking about how to create appropriate records, send proper notices and comply with Electronic Signatures in Global Commerce Act – We’ll discuss that process next.

---------------------

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2017 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.