Editor's note: Rozanne Andersen, VP & Chief Compliance Officer for Ontario Systems, has written an informative and educational series of articles on payment systems. This is the fourth in the series. Read the others:
- Electronic Payments Step One - Understand the Terminology
- Electronic Payments Step Two - Understand Your Authorization Requirements
- Electronic Payments Step Three - How to Create and Sign an Electronic Payment Authorization
This article previously appeared on Ontario System's blog and is republished here with permission.
Before closing the books on electronic payments, remember your responsibilities to notify the consumer of their rights and changes in terms. Depending on whether you are a third-party debt collector, credit issuer, government entity or healthcare provider, your duties may vary.
Third-party debt collectors: Third-party debt collectors must comply with 15 U.S. Code § 1692 f of the Fair Debt Collection Practices Act (FDCPA) when processing electronic payments. Section 808 f of this section provides, “A debt collector may not use unfair or unconscionable means to collect or attempt to collect any debt. Without limiting the general application of the foregoing, the following conduct is a violation of this section:”
- The collection of any amount (including any interest, fee, charge, or expense incidental to the principal obligation) unless such amount is expressly authorized by the agreement creating the debt or permitted by law.
- The acceptance by a debt collector from any person of a check or other payment instrument postdated by more than five days unless such person is notified in writing of the debt collector's intent to deposit such check or instrument not more than ten nor less than three business days prior to such deposit.
- The solicitation by a debt collector of any postdated check or other postdated payment instrument for the purpose of threatening or instituting criminal prosecution.
- Depositing or threatening to deposit any postdated check or other postdated payment instrument prior to the date on such check or instrument.
With regard to subparagraph (1) do not overlook the fact you cannot simply charge the consumer a convenience fee because they pay by debit, credit, prepaid card or ACH transaction. First, you must determine if the additional charge is authorized in the underlying contract between the consumer and the creditor or permitted by law. Second, if permitted, the fee must be reasonable, and third, you must offer the consumer a free option. This means you must explain how they can make the payment to avoid the convenience fee charge.
With regard to subparagraph (2), you must send the reminder notice to the consumer required by this section before you process the electronic payment. Subparagraph (3) seldom presents a problem to the responsible debt collector but it is wise to include this prohibition in your electronic payment policy as a reminder. Most importantly, citing subparagraph (4), make sure you and your payment processor understand how critical it is that electronic payments are actually processed according to the authorization of the consumer. This means you process payments in the amount and on the day you said you would do so – not a day too soon and not a day too late.
Payees – All Types:
Regardless of the nature of your business, if you accept electronic payments from consumers you have special duties when it comes to processing recurring preauthorized electronic funds transfers which vary in amount or timing. Before processing a preauthorized electronic funds transfer which differs in amount or timing from the authorized amount or the agreed upon recurring payment date, third party debt collectors, credit issuers, governmental entities or healthcare providers must provide the consumer with written notice of the amount and date of the transfer at least 10 days before the scheduled date of transfer. [See 12 CFR 10(d) (1)]
All processors of electronic payments must also provide notice of the all-important revocation or stop payment notice. As is the case with all authorizations, consumers have the right to revoke or stop payment of the authorized payments. It is your responsibility to provide consumers with notice of the time, place and manner in which they may revoke or stop payment on the transaction(s). Specifically and when obtaining the authorization for the recurring preauthorized electronic funds transfers you must inform the consumer they can notify your company orally or in writing at any time at least three business days before the scheduled date of the transfer (12 CFR 1005.10(c)(1)). Alternatively, you may require written confirmation of an oral stop payment order to be made within 14 days of the consumer’s oral notification. If you opt to require a written confirmation, you must inform the consumer of the requirement and provide the address where confirmation must be sent when the consumer gives the oral notification. An oral revocation or stop-payment order ceases to be binding after 14 days if the consumer fails to provide the required written confirmation. [See 12 CFR 1005.10(c) (2)]
Finally, the law affords bona fide error protection to those who fail to comply with the authorization and disclosure requirements for preauthorized recurring electronic funds transfers if the consumer mistakenly tells them the account is a credit card account. For this reason when taking authorizations by phone or web you should always ask the consumer to confirm whether the account subject to the preauthorized transfers is a credit card account or a debit/checking account. 12 CFR 1005 10 (c)
If the consumer indicates use of a credit card account when in fact a debit card is being used, you do not violate the requirement to obtain a written authorization if the failure to obtain written authorization was not intentional and resulted from a bona fide error, and if you maintain procedures reasonably adapted to avoid any such error. Procedures reasonably adapted to avoid error will depend upon the circumstance. Generally, requesting the consumer to specify whether the card to be used for the authorization is a debit (or check) card or a credit card is a reasonable procedure.
If you believe at the time of the authorization that a credit card is involved, and later find the card used was a debit card (for example, because the consumer later brings the matter to your attention), then you must obtain a written and signed or (where appropriate) a similarly authenticated authorization as soon as reasonably possible, or cease debiting the consumer's account.
Electronic payments processing can be challenging.
Meeting the compliance requirements of the various laws and regulations requires organizational discipline and a keen understanding of the requirements. Never hesitate to learn on your partners to help you manage the complex environment of electronic payments, evaluate your talk offs, review your quality assurance program, assist you in writing policies and procedures, train your team and most importantly give you the support you need when you need it.
Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.
© 2017 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.