Offering online payments is part of the modern business landscape. Unfortunately, that new reality has also produced the need for specific standards as to the way electronic payment services and online bill pay services are handled. There are a variety of regulations and security standards that need to be in place in order for your company to be compliant and your customers’ information to be secure.
Electronic Payment Services Compliance
For many companies, electronic payment services compliance is built-in to their Enterprise Resource Planning (ERP) or payment solution systems. The third-parties with which they contract secure customer information and maintain standards for the way it is handled. These companies streamline the online bill pay services process so that compliance comes easy for the contracting company. However, many companies with electronic payment services manage their own systems. If this is the case with your company, there are several compliance standards you should be aware of.
FACTA is short for Fair and Accurate Credit Transactions Act of 2003. Also called the FACT Act, this Act amended the FCRA (Fair Credit Reporting Act) to give consumers better access to their credit reports by giving consumers one free credit report each year — but that was only part of it. FACTA also requires companies that collect personal information to properly dispose of those materials. Non-compliance could mean a hefty lawsuit. Consumers can sue for the damages they face from the identity theft and the court can levy punitive damages.
Patriot Act Compliance
The Patriot Act requires that your company obtain specific information about an individual in order to open up an account for that person. You also need to verify and retain that information. The Patriot Act places this requirement on financial institutions and other companies that offer electronic payment services as a way of tracking and preventing money laundering. If you are not in compliance, your company could face civil and criminal penalties.
NACHA stands for National Automated Clearing House Association. It is the entity that oversees the ACH Network. In order to be in compliance with their standards, you will need to clarify whether your customers are make a single payment or setting up a recurring payment and obtain authorization. You will also need to provide ample notice if you need change the terms, process cancellation requests promptly and protect the customer banking information you use to process ACH payments. If you are found in violation of NACHA standards, you can expect a variety of fees and fines.
SSAE Type II Compliance
SSAE Type II is an adjustment to the SAS 70 standard. SSAE stands for Statement on Standards for Attestation Engagements. The standard requires companies to disclose any relationships that might existing between a service company and any subservice companies with which it contracts. There also needs to be a risk assessment as well as regular site visits and monitoring. While you may not be penalized for noncompliance, many of your customers may prefer that you meet this standard and they could go elsewhere if you do not.
PCI-DSS Level 1 Certification
The PCI Security Standards Council is a global forum for the industry to come together to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.
The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs.
When you offer electronic payment services and online bill pay services, you need to make sure your operations meet the highest standards of information security. Being compliant with the practices and requirements outlined in FACTA, the Patriot Act, NACHA, and SSAE, along with PCI-DSS Level 1 certification, will help you serve your customers best while avoiding the often high costs of non-compliance. If you have questions about compliance and how PaymentVision can help, contact us today!