Electronic Payments Compliance 101

Offering online payments within your application or to your end-users and customers is part of every modern business. Because of this shift, enterprises have specific standards that they must follow if they choose to accept electronic payment and online bill pay services. In order to be compliant and to keep customer data secure, you must ensure that several regulations and security standards are in place

For many businesses, their electronic payment services compliance is already built in to their payment solution systems. This is the case with ReliaFund. Aside from securing customer information and maintaining standards, we also streamline the entire online payment services process so that compliance comes easy for your business. However, if you manage your own systems, there are several compliance standards you should be aware of: 

NACHA Compliance

NACHA (National Automated Clearing House Association) is the organization that oversees the ACH Network. To stay compliant with their standards, businesses should clarify whether customers are making a single payment or starting a recurring payment, before getting authorization. Businesses must also provide enough notice if terms will be changed, process cancellation requests as soon as possible, and protect customer banking data used to process ACH payments. If a business is violating NACHA standards, it will have to pay a host of fines and fees.

PCI-DSS Level 1 Compliance

The Payment Card Industry Security Standards Council is a global organization that maintains, evolves and promotes standards for the safety of consumer cardholder data. The Council also provides important tools needed for implementing security standards such as self-assessment questionnaires, assessment and scanning qualifications, product certification programs, and training and education.

FACTA Compliance

The FACT Act (Fair And Accurate Credit Transactions Act of 2003) amended the FCRA (Fair Credit Reporting Act) in order to give citizens more convenient access to their individual credit reports by providing them with one free credit report annually.  FACTA also requires that businesses that collect personal data from their customers correctly dispose of these information. Non-compliance leads to a significant lawsuit; customers can sue due to the risk of identity theft and the court can levy punitive damages.

SSAE Type II Compliance

SSAE (Statement on Standards For Attestation Engagements) Type II compliance requires organizations to disclose any and all relationships that might exist between service companies and the sub-service companies with which it contracts. Aside from this, there needs to be a risk assessment, regular site visits, and monitoring as well. While businesses might not be penalized for non-compliance, many customers prefer that this standard is met due to transparency concerns and may take their business elsewhere if it isn’t met.

Patriot Act Compliance

Because of the Patriot Act, businesses need to obtain specific data about a consumer before opening an account for him or her. Businesses also need to verify and keep the data. This requirement is placed on financial institutions and other businesses that offer electronic payment services as one way to track transactions and prevent money laundering. Those who are not in compliance may face both civil and criminal penalties.

When your business offers electronic payment services and bill pay services online, one of your top priorities is to ensure that you meet the highest standards of information security. Being compliant with the requirements associated with NACHA, FACTA, SSAE, PCI-DSS Level 1 Certification and the Patriot Act will help you safely and confidently serve your customers while avoiding the costly consequences of non-compliance. If you want to incorporate a secure payment processing solution that you can recommend with confidence, look no further than ReliaFund’s Payment Processing Services. Let’s talk; contact us here!