How To Add Value For Merchants with Built-In Payment Compliance

Built-In Payment Compliance

Share this Article

There are many ways a merchant must adhere to payment compliance throughout the transaction process. What’s more, they often have little or no knowledge of the requirements they are expected to follow, even when violating this compliance could lead to litigation or crippling fines. When choosing a payment management suite to offer to your merchants, are you looking for a product that provides worry-free, built-in payment compliance?

If your merchants are new to payment processing rules and regulations, here is a list of the basic tenets they should follow while processing payments:


Payment Card Industry Data Security Standards (PCI DSS) are the rules created by the payment card industry regarding how to safely store credit card data and safely process payments. These rules have been created in order to keep sensitive data safe. The intention of these rules is to minimize the likelihood of a data breach, giving consumers a safe environment in which they can make card payments.

PDCflow offers a PCI Level 1 secure card payment processing environment for merchants who wish to keep their PCI responsibility to a minimum. By using patented secure entry overlay technology, PDCflow removes the need to store secure card data on your merchant’s servers by capturing, encrypting and tokenizing the information on the payment screen.

Built-In Payment Compliance


Just as with PCI, there is an organization with the specific purpose of governing ACH transactions. The organization is called the National Automated Clearing House Association, or NACHA. To ensure compliance, NACHA uses the National System of Fines to enforce violations.

According to NACHA, the way a transaction is authorized may change depending on how the payment is taken. There are four different transaction types:

  • TEL – This refers to a transaction that is authorized verbally over the phone in order to initiate either a one-time or recurring debit payment from the consumer’s account.
  • WEBThese are payments processed through a website, authorizing either one-time or recurring payments.
  • PPD – This stands for “Prearranged Payment and Deposit Entry.” This type of transaction gives a merchant permission to debit a consumer’s personal checking or savings account. These are typically handled in-person.
  • CCD – This is an ACH transaction that debits or credits a business account.

PDCflow’s software offers built-in payment compliance for much of NACHA’s regulations:

  • Notice prior to debit is automatically sent via email if an email is entered when the transaction is processed.
  • An option to print or resend the notice/receipt upon request is available to your merchants.
  • An electronically stored record of the payment information is stored, easily retrievable for your merchants for a minimum of seven years.
  • Automatic payment reminders for recurring payment schedules are sent when an email is associated with the schedule.
  • NACHA mandated revocation language is automatically included on the online payment portal, which is provided to your merchant with their PDCflow account.

To see a comprehensive comparison on the NACHA compliance regulations and how PDCflow provides the built-in payment compliance, see our NACHA Compliance Comparison Info.

Download NACHA Compliance Comparison Chart

EFTA and Regulation E

Because the TEL, WEB, PPD and CCD transactions described above all take place through telephones, computers or electronic terminals, they are considered Electronic Funds Transfers (EFTs). In order to protect consumers, the authorization rules that apply to these transactions are found in Regulation E (part of the Electronic Funds Transfer Act).

The EFTA and Regulation E outline what constitutes an EFT, and explain the attributes of a compliant authorization.The regulation also describes the appropriate proofs of authorization necessary for each transaction type.

PDCflow’s suite includes a unique eSign+ Payment product which allows merchants to capture a digital wet signature at the time the payment is made. eSign+ also allows for document delivery and works for both one-time and recurring payments. Providing this piece to your merchants removes their need to store credit card information and Reg E compliant recurring authorizations on-site. This reduces the risk of private consumer information falling into the wrong hands, but also allows for easy electronic retrieval of a robust audit report in the event of future chargebacks.

To learn more about our worry-free payment management suite of products and our revenue share program for ISOs, see:

ISO Reseller Information