Payments Compliance: What to Know and How PDCflow Helps

Payments Compliance: What to Know and How PDCflow Helps

There are many ways businesses must adhere to payment compliance. What’s more, it can get complicated to keep track of the requirements to follow, even though violating this payment processing compliance could lead to litigation or crippling fines.

For many companies, the simplest solution is to rely on the software you use to help you reach your compliance goals. Here are some of the payment rules and regulations your software should help you follow.

Payment Compliance Regulations

In order to evaluate and choose software that takes the burden of payment compliance off of your staff and reduces risk for your business, you need to understand payment processing regulations and their governing bodies. Here is a list of the basics to keep in mind.

PCI Compliance Guide for Businesses

Flow Technology for PCI Compliant Agent-Assisted Payments

Payment Compliance Industry Data Security Standards (PCI DSS)

PCI DSS, or PCI compliance, was created to direct the safe storage and handling of credit card data to process payments. These credit card processing regulations are enforced to keep sensitive data safe. By doing so, the industry hopes to prevent data breaches, giving consumers a safe environment in which to make card payments.

PDCflow offers a PCI Level 1 secure card payment processing environment for companies that wish to keep their PCI responsibility to a minimum.

  • By using our patented secure entry overlay, PDCflow removes the need to store secure card data on your merchant’s servers by capturing, encrypting and tokenizing the information on the payment screen.

  • With Flow Technology, staff can accept credit card payments without ever keying in a credit card number by sending requests to the consumer through email, text message or chat. Staff can stay on the line with consumers to ensure a payment goes through while providing the most secure and compliant payment experience.


Flow Technology for PCI Compliant Agent-Assisted Payments

Flow Technology for PCI Compliant Agent-Assisted Payments


Just as with PCI, there is an organization with the specific purpose of governing ACH payments. The organization is called the National Automated Clearing House Association, or Nacha. To ensure payment compliance, Nacha uses the National System of Fines to enforce violations.

According to Nacha, the way a transaction is authorized may change depending on how the payment is taken. There are four different transaction types:

  • TEL – This refers to a transaction that is authorized verbally over the phone in order to initiate either a one-time or recurring debit payment from the consumer’s account.

  • WEB – These are payments processed through a website, authorizing either one-time or recurring payments.

  • PPD – This stands for “Prearranged Payment and Deposit Entry.” This type of transaction gives a merchant permission to debit a consumer’s personal checking or savings account. These are typically handled in person.

  • CCD – This is an ACH transaction that debits or credits a business account.

PDCflow’s software offers built-in payment compliance for much of Nacha’s electronic payment regulations:

  • Notice prior to debit is automatically sent via email if an email is entered when the transaction is processed.

  • An option to print or resend a receipt upon request is available to your merchants.

  • An electronic record of payment information is stored. This record can easily be retrieved at any time for a minimum of seven years.

  • Automatic payment reminders for recurring payment schedules are sent when an email is associated with the schedule.

  • Nacha mandated revocation language is automatically included on the online payment portal we provide with every PDCflow account.
Payment Compliance Rules and Regulations How PDCflow Helps Infographic

EFTA and Regulation E

Because the TEL, WEB, PPD and CCD transactions described above all take place through telephones, computers or electronic terminals, they are considered Electronic Funds Transfers (EFTs). In order to protect consumers, the authorization rules that apply to these transactions are found in Regulation E (part of the Electronic Funds Transfer Act).

The EFTA and Regulation E outline what constitutes an EFT, and explain the attributes of a compliant authorization. The regulation also describes the appropriate proofs of authorization necessary for each transaction type.

PDCflow’s Flow Technology allows merchants to capture a digital wet signature at the time a payment is made. Flow also allows for document transfers and is integrated with both our one-time payment transactions and recurring payments module.

Using Flow removes your need to store credit card information and Reg E compliant recurring authorizations on-site. This reduces the risk of private consumer information falling into the wrong hands and allows for easy electronic retrieval of a robust audit report in the event of future chargebacks.

Communication and Health Information Compliance

Many companies use digital communications to talk to customers about payments. When you send payment schedules, invoices, payment reminders, etc. through email or SMS, there are additional rules you need to follow.

Phone carrier rules

To protect customers from scammers, phone carriers have their own rules for how companies can use text messaging. If your payment processing software uses email or SMS to send payment messages, you will need to follow phone carrier rules.

Ask your vendors what they do to keep texting compliant and keep your messages from being blocked or sent to spam. If you don’t follow the phone carrier rules, your company could be blocked from sending messages to customers.


This rule mostly covers how companies use customer email addresses to send promotional or marketing emails. If you only use email to inform customers about their bills or other account information, this may not apply.

However, no matter what types of messages you send to customers, make sure you’re following opt-in and opt-out rules. Don’t send messages to customers through a channel they don’t give you permission to use, and offer a clear, easy way for them to unsubscribe.


Medical billing companies and healthcare providers often need to send statements that could include private medical information. Any time you are handling this type of data, your organization needs to follow HIPAA requirements.

PDCflow helps companies follow payment compliance while simplifying workflows. Meet with a PDCflow Payment Expert to get a customized demo of how PDCflow can help your organization collect payments faster and automate compliance.

Book Demo

Hannah Huerta - PDCflow Marketing Specialist
Hannah Huerta, Marketing Specialist

Hannah Huerta is a Marketing Specialist at PDCflow. She creates content for the accounts receivable and payment industry.

LinkedIn - Hannah Huerta

Related Articles
Storing Credit Card Information Risks and Best Practices
Top ACH Payment Processing Questions