There are many ways businesses must adhere to payment compliance. What’s more, it can get complicated to keep track of the requirements to follow, even though violating this payment processing compliance could lead to litigation or crippling fines.
For many companies, the simplest solution is to rely on the software you use to help you reach your compliance goals. Here are some of the payment rules and regulations your software should help you follow.
Payment Compliance Regulations
Payment Compliance Industry Data Security Standards (PCI DSS)
PCI DSS, or PCI compliance, was created to direct the safe storage and handling of credit card data to process payments. These credit card processing regulations are enforced to keep sensitive data safe. By doing so, the industry hopes to prevent data breaches, giving consumers a safe environment in which to make card payments.
PDCflow offers a PCI Level 1 secure card payment processing environment for companies that wish to keep their PCI responsibility to a minimum.
- By using our patented secure entry overlay, PDCflow removes the need to store secure card data on your merchant’s servers by capturing, encrypting and tokenizing the information on the payment screen.
- With Flow Technology, staff can accept credit card payments without ever keying in a credit card number by sending requests to the consumer through email, text message or chat. Staff can stay on the line with consumers to ensure a payment goes through while providing the most secure and compliant payment experience.
Just as with PCI, there is an organization with the specific purpose of governing ACH payments. The organization is called the National Automated Clearing House Association, or Nacha. To ensure payment compliance, Nacha uses the National System of Fines to enforce violations.
According to Nacha, the way a transaction is authorized may change depending on how the payment is taken. There are four different transaction types:
- TEL – This refers to a transaction that is authorized verbally over the phone in order to initiate either a one-time or recurring debit payment from the consumer’s account.
- WEB – These are payments processed through a website, authorizing either one-time or recurring payments.
- PPD – This stands for “Prearranged Payment and Deposit Entry.” This type of transaction gives a merchant permission to debit a consumer’s personal checking or savings account. These are typically handled in person.
- CCD – This is an ACH transaction that debits or credits a business account.
PDCflow’s software offers built-in payment compliance for much of Nacha’s electronic payment regulations:
- Notice prior to debit is automatically sent via email if an email is entered when the transaction is processed.
- An option to print or resend a receipt upon request is available to your merchants.
- An electronic record of payment information is stored. This record can easily be retrieved at any time for a minimum of seven years.
- Automatic payment reminders for recurring payment schedules are sent when an email is associated with the schedule.
- Nacha mandated revocation language is automatically included on the online payment portal we provide with every PDCflow account.
EFTA and Regulation E
Because the TEL, WEB, PPD and CCD transactions described above all take place through telephones, computers or electronic terminals, they are considered Electronic Funds Transfers (EFTs). In order to protect consumers, the authorization rules that apply to these transactions are found in Regulation E (part of the Electronic Funds Transfer Act).
The EFTA and Regulation E outline what constitutes an EFT, and explain the attributes of a compliant authorization. The regulation also describes the appropriate proofs of authorization necessary for each transaction type.
PDCflow’s Flow Technology allows merchants to capture a digital wet signature at the time a payment is made. Flow also allows for document transfers and is integrated with both our one-time payment transactions and recurring payments module.
Using Flow removes your need to store credit card information and Reg E compliant recurring authorizations on-site. This reduces the risk of private consumer information falling into the wrong hands and allows for easy electronic retrieval of a robust audit report in the event of future chargebacks.
Communication and Health Information Compliance
Phone carrier rules
To protect customers from scammers, phone carriers have their own rules for how companies can use text messaging. If your payment processing software uses email or SMS to send payment messages, you will need to follow phone carrier rules.
Ask your vendors what they do to keep texting compliant and keep your messages from being blocked or sent to spam. If you don’t follow the phone carrier rules, your company could be blocked from sending messages to customers.
This rule mostly covers how companies use customer email addresses to send promotional or marketing emails. If you only use email to inform customers about their bills or other account information, this may not apply.
However, no matter what types of messages you send to customers, make sure you’re following opt-in and opt-out rules. Don’t send messages to customers through a channel they don’t give you permission to use, and offer a clear, easy way for them to unsubscribe.
Medical billing companies and healthcare providers often need to send statements that could include private medical information. Any time you are handling this type of data, your organization needs to follow HIPAA requirements.
PDCflow helps companies follow payment compliance while simplifying workflows. Meet with a PDCflow Payment Expert to get a customized demo of how PDCflow can help your organization collect payments faster and automate compliance.
Last updated May 2023