Updated August 2020
There are many ways businesses must adhere to payment compliance. What’s more, it can get complicated keeping track of the requirements to follow, even though violating this compliance could lead to litigation or crippling fines.
For many companies, the simplest solution is to rely on the software you use to help you reach your compliance goals. Here are some of the rules and regulations your software should help you follow.
Payment Compliance Regulations
Payment Compliance Industry Data Security Standards (PCI DSS)
PCI DSS, or PCI compliance, was created to direct the safe storage and handling of credit card data to process payments. These rules are enforced to keep sensitive data safe. By doing so, the industry hopes to prevent data breaches, giving consumers a safe environment in which to make card payments.
PDCflow offers a PCI Level 1 secure card payment processing environment for companies that wish to keep their PCI responsibility to a minimum.
- By using patented secure entry overlay, PDCflow removes the need to store secure card data on your merchant’s servers by capturing, encrypting and tokenizing the information on the payment screen.
- With FLOW Technology, staff can accept credit card payments without ever keying in a credit card number by sending requests to the consumer through email, text message or chat. Staff can stay on the line with consumers to ensure a payment goes through while providing the most secure and compliant payment experience.
Just as with PCI, there is an organization with the specific purpose of governing ACH transactions. The organization is called the National Automated Clearing House Association, or NACHA. To ensure payment compliance, NACHA uses the National System of Fines to enforce violations.
According to NACHA, the way a transaction is authorized may change depending on how the payment is taken. There are four different transaction types:
- TEL – This refers to a transaction that is authorized verbally over the phone in order to initiate either a one-time or recurring debit payment from the consumer’s account.
- WEB – These are payments processed through a website, authorizing either one-time or recurring payments.
- PPD – This stands for “Prearranged Payment and Deposit Entry.” This type of transaction gives a merchant permission to debit a consumer’s personal checking or savings account. These are typically handled in-person.
- CCD – This is an ACH transaction that debits or credits a business account.
PDCflow’s software offers built-in payment compliance for much of NACHA’s regulations:
- Notice prior to debit is automatically sent via email if an email is entered when the transaction is processed.
- An option to print or resend a receipt upon request is available to your merchants.
- An electronic record of payment information is stored. This record can easily be retrieved at any time for a minimum of seven years.
- Automatic payment reminders for recurring payment schedules are sent when an email is associated with the schedule.
- NACHA mandated revocation language is automatically included on the online payment portal we provide with every PDCflow account.
EFTA and Regulation E
Because the TEL, WEB, PPD and CCD transactions described above all take place through telephones, computers or electronic terminals, they are considered Electronic Funds Transfers (EFTs). In order to protect consumers, the authorization rules that apply to these transactions are found in Regulation E (part of the Electronic Funds Transfer Act).
The EFTA and Regulation E outline what constitutes an EFT, and explain the attributes of a compliant authorization.The regulation also describes the appropriate proofs of authorization necessary for each transaction type.
PDCflow’s FLOW Technology allows merchants to capture a digital wet signature at the time a payment is made. FLOW also allows for document transfers and is integrated with both our one-time payment transactions and recurring payments module.
Using FLOW removes your need to store credit card information and Reg E compliant recurring authorizations on-site. This reduces the risk of private consumer information falling into the wrong hands and allows for easy electronic retrieval of a robust audit report in the event of future chargebacks.