Standard Entry Class (SEC) Codes: WEB

October 27, 2009

A WEB entry is a transaction for which the authorization is received via the Internet.  WEB should only be used for Business to Consumer transactions and can only be debits; Single or Recurring.

Authentication:  Just like TEL transactions, WEB transactions require that the identification of the consumer be verified before the authorization piece takes place.*

Authorization:  While there is no specific authorization language, the WEB authorization must follow these 4 basic rules:

          1) be in a writing that is signed or similarly authenticated*        

          2) be readily identifiable as an ACH Debit authorization

          3) clearly and conspicuously state its terms, and

          4) must (for recurring payments only) provide the Receiver with a method to revoke                     their authorization by notifying the Originator in the manner prescribed.

 It’s a good idea from a Proof of Authorization standpoint to capture the IP address and time/date stamp for each transaction authorized.

 * Notes: 

WEB entries may be either Single one-time entries or Recurring entries designated by the use of an S – for Single or R – for Recurring in the Payment Type Code Field of the Entry Detail Record. 

The Originator must use a commercially reasonable procedure to verify the consumer’s Routing Number.

Authorization #1 – This means that the authorization is displayable for the consumer to read on a computer screen and the consumer should be prompted to print and retain a copy of the authorization.  The consumer must then be able to demonstrate their assent to the terms and conditions of the authorization by clicking an “I Agree”, or “OK”, or some such button before moving on to complete their transaction.

The Originator must ensure that the exchange of account information is only accomplished during a secure Internet session using at a minimum 128 bit RC4 Encryption and is considered Commercially Reasonable.

Originators of WEB entries are required by the ACH Operating Rules to conduct an Annual Security Audit of their security practices and procedures that include at a minimum, adequate levels of;

           1) physical security to protect against theft, tampering, or damage

          2) personnel and access controls to protect against unauthorized access and use, and

          3) network security to ensure secure capture, storage and distribution of financial                          information

You should understand that because of the anonymous nature of WEB transactions, they are considered a high risk type of ACH transaction.  That doesn’t mean that they are difficult to implement or cumbersome for your customers, it’s just the nature of the beast.  Stay tuned for ARC next.

4 Comments | Beginner, Education | Permalink
Posted by achguy

Standard entry Class (SEC) Codes: POP

October 20, 2009

POP – Point of Purchase a.k.a. the Walmart experience

I like to call POP the Walmart experience as I believe Walmart has been the single largest adopter of POP to date.  If you want to experience POP for yourself, go to your local Walmart store and write a check.  Here’s what will happen…the cashier will gladly accept your check for your purchases.  They will then run the check through a MICR reader and print out a receipt (it looks a lot like a Credit Card receipt) and ask you to sign it.  After you sign the receipt, they hand you a copy and your check (which has been voided) and you go on your merry way, purchases in tow. 

 So, how does it work?

 Let’s start at the beginning.  POP should only be used for Business to Consumer, debit transactions and they will always be a single one-time transaction.  It is important to note that the whole process will always start with acceptance of a check/source document.

 Authorization:  The authorization requirements for POP are pretty specific.  They’re based on a written authorization (source document/check) and proper notice provided to the Receiver – posted in a prominent and conspicuous manner.

 The posted notice should read:  “When you provide a check as payment, you authorize us either to use information from your check to make a one-time electronic fund transfer from your account or to process the payment as a check transaction.”

 OR

 ”When you provide a check as payment, you authorize us to use information from your check to make a one-time electronic fund transfer from your account.  In certain circumstances, such as for technical or processing reasons, we may process your payment as a check transaction.”

 In addition to the above notice, until January 1, 2010, your notice should also include the following text:  “When we use information from your check to make an electronic fund transfer, funds may be withdrawn from your account as soon as the same day you make your payment.” 

 As I mentioned, the copy of the authorization and receipt look much like a Credit Card receipt and can satisfy the requirements that the authorization must be in writing and then signed or similarly authenticated*.  As with all authorizations, it must be readily identifiable as an ACH authorization and clearly and conspicuously state its terms. 

 I mentioned using a MICR reader in my opening paragraph and so I figured I better tell you what it is.  A MICR reader is simply a device designed to read the numbers across the bottom of your check.  POP requires that you use a MICR reader when processing POP transactions.  Of course, if it misreads or rejects, you can manually key enter the information, but otherwise you have to use the reader. 

 Not all checks are created equal: 

 Not all checks or sharedrafts are elegible to be converted during the POP process.  A check or sharedraft can be used as a source document if it;

           Has not been previously negotiated

          Has not been previously voided

          Contains a pre-printed serial number

          Is drawn on a consumer account

 Receipt Requirements:

Originators must, at the point-of-purchase, provide Receivers with a receipt that contains the following minimum amount of information:

           Originator name (merchant)

          Company (merchant)/third-party service provider telephone number;

          Date of transaction

          Transaction amount

          Source document check serial number

          Merchant number (or other unique number that identifies the location of the                                 transaction)

          Terminal City and State

 Record Retention:  Merchants/Originators are required to maintain copies of the authorization for CCD transactions for 2 years beyond Settlement Date of the transaction.

  * Notes:

 Amount:  POP transactions must be in the amount of $25,000.00 or less.

 Formatting requirements: 

           Originators must ensure that the name of the Receiver or ID number or code which

          identifies the transaction or customer is included within each POP entry.

           Originators should ensure that the check serial number from the Receiver’s source     document is placed within the Check Serial Number Field of the POP entry.  Further,          the word “check,” abbreviations such as “ck” or “chk,” or other merchant codes must      not be included within the field. Here are some examples of incorrect and correct   applications:

           INCORRECT             0001234

                                      000000000001234

                                      CK# 001234

                                      CK1234

                                      1234 6532986002

                                      CK1234 48832817

           CORRECT                1234

 That’s a lot of information for such a simple process, but I wanted to make sure you had all the important stuff.

 WEB is next, stay tuned.

5 Comments | Beginner, Education | Permalink
Posted by achguy

Follow

Get every new post delivered to your Inbox.