A US PAYMENT RULES PRIMER FOR THE COMPLIANCE-MINDED MERCHANT
Until a post-capitalist world order is more firmly established, you had better pay attention to the rules governing the automated clearing house (ACH) and payment card systems if your company accepts payments by those methods in the US, even if you outsource all payment processing functions. Most compliance lawyers are unaware of the potential exposures relating to the regulatory scheme of public and private rules regarding payments until a problem arises because the topic is nuanced, muddled, and a little dry. But like the fine print in a student loan agreement (nuanced, muddled) and the asbestos lining your walls (a little dry), ignoring it will not make it go away. Some of the key aspects of these rules are addressed below, especially as they apply to accepting payments from consumers. Leaving Bitcoin, Blockchain, Apple Pay, e-IOUs, barter, and other forms of payment for another day, we focus instead on the staples of ACH and payment cards.
From a merchant’s perspective, accepting ACH and payment cards means navigating a web of industry rules, contractual obligations, federal regulations and state laws. These rules and laws address, among other issues, how a payment may be properly authorised, the content of the authorisation record, associated record retention requirements, the security measures that must be in place to accept such payments, the requirements that must be placed upon third parties to whom portions of the payment process have been outsourced, whether and how a surcharge or a convenience fee may be levied and what to do in the event of a breach of payment data. The surcharge or convenience fee and data breach issues deserve in-depth consideration in their own right, so will not be discussed in great length here, other than to note that they are issues worth discussing, and requiring state-specific and industry-specific attention.
Apr-Jun 2017 Issue
Locke Lord LLP