Protect Yourself from Your Customer Kristin A. Stedman, AAP Senior Vice President Education Services kristin@tacha.org © 2014 TACHA. All Rights Reserved 1 Mark of Excellence • © 2014 TACHA. All rights reserved. • This material is derived from collaborative work product developed by NACHA ─ The Electronic Payments Association and its member Regional Payments Associations. This material is not intended to provide any warranties or legal advice, and is intended for educational purposes only. NACHA owns the copyright for the NACHA Operating Rules & Guidelines © 2014 TACHA. All Rights Reserved 2 Telephone Banking Internet Banking © 2014 TACHA. All Rights Reserved Bill Pay Mobile P2P 3 Telephone Banking Internet Banking Bill Pay © 2014 TACHA. All Rights Reserved Mobile P2P 4 Telephone Banking Internet Banking Bill Pay Mobile © 2014 TACHA. All Rights Reserved P2P 5 Telephone Banking Internet Banking Bill Pay Mobile Banking P2P © 2014 TACHA. All Rights Reserved 6 Telephone Banking Internet Banking Bill Pay Mobile Banking P2P © 2014 TACHA. All Rights Reserved Here we are today! 7 The Person-to-Person Payment © 2014 TACHA. All Rights Reserved 8 9 10 11 12 ACH Network ODFI RDFI ACH Operator Debit Originator’s Account Credit Receiver’s Account Originator Receiver © 2014 TACHA. All Rights Reserved 13 Introducing the Person-to-Person Payment DEFINITIONS © 2014 TACHA. All Rights Reserved 14 Person-to-Person Entry (P2P Entry) • Credit entry initiated by or on behalf of a holder of a consumer account that is intended for a consumer account of a receiver • P2P entry uses the InternetInitiated/Mobile Entry (WEB) Standard Entry Class Code © 2014 TACHA. All Rights Reserved 15 Customer Initiated Entry (CIE) Credit entry initiated by or on behalf of the holder of a consumer account to the non-consumer account of a receiver © 2014 TACHA. All Rights Reserved 16 Internet Initiated/Mobile Entry (WEB) • Credit entry initiated by or on behalf of the holder of a consumer account that is intended for the consumer account of a receiver, regardless of whether the authorization of such entry is communicated via the Internet or wireless network © 2014 TACHA. All Rights Reserved 17 P2P AND NACHA OPERATING RULES © 2014 TACHA. All Rights Reserved 18 Person-to-Person Rule Objectives • Provides clarity and consistency about how to apply the Rules to P2P Payments • Allows RDFIs to receive P2P transactions with standard formatting for use in providing transaction information to their customers • Enables Originators and Third Party Service Providers to implement internal processes and procedures in order to improve operations and customer service, reduce costs, reduce risk and fraud, and minimize exceptions and disputes © 2014 TACHA. All Rights Reserved 19 Person-to-Person Effective March 21, 2014 Approved: March 7, 2013 • Defines P2P payment in NACHA Operating Rules • Creates new Credit WEB Entry specifically for P2P payments • Clarifies how Notifications of Change (NOCs) should be handled for P2P WEB credits and for bill payment CIEs © 2014 TACHA. All Rights Reserved 20 Company Name Field • • • • • To identify P2P service provider In Company Batch Header Record Field 3 and position 05-20 Alphameric 16 characters in length © 2014 TACHA. All Rights Reserved 21 Company Entry Description • Descriptive statement for P2P type payment • Field 7 and position 54-63 • Alphameric • 10 characters in length © 2014 TACHA. All Rights Reserved 22 Individual Identification Number Field • • • • • • Identifies Sender or Originator WEB Entry Detail Field 7 and position 40-54 Alphameric 15 characters Required on statement & transaction reports © 2014 TACHA. All Rights Reserved 23 Payment Related Information • • • • • Free form plain text option Addenda Record Field 3 and position 04-83 80 characters Not required for statement but consider value © 2014 TACHA. All Rights Reserved 24 P2P Formatting • Individual Name = Receiver’s name – Who is receiving the P2P entry? • Individual ID = Originator/Sender’s name – Who sent the P2P entry? • Company Name = P2P service provider – Whose assisted in sending the P2P entry? © 2014 TACHA. All Rights Reserved 25 Payment Type Code • “S” or “R” – Single or recurring • Entry Detail • Field 9 and position 77-78 • Denoted like the WEB debit © 2014 TACHA. All Rights Reserved 26 WEB Can Batch Together 27 Periodic Statements For P2P Company Name is Service Provider, not Originator RDFI must provide the Receiver with Originator’s (sender’s) name Originator for WEB Credits is in Individual ID Number RDFI Must provide contents of Individual ID Number field to consumer only for WEB Credits Not if WEB Entry is a reversal of a debit WEB Entry “REVERSAL” would appear in Company Entry Description in Company Batch Header Record © 2014 TACHA. All Rights Reserved 28 P2P WEB Credit ≠ WEB Debits • Credit WEB - No Origination Agreement • Credit WEB - No Receiver Authorization • Credit WEB - Additional ODFI Warranties do not apply – Debit WEB Entries are subject to risk management rule provisions that apply as a prerequisite to Origination – WEB Audit requirement does not apply to WEB Credits – P2P Debits consumer to consumer • Consumers’ originating debits to Consumers require Originator Agreement and all applicable Rules © 2014 TACHA. All Rights Reserved 29 Impact to ODFIs • Statement requirements – – – – – – – This is same information RDFI provides to its consumer Receivers of ACH entries Posting date Dollar amount Payee name Entry description Account type and Account number Amount of charges for services related to entry Balances in account at beginning and end of statement period – Address and telephone number for inquiries or notice of errors • Education with staff and customers • Conversation with vendors © 2014 TACHA. All Rights Reserved 30 P2P– Notifications of Change • Clarifies the treatment of NOCs for CIEs and credit WEB Entries • When CIE or WEB credit NOC is received by the ODFI, the ODFI required to make the changes, or provide the bill payment or P2P provider with the necessary information – Within two Banking Days of the Settlement Date of the NOC or corrected NOC – Regular NOC time frames apply © 2014 TACHA. All Rights Reserved 31 WHAT IS YOUR FINANCIAL INSTITUTION DOING TODAY? © 2014 TACHA. All Rights Reserved 32 Bill Payment vs. P2P Portal 33 Who’s the ODFI of the P2P entries? TPSP Your financial institution ODFI © 2014 TACHA. All Rights Reserved 34 I need to send money to my daughter’s account at another financial institution every month. Would you please send this to my account at my other financial institution? 35 THINGS FOR FINANCIAL INSTITUTIONS TO CONSIDER © 2014 TACHA. All Rights Reserved 36 Take Into Consideration….. • Can consumer customers send debit and/or credit entries through online banking? – If so, can this also be done through mobile banking? • Who does the financial institution use as a Third-Party Service Provider for the P2P product? © 2014 TACHA. All Rights Reserved 37 Take Into Consideration….. • Does the financial institution have any restrictions in place for P2P payments? • Are there eligibility requirements? – Customer ratings – Length of relationship – Overdrafts – Returns © 2014 TACHA. All Rights Reserved 38 Take Into Consideration….. • Are there limits in place related to P2P payments? – Are limits the same for all consumers? • What authentication is in place for consumers initiating P2P payments through online banking? – What are password requirements? – What locked out procedures are in place? © 2014 TACHA. All Rights Reserved 39 Take Into Consideration….. • How are online account changes monitored and verified? – Address changed – Phone number changed – Email address changed – Alert notifications changed © 2014 TACHA. All Rights Reserved 40 Take Into Consideration..... • Employee access – Does the financial institution minimize and monitor the number of personnel with access to systems that support ACH services? – Does the financial institution minimize and segregate ACH staff and limit access to various maintenance and transaction support functions • • • • Editing users Editing account numbers Editing transaction limit Editing user profiles © 2014 TACHA. All Rights Reserved 41 In Conclusion….. • Financial institutions are welcoming new products and services • NACHA Operating Rules provides framework for P2P payments • Financial institution has to manage the risk related to the new products and services © 2014 TACHA. All Rights Reserved 42 Contact Information 1000 NorthChase Drive Suite 201 Goodlettsville, TN 37072 Office: (615) 859-4188 Cell: (615) 636-8695 Fax: (615) 859-3719 Website: www.tacha.org © 2014 TACHA. All Rights Reserved 43