Echecks Come of Age
Total Page:16
File Type:pdf, Size:1020Kb
eChecks Come of Age
The term eCheck has different meaning to different people, depending upon their frame of reference. For purposes of clarification, this article refers specifically to payments where the payer has instructed a business to collect payment from a checking account electronically. eChecks have been around for quite some time, but not always in the same form. Until recently, recurring payment options offered by utility or insurance companies represented the mainstream of eChecks; however, with the emergence of the new digital economy, eChecks have exploded into the mainstream, particularly in the world of the Internet, Mail-Order, Fulfillment Centers, Call Centers, etc.
Why would merchants want to offer eChecks? Several reasons. First, many consumers prefer using checks versus credit cards—this is evidenced by the huge volume of checks still being used in the retail industry. Second, and perhaps foremost, there are an estimated 50 million adult consumers who do not have credit cards but do have checking accounts. Assuming that these consumers aren’t potential consumers would be an unfortunate competitive mistake.
This article explores most of the import components of eChecks. Among other issues, it debunks some common myths about security, de-mystifies the process of obtaining merchant accounts, identifies what you need to know about service providers, tackles the obscure area of authorization and verification, defines the backbone behind the process, and finally, discusses what costs are involved in offering eCheck services.
Security Myths
There is a common misconception about the security of eChecks—that they are inherently unsafe. This is a common myth and could not be further from the truth. In many ways they are just as safe, and in some ways more so, than credit card payments. This myth is perpetuated for two reasons:
1. Lack of Education. The industry press has failed to examine what really underlies this payment mechanism, and because they’ve failed to dive into it’s so-called complexities, continue to perpetuate incorrect information about eCheck security and safety. A quick browse on the Internet for consumer advocacy groups and Internet security will reveal a surprisingly ignorant school of thought on this matter.
2. Competitive Threat. The credit card industry would like nothing more than to have these myths continue. eChecks are a considerable threat to their future. As recently as one year ago, credit cards were the only practical method of accepting payment for merchants. Not so anymore. Most major Internet merchants are already offering eChecks as a payment method or scrambling to get one in place. Given that eChecks are nearly always less expensive to merchants than credit cards, they have every right to feel threatened. This is why they will continue to support the myths about eCheck security.
Let’s examine the myth. To begin with, all consumers should exercise some common sense rules in any financial transaction. These should be the same for eChecks as for credit cards.
· NEVER give out your credit card or checking account information to an inbound telemarketer. Only give them out to someone where you’ve initiated the transaction. · Always make sure that Internet transactions are being performed by a secure web site—one that uses SSL. This ensures that the information cannot be intercepted while traversing the Internet.
The conventional “wisdom” is that giving checking account information over the Internet or on the phone opens consumers up to an unacceptable threat of fraud. To dispel this myth, one need only consider what happens with eChecks as compared to what happens when writing paper checks in the retail environment. The question to ask might be: “How many people have access to my checking account information? “ Then compare that with what happens when a paper check is handed over to a local supermarket or any other retail merchant. Don’t forget that the only information needed to perpetrate a fraud to a checking account is the bank routing number and account number. This is printed in plain view at the bottom of all paper checks. In the retail environment, as many as 20 people may actually handle a check before it reaches it’s final resting place on the bank statement or at the bank. Any one of which can get the necessary information to electronically debit your account. In the Internet or phone order environment, the actual checking account information is actually seldom handled by anyone other than the phone clerk who took the order. The rest of it is entirely electronic. Then, it is a matter of whether or not you trust the merchant where you gave the information to practice due care of your information. In most environments, your checks are a lot safer electronically than they are in the paper world.
Now, let’s consider what happens if someone fraudulently debits a consumer’s account. What rights do consumer’s have? This is where the myth comes in. If you were to believe the press or the credit card moguls, you’d think that once someone illegally debited your bank account, you were simply out of luck—and your money. Nothing could be further from the truth. By law, consumers are protected by a little known regulation called, Regulation E, which provides consumer protection for financial electronic transactions. “Reg E.” as it is commonly referred to in the industry, requires banks to permit consumers to “revoke” a payment, if the consumer deems it to be fraudulent. It is simply a matter of instructing your bank to do so, and they are required to provide you immediate credit—no questions asked. Reg E allows consumers to do this for up to 60 days following the bank statement where the fraudulent error occurred. Until recently, consumers were required to execute an affidavit at their bank stating that the transaction was not authorized; however, new rules allow this process to be done without the formality of an affidavit.
The bottom line: There is more than adequate safety and security for consumers using eChecks. But perceptions often rule, regardless of their relationship to reality. A dramatic level of re- education is needed for the industry press, merchants, and consumers. Don’t let that deter you as a merchant however. Sneak a peek at your nearest competitors. Odds are that one or more of them is likely to be offering eChecks already—and doing so successfully.
Merchant Accounts
In order to accept eChecks, merchants must obtain a merchant account. Although the vernacular may be a little different than in the credit card world, the effect is the same. There is risk involved for both the merchant account underwriter and the merchant. This means that a bank or service provider will typically require good credit before approving a merchant account to process eChecks. They will nearly always require the same level of security that is required for a credit card merchant account. This means there will be limits applied to your portfolio, and as often is the case with credit card merchant accounts, merchants may be required to maintain a reserve account to offset the risk.
So, what is the risk for the underwriter and the merchant. The risk is there primarily because of the consumer protections discussed above. Because a consumer can revoke a payment up to 60 days following a debit, these revoked payments (called charge-backs in the credit card world) must be collected from the merchant. If the merchant is involved in deliberate fraud or having liquidity problems, the underwriter may have difficulty collecting those funds. In this case, the underwriter “eats” the loss.
Risk for the merchant comes into play because some consumers abuse the consumer protections by revoking payments, even though the goods or services were delivered. Some astute, but less than ethical consumers do this as a deliberate fraud. Other times, it’s more of a gray area. For example, a consumer may be dissatisfied with the goods or services, and they revoke the payments as a form of consumer initiated “instant refund.”
Unlike the credit card payment industry, there is no dispute resolution feature of the eCheck payment vehicle. Once a consumer has revoked a payment, the only recourse available to the merchant is to take it to the collections environment.
Some eCheck providers are assisting merchants with fraud perpetrated by the consumer by providing some very effective and creative authentication tools, particularly in the Internet environment. For example, requiring consumers to authenticate themselves by providing information that would not be available to other individuals. This can be quite simple, such as an address verification, often coupled with a cross reference to their phone number. More sophisticated tools are available that can inquire about “out-of-wallet” information—such obscure things as previous addresses, other members of the household, or even who holds their mortgage. These tools give the merchant the means necessary to help in disputing charge-backs in the collections environment.
Service Providers
So where do merchants turn when they want to offer eChecks to their customers? There are a variety of choices, but like the credit card industry, careful shopping is critical. Some payment service providers offer both credit card processing and eChecks. Others specialize in either one of the other. The services these providers offer vary widely in depth and breadth. Depending upon the merchant’s needs, they can usually find one that meets their needs.
Specific services include, but are not limited to the following:
· Data collection
· Check verification
· User authentication
· Submission of payments on the Automated Clearing House (ACH) network (the payment clearing system for eChecks, among other things)
· Return item reporting (electronic, paper, or both)
· Settlement reporting (electronic, paper, or both)
· Merchant funding
For Internet eCheck processing, the data collection service is critical. The service provider should provide a “gateway” product, which integrates their data collection, verification, and authentication services with the merchant’s web site shopping cart. This usually falls into two categories, depending upon the merchant’s needs and level of software sophistication. The first and the easiest method requires that the merchant’s shopping cart contain a “Pay by eCheck” button, which is a simple link to a page on the service provider’s gateway server. This should include an automatic return to the Merchant’s site so that the transaction appears transparent to the consumer. The second category requires more software sophistication from the merchant, but is considerably more seamless. It requires that the merchant’s site communicate with the service provider’s gateway server in the background, exchanging consumer check information and the transaction result (approval or decline).
Using eChecks from telephone initiated payments is somewhat different. Usually, the service provider will provide a “virtual terminal,” which is an Internet web site application where merchants can log in to a secure area, enter the checking account information, and submit the payments directly to the service provider’s gateway server. This feature provides immediate, interactive results when verification services are used. Alternatively, most providers can also accept data directly from merchants in large, batch files for higher volume environments. Flexible providers can accept this data in various file formats. Others require that the data be provided in what is commonly referred to as “NACHA” (National Automated Clearing House Association) format. This is a somewhat obscure text file format, but not one that can be built from most office applications. NACHA formatted files require the use of additional third party software applications, most of which are not well suited for integrated with typical office or legacy systems. Merchants should look for a provider that is more flexible in file formats.
Above all, merchants should make sure that service providers are complying with NACHA rules. Without delving into the details, essentially, the service provider should be well educated when it comes to NACHA rules and be able to advise merchants of their obligations when it comes obtaining proper authorization to use eChecks on consumer accounts. Service providers should be able to provide at a minimum the required authentication tools and be able to meet the NACHA requirements for safe handling of consumer bank account information.
Authorization, Verification, and Authentication
These terms get thrown about, sometimes being used to mean the same things. For purposes of this article, we’ll define them as follows:
Authorization. This is used to imply the consumer’s consent to debit their checking account for products or services. Internet transactions can be authorized by the consumer, but the merchant or the provider must also provide some level of authenticating the consumer before an authorization can be considered complete. Telephone authorizations must either be telephonically recorded (voice) or the merchant must mail a confirmation of the transaction to the consumer prior to debiting the consumer’s account.
Verification. Verification can mean a lot of things, but most providers refer to what is commonly called check verification, which means a check against privately maintained databases of consumers who’ve written bad checks. This is known as a negative database. Some providers also use positive databases. These can report on “good” check writing habits of consumers. There are a number of massive databases being offered for verification services. Most payment service providers subscribe to one or more of these systems.
Authentication. Authentication is the process of determining if the person providing the checking account information is actually who they are claiming they are—that they have the authority to use that particular checking account. There is no holy grail in this area, but there are some very useful products. The costs can vary dramatically, but they’re usually directly proportional to the ability to correctly predict that the consumer is actually the right person.
Automated Clearing House Network A discussion about eChecks wouldn’t be complete without a discussion about what’s behind the whole process. By definition, all eChecks are cleared through the ACH network. Aside from a few government organizations, only banks, credit unions, and savings institutions are allowed to access the ACH network. Until recently, with a few exceptions, only banks offered eCheck services—usually under some other name than eCheck. However, since the dramatic onset and popularity of the Internet, this has changed. Today, most eCheck services are provided by third parties. But make no mistake about it—all of them have a bank behind them. Most banks have chosen to avoid the service requirements necessary to support merchants, so a new cottage industry has appeared to meet that need. This is probably not a bad thing. Banks are notorious for being late adopters in the service industry. Merchants should beware of any non-financial institution claiming to have access to the ACH network without an affiliation with a financial institution. Though they may have a service agreement to process for the banks, you can be assured that a bank is standing behind all transactions traversing the ACH network.
The Bottom Line
Like most new products, an evolutionary process is required before a standard convention becomes apparent. This is also true of eChecks, and particularly the convention for the fees charged for the service. The model for fees for credit cards has long been established. The merchant account typically includes a myriad of fees, but the standard model includes the following:
· Application Fee
· Monthly Maintenance Fee.
· Statement Fee
· Transaction Fee
· Discount Fee
· Charge-back Fee
· Point of Sale Equipment Lease or Purchase Costs (if needed)
· Software Lease or Purchase Costs (if needed)
Though annoying, the application, maintenance, and statement fees are nominal. If a merchant isn’t capable of absorbing these costs, they probably aren’t well enough established to support an ongoing business and represent too high a risk for the underwriter. eChecks haven’t been around long enough to have a clearly established a fee model. But merchants can expect them to be similar to those of credit card merchant accounts. One principle difference that can be found is the discount fee, though this is becoming more and more of the standard approach. The discount fee is a percentage of the face amount of the transaction. With credit card merchant accounts, this ranges from 1% to 5%, depending upon the underwriter’s assessment of merchant credit and the type of products and services being provided. Like most services, this fee has little to do with the actual cost of providing the service, and more to do with mitigating the risk associated with providing the service to the merchant.
Though some eCheck providers don’t charge a discount fee, this is often a trade-off for a reduction in actual services or only negotiated for higher volume, low risk merchants. Careful merchants should beware of eCheck providers offering cut-rate fees. These are usually new entrants into the provider space and have failed to recognize the inherent risks associated with the underwriting process.
Though the fee model may not vary much from credit card services, merchants can expect them to be less than credit card services—particularly in the discount fee area. As a rule of thumb, merchants should never have to pay more for eChecks than they do for credit cards. Even though eChecks are a relatively new service, the infrastructure behind them (ACH network) has been around for decades--no technological buildup required here.
When to Make the Move
With every new technology, there comes a point when it reaches critical mass, and it no longer belongs in the realm of early adopters, but in the mainstream. eChecks came into their own in 2001, following a new ruling by NACHA, specifically allowing eChecks to be used on the Internet. Along with that rule, came one supporting eChecks for telephone initiated transactions. With these rules in place, merchants and service providers were free to begin offering them in full force. The adoption rate has been dramatic and their success is without dispute. The question for merchants considering eChecks is not if, but when they should begin offering eChecks. The answer should be as soon as it can be done with all necessary diligence.