Skip to main content

Search

Consumer Banking and Payments Law: 5.12.2.2 Point-of-Purchase (POP) and Back Office Conversion (BOC) Entries

For point of purchase (POP) ECCs, NACHA rules prohibit the merchant from manually entering information about the check.1374 Instead, the merchant must use a check reader that scans the check and records the routing number, account number, and check number from the MICR line on the check. After the merchant obtains information from the check, the merchant enters the amount of the transaction.

Consumer Banking and Payments Law: 5.12.3.1 Introduction

When a merchant takes a consumer’s check and uses it as a source document to create an electronic check conversion (ECC), the ECC is introduced to the ACH system by the merchant’s (or the merchant’s payment processor’s) bank. In order to ensure the integrity of the ACH system and to prevent unauthorized ECCs, NACHA rules impose duties on originating depository financial institutions (ODFIs). Among those duties, the ODFI makes certain warranties to the consumer’s bank, the ACH operator, and NACHA.1384

Consumer Banking and Payments Law: 5.12.3.2 ARC Bank Warranties

In an ARC transaction, the merchant’s bank makes certain warranties to the consumer’s bank, the ACH operator, and NACHA.1386 Although these warranties do not run to the consumer, an examination of the warranties leads to an understanding of the allocation of loss among the parties, which can be critical in obtaining relief for the consumer.

Consumer Banking and Payments Law: 5.12.3.3 Bank Warranties in POP and BOC Entries

The merchant’s bank in a POP entry makes certain warranties to the consumer’s bank, the ACH operator, and the association of NACHA members, but not directly to the consumer.1393 One warranty is that the check that was used as the source document was returned void to the consumer after the merchant gathered the information. Through this warranty, the merchant’s bank is required to ensure that its customer, the merchant, has voided the check.

Consumer Banking and Payments Law: 5.13.1 NACHA Limits on Whether an Item May Be Re-Presented Electronically

When a consumer’s check or electronic payment is rejected, the merchant may wish to re-present the item. NACHA rules permit the merchant to re-present a dishonored check as an electronic payment through the ACH system (known as a re-presented check entry, or RCK), although such items are not considered to be electronic fund transfers for EFTA purposes.1397 NACHA also permits ACH debits that have been rejected to be re-presented.

Consumer Banking and Payments Law: 5.13.5 Bank Warranties Relating to Duplicate Presentments, Defenses to Payment, and the Consumer’s Insolvency

Because a merchant might simultaneously re-present a check electronically and in paper form, NACHA rules require that the merchant’s bank warrants that, subsequent to the origination of the RCK entry, the check to which the RCK entry relates or a copy of that check will not be presented to the consumer’s bank until the related RCK entry has been returned by the consumer’s bank. These rules, however, only impose limits on ACH re-presentment. The merchant can re-present the check via non-ACH methods free of those limits.

Consumer Banking and Payments Law: 5.14.1 Overview

A wide variety of new payment systems are emerging that are accessible either through mobile phones or online. Mobile devices and computers can be access devices within the meaning of the EFTA.1434 But whether and how the EFTA or other laws apply is not always easy to sort out. The use of mobile devices can pose a wide range of issues that are beyond the scope of this treatise.1435

Consumer Banking and Payments Law: 5.14.1a Faster Payment Systems

Electronic payments seem immediate, but most older electronic payments actually take a day or longer to move money. Debit cards confirm authorization at the point of sale, but funds do not transfer immediately to the merchant. Similarly, electronic payments through the ACH system take one or more business days to settle.

Consumer Banking and Payments Law: 5.15.1.1 What Is A Data Aggregator?

Data aggregators provide access, usually with consumer consent,1452 to a consumer’s bank, credit card or other types of account data from one or more institutions.1453 Data aggregators are typically middlemen that allow another entity, often one offering a mobile app, to use that data to offer the consumer a service.

Consumer Banking and Payments Law: 5.15.2 How Aggregators Obtain a Consumer’s Data; Consumers’ Right to Their Data

After obtaining the consumer’s consent,1455 data aggregators typically access consumers’ data in one of two ways. In a “direct data-feed,” the data aggregator uses an application programming interface (API) that enables the financial institutions holding the consumer’s accounts to feed the account information directly to the aggregator. The API allows read-only access, so the aggregation can access data but cannot make transactions.

Consumer Banking and Payments Law: 5.15.3 Security Issues Involving Data Aggregators

Data aggregators collect and transfer significant amounts of financial information about a consumer. The aggregator may have access to the consumer’s usernames, passwords, and PINs. This creates a tempting target for hackers and others bent on fraud. A lax security system can lead to the theft of data, identity theft, and unauthorized transfers.

Consumer Banking and Payments Law: 5.15.5 EFTA Coverage of Service Providers that Employ Data Aggregation

In general, the EFTA covers financial institutions that hold consumer deposit or other asset accounts.1467 However, an entity is a “financial institution” within the scope of the EFTA if it issues an access device and agrees with the consumer to provide electronic fund transfer services.1468 Typically, data aggregators do not contract directly with consumers, do not provide access devices, and

Consumer Banking and Payments Law: 5.15.6 EFTA Responsibilities of Account-Holding Financial Institutions When Consumers Use Apps that Rely on Data Aggregation

Some financial institutions have tried to discourage consumers from providing their login credentials to services that rely on data aggregators by disclaiming responsibility for unauthorized charges in various situations. Some banks include language in their account agreements that impose on the consumer the entire risk for any fraudulent, unauthorized, or otherwise improper use of a password or PIN number.

Consumer Banking and Payments Law: 5.15.8 CFPB Consumer Protection Principles for Consumer-Authorized Financial Data Sharing and Aggregation

The CFPB has published a set of consumer protection principles on consumer-authorized data sharing and aggregation.1475 The principles are not intended to alter, interpret, or otherwise provide guidance on—although they may accord with—the scope of protections under existing law, and do not themselves establish binding requirements or obligations.1476

The principles address: