CUNA Comment Letter
NACHA's proposed pilot to pay for Internet goods with ACH debits
July 11, 2000
Ms. Debbie Barr
Assistant Director of Network Services
13665 Dulles Technology Drive
Herndon, Virginia 20171
Dear Ms. Barr:
The Credit Union National Association (CUNA) appreciates the opportunity to comment on NACHA's proposed pilot to pay for Internet goods with ACH debits. This pilot allows consumers to pay for goods and services sold on the Internet with an automated clearing house (ACH) debit from their accounts. As a national trade association, CUNA represents more than 90 percent of the nation's 11,000 state and federal credit unions. This letter reflects the opinions of those credit unions.
CUNA recognizes NACHA's hard work in sponsoring and administering automated clearing house (ACH) pilots. These ACH pilots will ultimately reduce check use and create a faster, more efficient payment system.
In principal, CUNA supports the proposed pilot because it addresses the main risks to credit unions in an Internet- initiated ACH transaction - the security and authenticity of the data transmitted through the ACH system. CUNA's position is that a new Standard Entry Class Code is the most appropriate method to identify Internet-initiated payments in order to address this concern for protection from fraud as well as to easily identify and track Internet transactions. It is vital that information related to such Internet transactions be made available to depositors on their monthly account statements so they can be assist in fraud detection. CUNA supports the recommendation for an interim rule using the PPD format and a final rule using a new Standard Entry Class Code because it gives member credit unions the time necessary to make program changes and provide training to their employees. In addition, a new SEC code that is easily identifiable will help credit unions address customer service issues.
CUNA agrees with the recommendation that single-entry Internet-initiated entries, in the proposed final rule, cannot be returned using Returned Reason Code R07 (Authorization Revoked by Consumer) because a single-entry Internet payment is the result of a one-time payment authorized by a consumer at the time the consumer purchases a product or service. ACH Rules indicate that R07 may not be used for PPD debit entries initiated at the point-of-purchase. The Return Reason Code R07 should only be used to revoke authorization previously granted. CUNA agrees that in order to serve consumers better, the final rule should include the modification to require the RDFI to act on a stop payment order for single-entry Internet- initiated transactions that is placed with the financial institution when the financial institution has been given a reasonable time to act on the stop payment order instead of the three days notice.
As use of the Internet continues to skyrocket and consumers go to the same Web site for multiple transactions, it may be prudent to have two stop payment codes. According to the ACH Rules, the return reason code for stop payments (R08) means that a Receiver of a recurring debt transaction has stopped payment on a specific ACH debit scheduled to occur in the future. Since it appears that ACH Rules intended that Return Reason Code R08 be used to stop payment on future transactions and not for revoking authorization for transactions already authorized, CUNA recommends one code for a single stop payment on a one-time transaction and another code for a single stop payment for recurring, or future, transactions.
CUNA supports the concept of ODFIs warranting that Originators of Internet-initiated entries have used commercially reasonable procedures to verify that account number structures and routing numbers are valid for ACH transactions to avoid delay in processing as well as to reduce the number of exception items and administrative returns. In practice, however, CUNA has concerns about the additional liabilities that such warranties regarding third parties would impose on ODFIs. In terms of tools available to Originators to verify account and routing numbers, Originators could use Thompson Financial Publishing's ABA Routing and Transit Number Files or a commercial service provider which has a national routing number and account number database, such as Thompson's Epicware. If the credit union has an account at the Federal Reserve, it could refer to the FedWire or CRF files.
To minimize risk for Internet-initiated ACH payments, it is important that all participants, including Originators, adhere to specific encryption, security and fraud detection standards. Given that the Internet is an open network which requires special security procedures to prevent unauthorized access to purchasers' financial information, requiring ODFIs to warrant that Originators utilize a commercially reasonable fraudulent transaction system should reduce and prevent instances of Internet fraud. CUNA supports the concept behind the rule's provisions requiring ODFIs to warrant that originators have established a secure Internet session with a minimum of 128-bit encryption for each consumer before transmitting any financial information. Requiring ODFIs to warrant that each Originator of Internet-initiated ACH entries has been certified would strengthen participants' confidence in using and accepting Internet-initiated payments and should reduce instances of fraud. However, CUNA again has some concerns about the additional liabilities imposed on ODFIs with regard to verifying that the Originator's security systems are adequately maintained and are up-to-date. CUNA anticipates that required software changes associated with the new SEC Code in the final rule will be somewhat to moderately extensive/costly for its member credit unions.
CUNA strongly recommends a year-long implementation for the Interim Rule using the PPD format (until September 2001). CUNA also recommends September 2001 as the implementation date for the new SEC Code in order to provide member credit unions adequate time to make necessary adjustments to their systems and procedures. Some credit unions are in the process of implementing new systems that were put on hold in 1999 due to Y2K.
CUNA supports implementation of the pilot, with the recommendations made above. If you have further questions, please contact Associate General Counsel Mary Dunn or Regulatory Advocacy Attorney Catherine Orr at (202) 218-7766.
Mary Mitchell Dunn
Associate General Counsel
Catherine A. Orr
Regulatory Advocacy Attorney