skip to navigation
skip to content

Financial Outsourcing Solutions

Corporate People

FOS Blog

08 Oct

Are You Ready to Ride the Wave of the EFTA Class Action Suits?

Are You Ready to Ride the Wave of the EFTA Class Action Suits?

Lately, hundreds of consumer class action suits regarding noncompliance with the EFTA are being filed against financial institutions and other companies accepting electronic payments via debit cards and ACH. These suits are being filed under the Telephone Consumer Protection Act predominantly by two firms located in LA and Chicago.  Will others be jumping on the band wagon?

Basically, the filings center on preauthorized EFTs such as ACH and debit card transactions and whether or not proper authorization has been obtained.  In accordance with the EFTA, preauthorized transfers MUST be in writing.  The writing must be signed or authenticated via the provisions of the E-SIGN Act and two copies of the authorization must be provided to the consumer, one of which is signed and returned, either electronically or in paper form.

As you can see, there are many moving parts to this issue involving compliance with the EFTA, TCPA, E-SIGN Act and the NACHA rules.  Now is the time to review policies and procedures in regard to preauthorized electronic payments and strengthening controls.  In addition to understanding processes, policies and procedures, it is important to evaluate the risk inherent in the authorization options currently in use and available for use.  If you are not using one of these lower risk options for authorization, you may want to reevaluate your processes:

  • Accepting only nonrecurring payments with authorization via telephone. This type of transaction does not fall under the definition of EFT under Regulation E.
  • Accepting only credit cards for payment. There are two traps here.  First, the credit card cannot be linked to a consumer deposit account.  A consumer account is one used primarily for personal, family or household purposes.  Secondly, be aware of the card network rules of your current vendor as they may require an “honor all cards” rule.  This would require the bank to accept both credit and debit cards issued by the network vendor.  And debit cards would fall under the definition of EFT!
  • Accepting payment authorization via email, text or website under the requirements of the E-SIGN Act. But again, the feasibility of this would depend on your consumer base and their access and use of electronic and mobile devices.

Also be aware that:

  • NACHA presents its own set of rules for compliance in relation to PPD and TEL entries. BUT the rules include a caveat advising financial institutions that they still must comply with the requirements of Regulation E by obtaining “written” authorization.
  • E-SIGN Act requires consent following the receipt of detailed disclosures by the consumer. Oral recordings of authorization are not sufficient to protect the consumer.  The consumer must be able to review and retain the disclosure and authorization.

As these class action suits are just starting to move through the process, the actions of the CFPB are not known in regard to penalty and reimbursement.  Speculation is that noncompliance may result in a refund of the transaction amount in partial or in full to the consumer!