The MasterCard Remote Payment and Presentment Service (“RPPS”) and Visa U.S.A. ePay systems both use proprietary transaction processing systems to process payment and related transaction information.  Both systems are restricted to debit transactions, although a form of credit transaction is used for reversals.  Both have faster transaction processing and settlement times than ACH, and unless specifically authorized, all funds are guaranteed because the systems use Fedwire for payment processing and settlement.  Both systems also permit transmission of related remittance information, making it possible to interface these systems with businesses’ accounting systems.  Another important feature of each is that they provide online access to regularly updated participation tables, making it possible for businesses to determine either in advance or periodically thereafter which of their business partners are participating in the EBPP service.

 

Businesses faced with the opportunities presented by any of these or other new EBPPs must review each EBPP service carefully before deciding to participate in one or more of them.  They will need to review a myriad of legal, business and operational considerations, some of which are discussed in this article.  Starting from the broadest objectives, businesses want comprehensive and integrated information systems, and EBPP must be capable of being integrated seamlessly into the entire information-processing network with the minimum of cost, delay and disruption.  Businesses will be more eager to participate if the risks associated with using an EBPP are known and quantifiable, and there are familiar and reliable dispute resolution procedures.  Potential participants should also carefully evaluate the amount and flexibility of transaction and remittance information each EBPP service permits, as this will impact the extent to which accounting systems can be integrated with the bill presentment and payment processes.

 

Businesses will next want to examine specific issues associated with each EBPP service.  These include the following, each of which is discussed in more detail below:

 

·        installation, participation and start-up requirements and costs;

·        transaction costs;

·        EBPP structure and applicable laws and rules;

·        growth potential;

·        transaction flexibility, process flow and timing;

·        funds collectibility and transaction finality;

·        operational and service level issues;

·        security;

·        privacy; and

·        dispute resolution procedures.

 

 

Installation, Participation and Start-up Requirements and Costs.

 Each business will need to determine what additional investment in hardware and software will be needed to participate in the selected EBPP.  This determination should take into consideration anticipated EBPP transaction volumes, reasonable transaction growth potential, interfaces with legacy systems, and the amount of remittance information required to accompany the payment transaction.  There may be additional costs in acquiring or training personnel to operate the EBPP system.  Low volumes of ACH transactions, for example, may only require fairly small expenditures to acquire financial institution-supplied software or browser-based software.  Higher volumes of ACH transactions using complex CTX structures may require a substantial up-front software investment.  Also, adding remittance data from a business’ legacy systems may require substantial translation costs, since this data may need to be in transaction formats not used by the business, such as ANSI ASC X12, UN/EDIFACT or a NACHA-endorsed banking format.  Another consideration adding to cost, is how the transaction data will be transmitted, i.e. via an open network (e.g. the Internet) or over a closed system (e.g. leased line/dial-up or value added network).  Businesses using open networks will need to invest in encryption software if this is not already being used or is not compatible with the EBPP system selected.  Businesses already using EDI will need to consider the incremental nature of EBPP software, hardware, communications and encryption requirements.  Costs associated with testing and integration of new trading partners using the ACH CTX structure might also need to be considered.  Some types of ACH transactions may need to be stored prior to transmission, which might incur data warehousing costs.  Both the Visa and MasterCard EBPP systems are reported to have fairly low start-up costs, depending on the connectivity and/or encryption options selected by the participant.

 

 

Transaction Costs.

 Businesses will need to examine the various transaction and recurring fees in order to determine if using the EBPP results in a positive cost-benefit over paper-based systems.  These fees may include monthly maintenance or customer service fees, as well as fees for transactions (often these are volume-based).  In some cases there may also be fees for handling exceptions and processing remittance data (in ACH transactions with remittance data, such as CCD+ or CTX), which are based upon the volume of the remittance data and, in some cases, upon translation, formatting and delivery requirements.  Both the Visa and MasterCard systems have simplified inclusive transaction fees structures that include volume-based tiers, offering lower per transaction fees to participants having larger volumes.  Businesses should be careful not to examine transaction fees alone, as this might yield an overly negative initial comparative result.  Costs for checks are likely to be lower on a strict per transaction basis than the current EBPP services.  However, other factors, such as the costs of check preparation, mailing, processing and collection, as well the benefits from having all of the payment and related remittance information in digital format, should be taken into consideration when examining the “true” transaction costs.

 

 

EBPP Structure and Applicable Laws and Rules.

The number, identity and role of the parties in the invoice presentment and payment transmission and settlement processes should also be carefully examined.  Businesses need to make sure that they understand the relevant rules and how business and transaction risks are allocated among EBPP participants.  Sometimes, there may also be gaps in the rules because one EBPP participant is not covered by the rules applicable to some or all of the other participants.  The Visa, MasterCard and NACHA systems all involve financial institution intermediaries and the inter-bank transaction processing, payment and settlement use existing ACH or Fedwire systems.  Article 4A of the Uniform Commercial Code (“UCC 4A”) covers payors, payees and intervening banks, but it does not cover intermediary transaction processing or switching systems such as an ACH network, the MasterCard RPPS or the Visa ePay system.  These systems have there own rules.  For example, NACHA has its Operating Rules and other inter-bank settlement systems such as CHIPS (Clearing House Interbank Payments System) and SWIFT (Society for Worldwide Interbank Financial Telecommunications) have their own rules as well.  Many of these rules limit the liability of the ACH network.

 

MasterCard RPPS and Visa ePay use Fedwire to settle transactions between the buyer’s and seller’s respective banks.  Fedwire enjoys all of the rights, responsibilities and limitations of liability of banks because it is expressly covered under UCC 4A, and it is not treated like another funds transfer system.  Businesses may already be familiar with UCC 4A, but if not, they should become familiar with the limitations of liability, risk allocation and other remedy issues under UCC 4A.  UCC 4A is not a panacea or safe harbor for businesses, though.  If a business is requested to enter into a special funds transfer agreements with its financial institution, it should carefully review this agreement, since UCC 4A permits some, but not all, of its terms to be modified by agreement.  Banks may obtain advantageous terms in their agreements and, if these agreements provide for unilateral modifications, then in some instances by providing their customers with written notice of modified terms.  Some of the other issues businesses should pay attention to under UCC 4A are:

 

                (i)  What liability will a business have for unauthorized payments?  Generally speaking a business will be liable for the payments it actually authorizes or for which it would otherwise be responsible under the law of agency.  A business will also sometimes be responsible for “verified” payments, which occur in instances where the bank and the business have previously agreed to use a commercially reasonable security procedure to verify payment orders and the bank has in fact verified the payment order with that security procedure before initiating payment.  In practice, the rule is somewhat more complicated and tends to shift the risk back to businesses once the bank and the business have agreed to use a commercially reasonable security procedure.

 

(ii)  What is the liability for erroneous payment orders?  For example, what happens if a payment order is transmitted with the wrong payee account number or dollar amount?  The detailed rules of UCC 4A on this issue give originators strong incentives to be very careful in checking errors, because they may be liable for subsequent losses.  Banks typically notify their customers that the bank will have no liability to check whether the account number and the account name match, or whether the amounts are correct.  A business can limit its exposure by agreeing with its bank that the bank will use additional security procedures to catch these types of errors.

 

 

Growth Potential. 

Another major consideration, although difficult for the potential user to assess in advance with any degree of certainty, is the growth potential of the particular EBPP system.  Even with fairly low investment costs, a business is likely only to realize a long term benefit from participating in a particular EBPP system if sufficient other participants relevant to the business also participate in the EBPP to make it viable, efficient and cost-effective.  This is not simply a matter of there being a sufficient number of buyers, sellers and participating financial institutions.  A business might find participation beneficial even though only six of its vendors/buyers also participate (out of a possible universe of two hundred such businesses), if the six vendors/buyers represent a significant percentage of its monthly B2B transactions.  Also, there will be a small (and likely decreasing) number of businesses that will remain strangers to automation, for which no EBPP system will be a solution.  A good start for any business is to discuss each EBPP system it might be considering with its existing financial institution (“EFI”) to find out in which systems its EFI participates or has plans to participate.  If the business outsources its sales/receivables or ordering/payments functions to a third party service provider, it should discuss the available EBPP systems with its outsourcer, either as a means of upgrading services during the current term of its outsourcing agreement, or as an issue to be addressed in future extensions of existing outsourcing agreements or new outsourcing agreements.  If the proposed EBPP system is a closed system, i.e. the buyer or seller must first agree to participate before invoice presentment or payment can be made, the business should examine the relevant participant directories to determine how many other businesses with which it has B2B relationships are currently signed up and participating in the EBPP system.  Both the MasterCard and Visa systems contain regularly updated participant directories, although these on not generally publicly accessible.

 

 

Transaction Flexibility, Process Flow and Timing. 

A business should examine the types of payment transactions permitted by the EBPP, whether the system permits only single or multiple invoice transactions, which party may initiate the transaction, the type of transactions permitted (i.e. credit and/or debit), whether remittance data may accompany the payment transaction and the amount of remittance detail allowed, how reversals will be handled and how long the transaction cycle will take to complete.  Each of these factors should be compared with the current and anticipated future requirements of the business.  Currently, businesses making payments by check benefit from the float, which is created as a result of the time it takes between printing and disbursing a check and when it is presented for payment.  The float is already being undermined by check electronification, where checks are more regularly being converted into ACH debits when presented to the receiving financial institution for payment and collection.  EBPP systems will further erode the use and reliance on the float in B2B transactions, because transactions can be settled in one to two banking business days in the case of ACH, while the MasterCard and Visa systems offer even faster settlement.  Most businesses are likely only to need credit transaction capability, since they will want to have positive control over their payments and are unlikely to want to give another business the right to make debits from their financial institution account when making B2B payments.

 

 

Funds Collectibility and Transaction Finality.

For businesses heavily dependent on the use of checks, some of the online payment systems would permit significant improvements in funds collectibility and transaction finality.  With ACH, the transaction originator assigns a date that it wants the transaction to be settled.  Settlement usually takes one to two banking business days after the transaction is initiated.  If the transaction is originated at the proper time in advance on a legal banking day, then settlement will occur on the date assigned by the transaction originator.  ACH credits become final as of 8:30 a.m. EST on the settlement date.  In buyer-initiated ACH credit transactions (i.e. where a buyer authorizes funds transfers and essentially pushes funds through the ACH system), the funds are guaranteed because the buyer’s bank debits the buyer’s account, the ACH operator then debits the buyer’s bank and credits the seller’s bank, which then credits the seller’s account on the settlement date.  In ACH debit transactions initiated by sellers, the funds are not guaranteed until settlement has occurred.  The MasterCard RPPS and VISA ePay systems use Fedwire for funds transfers, where funds are guaranteed and reversals are not permitted, except where Seller agrees to the use of non-guaranteed funds.  Each of these payment systems permits faster payment processing with greater certainty that funds will be available if they are available when the settlement process is commenced.  Each of these systems should also bring to light payment problems much faster than current paper-based systems.

 

 

Operational and Service Level Issues.

Each business should determine if the potential EBPP service processing capabilities and service levels meet its requirements.  Businesses should examine whether processing is online and in real time or batch, what the processing lead times are, and any relevant deadlines (for example, in the case of pre-selected ACH settlement dates, transactions need to be originated at least on to two banking business days in advance).  Historically, ACH networks have experienced fairly high levels of reliability and low incidences of fraud.  A business will need to examine how it proposes to use the EBPP.  For example, for large value transactions, it may need to compare the transaction timing, error level, transaction tracking and record keeping factors against its existing wire transfer service.

 

 

Security.

Security is likely to be a top consideration at businesses and financial institutions, and even more so where this relates to payment systems.  Security of any integrated system is only as strong as its weakest link.  And, if EBPP realizes its potential, then a business should consider that the EBPP might be its the primary conduit for the transmission and receipt of payables and receivables.  The scope of security issues is quite daunting, covering, for example, the access to physical facilities, communications equipment and databases, the types of communications and interfaces used to link businesses with their financial institutions, EBPPs and among other EBPP participants, the use of encryption in message transmission and storage, and the use of other means to limit disruption, fraud, other criminal activity, misuse, and unauthorized access.  Every security evaluation should begin with an assessment of the relevant risks, such as compliance risk (non-compliance with laws, rules, standards, ethical and best business practices), transaction risk (affecting transaction delivery or service performance, including fraud or misuse), reputation risk (effects on third party relationships and adverse publicity) and systemic risk (risks inherent in the type of business or larger business environment).  In addressing these risks and the possible resulting damages, costs or adverse effects, businesses may wish to consider the following:

 

(i)             Identification and authentication.  Identification consists of what information will be required to identify the originator of a transaction or payment order, and authentication addresses what means will be used to make reasonably sure that it is the business or someone with the proper credentials within the business that in fact initiated the transaction.  Authentication might be accomplished online using one or more personal identification numbers, digital certificates, or a selected biometric identifier, such as a fingerprint or iris scans.

 

(ii)                  Validation and unauthorized access in transmission.  Businesses should question what procedures would be employed to ensure that transaction information could not be changed without any such change being evident.  Message encryption, such as PKI (public key infrastructure) could be used to validate transactions as well as to shield transaction information from unauthorized access and surveillance.

 

(iii)                 Non-repudiation and traceability.  Transaction information should clearly identify the parties and payments, and it should be delivered in a secure environment that provides for traceability of all transactions.

 

(iv)                Storage security and retention.  Transmission and storage equipment containing confidential data should be secure and subject to physical and electronic access restrictions.  Employees having access to such equipment and systems should also be bound by confidentiality agreements and should be required to abide by strict security procedures.  Businesses should become familiar with the retention policies and practices for EBPP transaction information, especially the length of time records will be maintained, how these records will be stored, under what circumstances and how to gain access to such records.

 

A business should examine the alternative communications links available to link it with its financial institution and the selected EBPP service, and weigh these against the risk of loss and the cost of implementation and operation.  In an ACH network, security issues between the originator and its financial institution are controlled by the agreement between the parties.  A business might also consider whether the EBPP (or its financial institution) service permits blocks or security systems to limit access to certain accounts or types of account, or limits transaction amounts or the numbers of debits that may be made against an account within a predetermined period of time.

 

Privacy. 

Businesses should be concerned about preventing any unauthorized access to financial and transactional information and possible misuse of such information.  If the information is that of the business itself, it will want to protect this information from public disclosure as it may contain sensitive information about its proprietary systems, customer names, operations, pricing and deal terms, financial condition and other competitive transaction information.  If this information relates to third parties, the business may itself be under an obligation to protect such information from disclosure and may face liability if it breaches that obligation.  Business privacy concerns are often different from privacy issues that arise in consumer transactions, where the focus has been on the collection, storage, transmission, use, access and sharing of personally identifiable information.  However, if consumer information is present in B2B transactions, such as information sharing arrangements, or inter-company procurements for delivery to end-user consumers, then such information needs to be handled in compliance with applicable consumer privacy laws and privacy policies.  In this regard, businesses should be generally familiar with the restrictions on sharing information by financial institutions with non-affiliated entities under the Gramm-Leach-Bliley Act.  Both the Visa ePay network and the MasterCard RPPS have posted privacy policies.  In contrast, the ACH networks and NACHA do not have a single stated privacy policy, but rather they rely on the privacy policies of their participants.  Non-disclosure of B2B information is typically addressed in the agreement between a business and its financial institution.

 

 

Dispute Resolution Procedures.

A business should investigate whether the particular EBPP has a separate dispute resolution procedure.  If so, what are the rules?  NACHA’s ACH network does not have separate dispute resolution procedure, but the NACHA Operating Rules set out the certain guidelines on handling and mitigating possible disputes.  Special funds transfer agreements may set out how disputes will be resolved and what procedures must be followed.  Visa and MasterCard also have rules on dispute resolution.  In addition, trading partner agreements between the parties should also contain a default dispute resolution provision that provides for the applicable governing law, venue for actions or proceedings and whether an alternate dispute resolution procedure, such as arbitration, is mandated.

 

As businesses move towards even fewer paper-based records as a result of laws that give digital and paper records equal legal significance, they will also have the opportunity to automate their B2B bill presentment and payment functions and integrate these with the remainder of their comprehensive enterprise systems.  We are only witnessing the first offerings of this new technology.  But already, EBPP systems offer businesses greater efficiency and speed in processing transactions, while at the same time enabling businesses to reduce significantly some of the transaction and financial risks, such as improving payment traceability, collectibility and finality.