Welcome » IT Booklets » Retail Payment Systems » Retail Payment Systems Risk Management » Retail Payment Instrument Specific Risk Management Controls » EFT/POS and Credit Card Networks
Financial institutions should have accurate audit trails for all
transactions at each network switch point. The audit trails
should identify the originating terminal and destination. To
ensure accurate transaction posting, the financial institutions
should have adequate procedures in place to control transaction
activity if the EFT/POS network becomes inoperable. Also,
financial institutions should document and monitor procedures for
balancing and settling transactions to ensure that they adhere to
interchange policies. Each participant in the switch should
receive adequate transaction journals and exception reports
necessary to facilitate final settlement for the institution.
A financial institution should establish stand-in processing
arrangements with peer financial institutions as part of its
disaster recovery and business continuity plans to ensure
availability of the service. Additionally, it should have
adequate oversight and contract provisions for all outsourced
services to ensure continuity of expected service levels.
Agreements between switch or network participants should delineate
each party's liabilities and responsibilities. The agreements
should detail basic control items concerning normal and contingency
processing and assign responsibility for corrective action.
Grievance procedures and arbitration policies are also an important
part of participant agreements.
Internet and Telephone-Initiated ACH
Financial institutions originating ACH debit entries through the
Internet should ensure they are in compliance with NACHA
requirements. NACHA rules establish a WEB standard entry
class (SEC) code for Internet-initiated ACH debit entries to which
a number of requirements apply. The rules apply to
originators and also affect the ODFI and its service
providers. Under these rules, financial institutions must use
the WEB SEC code to identify all ACH debit entries to consumer
accounts that a receiver authorizes through the Internet.
This code applies to both recurring and single entry ACH
debits. In addition, an ODFI that transmits WEB entries must
warrant that its originators have met certain NACHA standards.
Financial institutions offering TEL origination services on
behalf of their customers are exposed to substantial risk from
merchants that may be engaged in fraudulent or deceptive business
practices. Therefore, these institutions should adopt
applicable NACHA risk management practices.