NACHA Proposes to Use WEB for Mobile Payments, for Now

The rules-setting body of the automated clearing house plans to classify mobile ACH transactions under the existing WEB code rather than create a new code for such payments, at least for the short term. Mobile payments could get their own code some time after 2010. Those ideas are part of a request for comments that NACHA is circulating as it seeks to adapt the ACH to the small but fast-growing world of mobile transactions. Herndon, Va.-based NACHA posted its proposal to amend its operating rules to address mobile payments, along with a request for comments, on its Web site Sept. 1 and will take comments until Oct. 16. NACHA's Cross-Council Mobile Banking Work Group, which has been studying the issue since 2007, developed the proposal. WEB is the standard entry class (SEC) code for paying bills online by electronic check through a debit to a consumer's demand-deposit account. WEB transaction volume is booming as utilities and other direct billers and banks heavily promote electronic bill payments (Digital Transactions News, Aug. 21). But in these early days of mobile traffic, ACH payment originators already are using three other SEC codes besides WEB to initiate payment on mobile devices, NACHA's proposal notes. They are PPD, for prearranged payment and deposit entry, TEL, for telephone-based e-checks, and CIE, for customer-initiated entries. NACHA says users need clarification about how the rules apply. “Even among well-intentioned network participants, the absence of specific rules for mobile ACH payments creates an environment for participants to apply their own interpretation of existing rules to their products and business models,” the request for comment says. “This leads to greater industry confusion due to multiple and possibly conflicting interpretations of existing rules.” The advantage of WEB for mobile payments is that it has an array of security features, Susan Pandy, NACHA's senior director of Internet and e-commerce, tells Digital Transactions News. They include requirements for using commercially reasonable authentication and fraud-detection systems, verification of routing/transit numbers, use of secure online sessions during the transaction process, and annual security audits. “The WEB rule makes the most sense because of providing the most protection around the Internet session,” she says. Pandy also notes that browsers on mobile devices typically have the same security features as browsers on personal computers. The disadvantage of WEB is that without a dedicated SEC code, NACHA won't be able to get a precise count of mobile ACH transaction volume. In addition, a dedicated code would enable NACHA to tailor its rules to the unique aspects of mobile commerce. But the technical work involved in developing such rules as well as the interest of giving direction sooner than later worked in WEB's favor, according to Pandy. “We realized that in the very near term, we needed to acknowledge mobile in the rules,” she says. “This is certainly a channel that is going to see some significant growth.” NACHA's proposal cites two studies that predict mobile payments volume could range from $8.6 billion to $124 billion by 2014. Bruce Cundiff, senior analyst at Javelin Strategy & Research, agrees that, “it's prudent to stick with what you have [rather than] forcing a change that might not take. That's where they seem to be at the present.” Cundiff provided some input to the working group more than a year ago by virtue of Javelin's membership on NACHA's Internet Council. The present proposal would define a WEB entry as a debit entry to a consumer account based upon an authorization obtained from a consumer via the Internet or a wireless network. The WEB rules also would apply to individual debit payments initiated via a wireless network regardless of the form of the original authorization. For example, according to NACHA's proposal, if a consumer signed a paper authorization for a mobile payment service but initiated each individual debit via short-message service (SMS, the technology behind text messaging) or through a dedicated mobile payment application, that payment would be a WEB entry. After Oct. 16, NACHA will analyze the comments for the rest of the fourth quarter, according to Pandy. NACHA will then draft a revised rule that would be presented for membership approval in 2010's second quarter, with implementation by year's end. Then NACHA will turn its attention to the longer-term issues that besides developing a new SEC code for mobile payments also include mobile person-to-person ACH payments, according to Pandy. Other issues to be addressed include tracking mobile payments volume, the use of unencrypted SMS in payment applications, storage of banking information on mobile devices, compliance with the Payment Card Industry data-security standard (PCI), and mobile ACH credits, among others. So far, mobile ACH volume is mostly a matter of conjecture. Some observers, however, believe the ACH's share of current volume could be sizable because of transactions originated through PayPal Inc. and from the fast-growing software sales sites of smart-phone makers. These include Apple Inc.'s App Store for the iPhone and the app site for the BlackBerry from Research in Motion Ltd. (Digital Transactions News, Feb. 2).