Hi,
We're developing a site (in Joomla) for a client that will have a basic shopping cart as well as a simple donations form. They are using Authorize.net as the payment gateway for both, and the components we're using have built-in support for this. Part of the reason for using Authorize.net was to avoid all the crazy PCI compliance issues that would come up with other processes.
But they need to also accept eCheck payments for their donations. The donations software we're using (http://www.fatica.net/products/joomla-donation-component.html) does include support for eCheck.net. So all of the required fields for an eCheck donation are preset and working fine.
But apparently, in order for our client to accept eCheck payments, the process must be NACHA compliant. And for web transactions, this appears to mean that a screenshot of the payment form must be captured when the end-user hits the 'Submit' button and stored by the merchant (our client) for up to 2 years.
I've been searching around, even on these forums, and do not see much of anything describing how technically this process is possible or works. So if this is an absolute requirement for anyone in the US to take eCheck payments online, I'm puzzled why it's so hard to find examples or details on how to do this.
- Can anyone help me understand what exactly really needs to happen here for our donations form?
- Can anyone direct me to any software solutions that show this in action so we can see this?
Our form (which is still in development, so we appreciate all discretion here) can be found here: Donation Form.
Thanks a lot!
Kenny
09-07-2011 02:46 PM
Can you supply a link to the applicable regulations?
09-07-2011 03:15 PM
Hi,
Here's a link to the PDF that the eCheck/Authorize.net underwriters forwarded to us:
http://iteachtexas.com/Files/eCheck-Merchant-Compliance-Education.aspx
And here's something else from Authorize.net with slightly different (and more vague) language (check page 19):
http://www.authorize.net/files/echecknetuserguide.pdf
Thanks for any help! I'm really puzzled by what this is asking for. It just doesn't seem correct/proper.
09-07-2011 03:52 PM - edited 09-07-2011 03:52 PM
They can't possibly mean an actual screenshot. I'm guessing some idiot at Cybersource wrote screenshot when the real requirement is just information retention. From the Authorize.net pdf:
All authorizations must be retained by the merchant for two (2) years after the
completion of a transaction, the completion of a final recurring transaction or after the
revocation of payment authorization... For authentications made over the telephone or via the
Internet, the merchant must retain a copy of the authorization and a record of the
authentication.
It says "record", not "screenshot". Images are for physical checks, not eChecks.
09-07-2011 08:41 PM
Thanks for the response. Yes, I was thinking it couldn't be possible either.
But it does state this, and when I spoke with someone in their underwriting department he seemed to confirm this. I'm still waiting to speak with someone else about it, though. So without anything else more concrete, I'm kind of stuck.
But if this is not the way complicance is achieved, there must be a somewhat common way that it IS achieved. So can anyone point me to some good working examples of eCheck payments implementation that passes Authorize.net's 'interpretation' of NACHA compliance??? Does anyone actually do eCheck payments???
Thanks!
09-08-2011 10:34 AM
If you browse down through the posts far enough, you should find some about eCheck. Not many - but enough.
09-08-2011 11:14 AM
OK, I've searched these forums for 'eCheck NACHA' and 'eCheck compliance'. Nothing. All the threads I read are about getting the form setup properly or getting it to work with a testing environment (we're not even to that stage yet).
The frustrating thing is that this is where the Authorize.net people said we would have to search for help, as they were not able to give any more specific help here. But I would guess anyone using eCheck with Authorize.net had to get the same compliance request that we did, as they say it's a national standard. So either every other person just got it and I'm completely lost here, or we got a crazy standard that nobody else has to adhere to.
Puzzling...
09-12-2011 06:56 PM
I want to let you know that I don't have a solid answer for you at the moment, but I've reached out to our underwriting team internally to see if I can find the original source of language you are being given. I do understand the technical impracticality of taking a screenshot of your customer's screen, so I'll be sure to let you know as soon as I have some more information.
09-13-2011 02:52 PM - edited 09-13-2011 02:52 PM
Hi,
I have the same question, is there any update or detail documentation regarding this?
I have called the support desk and was told that the screenshot requirement is taken care by the authorize.net api and nothing needs to be implemented on the web application form or process page. Is this statement valid?
05-31-2012 01:00 PM
The Authorize.Net API definitely does not obsolve you from following the NACHA requirements, it certainly does not retain any screenshots. Unfortunately, the only advice that I Can provide in regards to the wording is that it is wording provided by NACHA themselves and not something that was written by Authorize.Net.
06-01-2012 03:19 PM