This SEC Code is used for the origination of debit entries (either
recurring or Single Entry) to a consumer’s account pursuant to an authorization
that is obtained from the Receiver via the Internet. This SEC Code helps to
address unique risk issues inherent to the Internet payment environment through
requirements for added security procedures and obligations.
An Internet-Initiated (WEB) entry may be transmitted by an Originator pursuant to an authorization that is obtained from the Receiver via the Internet to effect a transfer of funds from a Consumer Account of the Receiver.
In addition to the other warranties contained within these rules, each ODFI initiating a WEB entry warrants to each RDFI, ACH Operator, and Association that:
Each Originator for which the ODFI transmits WEB entries has employed a commercially reasonable fraudulent transaction detection system to screen each entry. In the case of a WEB entry initiated by an Originator that is not a natural person, the ODFI has (1) utilized a commercially reasonable method to establish the identity of the Originator, (2) established procedures to monitor the credit-worthiness of that Originator on an on-going basis, (3) established an exposure limit for that Originator, (4) implemented procedures to review that exposure limit periodically, and (5) implemented procedures to monitor entries initiated by that Originator relative to its exposure limit across multiple settlement dates.
Each Originator that originates WEB entries has used commercially reasonable procedures to verify that routing numbers are valid.
Each Originator that originates WEB entries has established a secure Internet session with each Receiver utilizing a commercially reasonable security technology providing a level of security that, at a minimum, is equivalent to 128-bit encryption technology prior to the Receiver's key entry and through transmission to the Originator of any banking information, including, but not limited ot, the Receiver's routing number, account number, and PIN number or other identification symbol.
Each Originator that originates WEB entries shall conduct or have conducted annual audits to ensure that the financial information it obtains from Receivers is protected by security practices and procedures that include, at a minimum, adequate levels of (1) physical security to protect against theft, tampering, or damage, (2) personnel and access controls to protect against unauthorized access and use, and (3) network security to ensure against secure capture, storage and distribution.
Each Originator originating WEB entries must employ a commercially reasonable fraudulent transaction detection system to screen each entry.
Each Originator that originates WEB entries must use commercially reasonable procedures to verify that routing numbers are valid.
Each Originator that originates WEB entries must establish a secure Internet session with each Receiver utilizing a commercially reasonable security technology providing a level of security that, at a minimum, is equivalent to 128-bit encryption technology prior to the Receiver’s key entry and through transmission to the Originator of any banking information, including, but not limited to, the Receiver’s routing number, account number, and personal identification number (PIN) or other identification symbol.
Each Originator that originates WEB entries shall conduct or have conducted
annual audits to ensure that the financial information it obtains from
Receivers is protected by security practices and procedures that include, at a
minimum, adequate levels of (1) physical security to protect against theft,
tampering, or damage, (2) personnel and access controls to protect against
unauthorized access and use, and (3) network security to ensure capture,
storage, and distribution. For more detailed information
click here.