Posted September 19, 2002
NACHA has recently become aware of an increasing number of fraudulent transactions being made over the ACH Network using the Telephone-Initiated Entry (TEL) application. The TEL application became effective in September 2001 as a means to provide a more streamlined method by which consumers could authorize one-time ACH debit entries. This Operations Bulletin is intended to identify specific risk management concerns related to the origination of TEL entries and to clarify key rules obligations with respect to proper authorization and use of the TEL application. ODFIs are strongly encouraged to consider these issues when determining whether to offer TEL origination services on behalf of their customers and to consider expanding their risk management policies and procedures to address these concerns.
TEL Risk Concerns
While the TEL application was developed to facilitate the use of automated payments for one- time consumer debit entries, intentional misuse of the application is resulting in an increasing number of unauthorized consumer debit entries. It has become apparent that some of these entries have been initiated as a result of deceptive and fraudulent telemarketing practices. Examples of the types of complaints that NACHA has received concerning misuse of TEL entries are described below:
It has become obvious that there is a correlation between high return rates relating to unauthorized debits and Originators that are violating the rules or that are engaged in fraudulent/deceptive marketing practices. These merchants are experiencing a volume of unauthorized returns in excess of the average for other unauthorized debit entries.
It is critical that ODFIs understand that, under the NACHA Operating Rules, they are responsible for all transactions initiated into the ACH Network. To that end, they must recognize that they will be exposed to substantial risk when offering origination services on behalf of merchants that are engaged in fraudulent or deceptive business practices. To minimize the potential for fraud:
The TEL Entry Application
A Telephone-Initiated (TEL) Entry is a single entry (one-time) debit to a consumer Receiver’s account, initiated pursuant to an authorization that was obtained from the Receiver orally via the telephone. Originators may use TEL entries only when the following criteria have been met:
TEL entries may not be used in circumstances where:
Originators of TEL entries must obtain the consumer’s explicit oral authorization, via the telephone, prior to initiating a debit entry to the consumer’s account. Because TEL entries are single-entry (that is, one-time) debits, a separate and distinct oral authorization must be obtained from the consumer for each TEL entry to be initiated to the consumer’s account.
The NACHA Operating Rules require that the Originator (1) clearly state, during the telephone call with the consumer that the consumer is authorizing an ACH debit to his account, and (2) express the terms of the authorization in a clear manner.
The authorization must include:
The Rules further require the Originator to tape record the consumer’s oral authorization or to provide written notice to the consumer, prior to the settlement date of the TEL entry, confirming the terms of the oral authorization (including the information specified above). A copy of the tape-recorded authorization or written notice must be retained for two years from the date of the authorization.
Voice response units (VRUs) may be used by the Originator during the telephone call to prompt consumers to key enter data and to respond to questions. However, key-entry responses by the consumer do not qualify as an oral authorization for purposes of TEL entries. Originators must understand that the actual authorization by the consumer and disclosure of the information noted above must be provided orally.
* * * *
Questions about this ACH Operations Bulletin should be submitted via firstname.lastname@example.org.