INSIDE: 2013 ACH Rules Reminder for Originating Companies.....................................................................................pg. 1 How to Comply With NACHA’s New Security Framework Rule......................................................................pg. 1 Payment Card Industry Data Security Standards (PCI DSS) Revised............................................................pg. 1 Interchange Rules in the News Again..................................................................................................................pg. 2 Payroll Cards Come Under Fire...........................................................................................................................pg. 2 New $100 Note Now in Circulation....................................................................................................................pg. 4 NACHA Continues Work with Microsoft, FS-ISAC, the ABA and Others in Fight Against Cybercrime...pg. 4 FinCEN Issues Guidance on Virtual Currencies.................................................................................................pg. 4 Cyber Security Insurance: What’s All the Buzz About?.....................................................................................pg. 5 NACHA Expedited Processing and Settlement Update...................................................................................pg. 5 You Have The Right to Remain Paperless: The “No Check” CEO Bill of Rights..........................................pg. 5 Cyber Security a Growing Issue for Small Business...........................................................................................pg. 6 Top 5 OFAC Compliance Facts............................................................................................................................pg. 7 Does the International Remittance Transfer Rule Apply to Your Business?....................................................pg. 8 Protecting Personal Information: A Guide for Business....................................................................................pg. 8 Understanding Healthcare EFTs..........................................................................................................................pg. 9 2013 ACH Rules How to Comply With NACHA’s Reminder for New Security Framework Rule Originating Companies NACHA’s ACH Security Framework Rule, Four ACH Rules changes of significant impact to Originators went into effect on September 20. How have you been keeping up with this year’s changes? As an originator of ACH entries it is important to stay up-to-date with the ACH Rules, including updates and changes as they arise. Need a refresher? Click here to download 2013 ACH Rules Update for Originating Companies, to find out which ACH Rules changes may apply to you. Be sure to contact your financial institution regarding any questions you have in regard to how these changes pertain to your current Origination activity. to meet those expectations and valuable which went into effect on September 20, resources are included. Every business imposes greater expectations of data security originating ACH transactions will benefit on business ACH Originators. EPCOR has from this course’s fundamental overview of developed a short, on-demand course which the new ACH Rule requirement, useful tips provides business ACH Originators with a for compliance and related resources. This basic overview of their obligations under the course is free to EPCOR Members to provide ACH Security Framework Rule in an easy- to their business clients. Inquire with your to-understand manner. Actionable guidance financial institution for more information. Payment Card Industry Data Security Standards (PCI DSS) Revised By Rayleen Pirnie, Director, Compliance & Fraud make PCI DSS part of their business-as-usual activities by introducing more flexibility, and The long-anticipated revision of the Payment Card Industry Data Security Standards (PCI DSS) reportedly will be finalized in November. The Payment Card Industry Security Standards Council (PCI an increased focus on education, awareness and security as a shared responsibility.” Listed below is a brief overview of the updates we expect to see in the final release. First, a secure network must be maintained SSC) has released the first glimpse at the for transactions, including robust firewalls. proposed changes which enhance six major This includes specialized firewalls for wireless objectives of the current standards. In the LANs. Additionally, the updated guidance August 15th Press Release, PCI SSC indicated specifies enhanced authentication standards. that these changes “… will help companies Second, cardholder information must see SECURITY STANDARDS on page 2 E P CO R • I n side Origination | October 201 3 1 SECURITY STANDARDS continued from page 1 be protected regardless of how or where each user to have their own unique access programs should scan all exchanged data, credentials. Access controls should consider applications, random-access memory (RAM) it is stored. (Criminals frequently target cardholder data in all forms, physical and and storage media frequently. repositories and databases of consumer electronic. In addition, businesses should not Lastly, businesses must have a formal information, hence this enhancement.) request any cardholder information that isn’t information security policy that is well- Third, all systems handling card data required to carry out a transaction or to help defined, updated and followed at all times. protect against fraud. Additionally, formal audits should measure must be protected against hackers by using appropriate, patched security solutions such Fifth, networks must be constantly as anti-virus software, anti-spyware, anti- monitored and regularly tested to ensure malware, etc. that all security measures and processes are Fourth, appropriate access controls the effectiveness of the program and penalties for non-compliance may apply. effective, function properly and current. For Additional Resources: must be in place to properly restrict access example, anti-virus and anti-spyware programs PCI 2013 Community Meetings to cardholder data, including requiring should have the latest updates applied. These PCI Security Standards Home Page Interchange Rules in the News Again By Karen Sylvester, AAP, NCP, Compliance & the Board’s Final Rules that went into effect Fraud Manager in July of 2011 which set standards for Board to establish standards to determine the debit card interchange transaction fees and amount of interchange fee that is reasonable network exclusivity prohibitions. The retail and proportionate to the cost incurred by District Court for the District of Columbia associations assert that the merchants they the Issuer. After a survey was completed, the may have card issuers wondering what the represent have experienced a significant Board determined 21 cents was an appropriate future holds for interchange fees. Judge increase in costs due to the increase of card compensation amount for the Issuers., and also Richard Leon, a United States District Judge usage. The final ruling purported that the adopted a requirement that two unaffiliated for the District of Columbia, concluded financial industry has seen a decrease in networks be available for each debit card, but that “the transaction fee and network non- cost by not processing as many checks and not for each authorization method. exclusivity regulations as currently written are increased card usage. The final ruling also fundamentally deficit”. This ruling requires discussed how merchants experienced a appealed Judge Richard Leon’s decision, additional the Federal Reserve Board of Governors to 234% increase in interchange fees for PIN filings were due the middle of October. Merchants rebuild the rules and prevents the adoption of based transactions between 1998 and 2006. have aligned with the Board to ask for the court to similar regulation standards. The increase in fees is based on card usage stay the judgment pending appeal, explaining to as well as the networks increasing fees. The the court that they would prefer to continue to pay the National Association of Convenience merchants emphasize there are not enough pre-Durbin interchange fees until a final decision Stores, the National Retail Federation and networks to process transactions through is reached. EPCOR will continue to monitor the National Restaurant Association, filed because of Issuer relationships and smaller for any updates and impacts of the Durbin a civil case against the Federal Reserve networks have increased their fees based on Amendment or enhancements to the current Board of Governors (Board) to overturn larger network fees. interchange fee and processing standards. A recent court decision in the United States A number of retail associations, including The Durbin Amendment directed the The Federal Reserve Board of Governers has Payroll Cards Come Under Fire By Andrew Deichler, Association for Financial into question how much these programs are this week, including McDonald’s, Walgreens Professionals costing low-wage employees. But are the and Wal-Mart, requesting more information on alternatives any better? their payroll card programs. The attorney general Payroll cards are receiving a bit of bad press lately, due to an investigation that calls New York Attorney General Eric T. Schneiderman sent letters to about 20 companies is concerned that these card programs end up costing employees too much money. see PAYROLL CARDS on page 3 E P CO R • I n side Origination | October 201 3 2 PAYROLL CARDS continued from page 3 Charges such as $0.50 for a balance inquiry, between 2.4 percent and 3 percent to cash their payroll checks. “The study found an $2.25 for an out-of-network ATM withdrawal unbanked employee earning $26,000 a year and $2.95 for a paper statement tend to would spend approximately $750 in check- total up, especially to a low-wage employee. cashing and money order fees to pay their Once these fees are taken into account, some bills, or about 2.8 percent of their annual employees are actually making less than earnings,” she wrote. minimum wage. Schneiderman is also attempting to discern Chuck Phipps, AAP, CTP, bank operations manager, EFT Processing for NetSpend, the whether these employers violated state labor largest issuer of payroll cards, believes that the laws by forcing employees to use payroll cards story is being sensationalized. “Events like this as a condition of their employment. Under surprise me with how much misunderstanding New York law, organizations are required still exists about payroll cards, especially with to receive employees’ explicit consent the high-value they provide to both employees before they can pay them via payroll card. and employers,” he said, in an interview. “The Additionally, companies are also required vastly greater positive aspects far outweigh to give employees an option to receive their the few negative outliers. Reporters seem wages without incurring any fees. to continuously focus on payroll card fees, The New York Times reported that many as if paper paychecks carry zero cost to an employees fear that if they do not accept employee. At the very least, it takes time to payroll cards, their employment will be cash a check or deposit it at a bank, and check- terminated. Others claim to be automatically cashing stores usually take 1 percent or more enrolled in payroll card programs and would of the face value.” have to “navigate a bureaucratic maze” if they want to opt out. The situation escalated even further when Phipps added that the majority of state labor laws strictly articulate how employees can and should be paid, and most of them 16 Democratic senators sent a letter to have rules for payroll cards that dictate Richard Cordray, director of the Consumer one or more free methods per month for Financial Protection Board, and Seth accessing all their funds in cash. “The NY D. Harris, acting secretary of the Labor State Attorney General is highly unlikely Department, to investigate companies’ use of to find any wrongdoing among the larger payroll card programs. corporate employers he plans to investigate,” However, there is an argument to be said Phipps. “They typically have the best made that these employees would be payroll card programs with the most features, incurring higher costs if paid through all fully compliant with Regulation E and zero different means. Many individuals paid via possibility of infringing on employee rights.” payroll cards do not have bank accounts, With all of this controversy in the noted Kirsten Trusko, president and headlines, many corporates who have executive director of the Network Branded implemented payroll card programs or are Prepaid Card Association, in American considering it will likely have questions. Banker. If these individuals were paid by Practitioners can look to the AFP Guide to check, they would endure check cashing Payroll Card Programs to help them better fees that can total up substantially. understand these programs. Trusko cited a 2010 study by the Massachusetts Division of Banks which © 2013 Association for Financial found that an unbanked employee pays Professionals (www.afponline.org) E P CO R • I n side Origination | October 201 3 3 New $100 Note Now in Circulation NACHA Continues Work with Microsoft, FS-ISAC, the ABA and Others in Fight Against Cybercrime The new $100 note, which incorporates In early 2012, NACHA joined with with malware and initiating more than half a new security features such as a blue, 3-D Microsoft Corporation, the Financial Services security ribbon, will be easier for the – Information Sharing and Analysis Center public to authenticate but more difficult for (FS-ISAC) and others to plan and execute effort by both the public and private sector counterfeiters to replicate. Find out more coordinated action to disrupt some of the to fight cybercrime, help protect people and about the simple steps you can take to ensure most notorious cybercrime operations businesses from online fraud and identity that you and your employees are prepared responsible for fueling online fraud and theft, and enhance online Internet security to recognize and accept the redesigned $100 identity theft. That action was very successful, for everyone. NACHA provided support note and help safeguard your organization disrupting a number of harmful botnets for this operation to ensure that financial from financial loss. To explore the new and a critical source of money-making institutions’ customers/members continue to security features of the $100 note and to for fraudsters, while gaining important trust ACH payments,online banking and bill download training materials for your staff, information to help identify those responsible payment services. click here. and to better protect victims. In a continuing effort to fight cybercrime, billion dollars in fraudulent transactions. This cooperative action is part of a growing For additional details around this collaborative effort, view the press release. NACHA recently collaborated again For computer owners worried that their with Microsoft, the Federal Bureau of computers might be infected, Microsoft offers Investigation (FBI), FS-ISAC, the American free information and malware removal tools Bankers Association (ABA) and other at http://support.microsoft.com/botnets. technology industry partners to disrupt a Source: NACHA global cybercrime operation responsible for infecting more than 5 million computers FinCEN Issues Guidance on Virtual Currencies To provide clarity and regulatory certainty transmitting them. Convertible virtual for businesses and individuals engaged in currencies either have an equivalent value an expanding field of financial activity, the in real currency or act as a substitute for real Financial Crimes Enforcement Network currency. The guidance considers the use of (FinCEN) has issued the following guidance: virtual currencies from the perspective of Application of FinCEN’s Regulations to Persons several categories within FinCEN’s definition Administering, Exchanging, or Using Virtual of money services businesses (MSBs). Currencies. The guidance is in response to questions raised by financial institutions, To view the news release, click here. law enforcement and regulators concerning Download the guidance. the regulatory treatment of persons who use convertible virtual currencies or make Source: FinCEN a business of exchanging, accepting and E P CO R • I n side Origination | October 201 3 4 Cyber Security Insurance: What’s All the Buzz About? NACHA Expedited Processing and Settlement Update transactions, thereby creating a common adopt the Fed service as a stepping stone to a By Rayleen Pirnie, Director Compliance & foundation for all financial institutions on broader, more ubiquitous offering in the future; Fraud which they can then develop valuable services thereby developing internal processes and for their customers. In response, NACHA is launching new services that take advantage of In years past, most companies either continuing its outreach to its members and same-day settlement gradually over time. considered cyber security to be a purely the industry, exploring options that can lead Information Technology function, or didn’t to the certainty of a ubiquitous same-day ACH Operators to ensure that the ACH really consider cyber security as a necessary settlement rule. Rules and the technology infrastructure part of their daily business. With the high Many organizations have encouraged NACHA to continue its work on a rule supporting same-day settlement of ACH In the meantime, NACHA is supportive of Expedited Processing and Settlement rule would have become effective. NACHA encourages financial institutions to NACHA will carry on its work with both they support are complementary. NACHA number of breaches today, more businesses the offering available to financial institutions also will continue to support the industry to realize the importance of cyber security, via the FedACH® SameDay Service. Although provide certainty of roles and responsibilities and that at times security itself isn’t enough. the service is not ubiquitous, it is a very good for all utilizing the ACH Network via both Protect information from nefarious aggressive starting point and it is available now – almost ACH Rules and, when beneficial, NACHA sources, or pay the consequences. a year and a half earlier than the proposed Opt-in programs and rules. Breaches large and small have made the media over the years, and the negative publicity isn’t the only expense the compromised business must contend with. In Ponemon Institute’s 2013 Cost of Data Breach Study, the average cost of a data breach was $188 for each lost or stolen record. Times this by hundreds, or even thousands of records that may be lost in a breach. Also consider the Federal Trade Commission Act (FTC Act) which requires businesses who disclose to consumers that the business will protect information actually do so. A breach can result in a violation of this federal act. The Federal Trade Commission has reportedly brought 35 businesses up on charges of violations in just the past two years; many of these cases were businesses who were breached during a cyber-attack. It’s not surprising given today’s environment that more businesses are seeking shelter from the fall out of often uncontrollable events. When considering cyber security insurance, understand that not all policies see BUZZ on page 6 You Have The Right to Remain Paperless: The “No Check” CEO Bill of Rights Did you know there’s a whole new generation of CEOs and CFOs who run paperless businesses and insist on electronic payments instead of paper checks? They have no patience for time-consuming, paperbased processes that drag down everyone’s productivity. They’ve been endowed by game-changing cloud-based technology with certain inalienable rights. Freedom from their desks. “No Check” CEOs aren’t tied to their offices, but free to Become a paperless CEO with Direct Deposit and Direct Payment via ACH! Visit electronicpayments.org for more information, tools and ideas. manage their companies from wherever they documents to a cloud-based service, manage need to be, with instant, real-time access the approval process online, and make to their business and financial data from payments electronically. anywhere, 24 hours a day. Freedom from bill-payment hassles. They simply scan, fax or email bills and associated Freedom from receivables worries. “No Check” businesses rake in their receivables 2-3 times faster, thanks to e-invoicing, automatic see PAPERLESS on page 6 E P CO R • I n side Origination | October 201 3 5 BUZZ continued from page 5 PAPERLESS continued from page 5 anywhere, any time – so no need to save are created equally. It’s important to read reminders, and online customer payments and store paper receipts, purchase orders, the policy coverage carefully and ensure it deposited directly into their bank accounts. contracts, check stock or paper invoices. Freedom to reduce operating costs. covers what your business considers crucial. Freedom from cash flow uncertainty. “No Most breach expenses don’t end with just the Check” CEOs and CFOs get precision control Eliminating paper not only reduces exposed records; consider damage to your over cash flow, by projecting receivables, processing costs for payables and receivables, infrastructure if a particularly nasty piece payables and balances up to three months out, digital access enables better cost controls of malware infects your network leaving a revealing potential problems well in advance. through improved visibility. Getting rid of wake of ruin to computers and servers alike. Freedom from check fraud. Unlike checks, time-consuming paper-based processes also And consider if a consumer group decides electronic payments can’t be intercepted or increases productivity for everyone. Ready to file a Torte Action against your business modified. And unlike paper documents, to become a “No Check” CEO? It’s as simple for harm suffered when you were unable electronic data can be protected with as moving your business processes from the to protect their information. Businesses enterprise-level security systems. manual, paper-based world to the cloud, via should also consider what happens if the Freedom from paperwork. Some “No services such as Bill.com. criminal element manages to gain access to Check” businesses don’t even have file financial accounts while they are siphoning cabinets, because everything is digitized Source: Pymnts.com; René Lacerte, information during a breach; this often causes and stored online for secure access from Founder and CEO of Bill.com a devastating loss that many businesses never recover from. Businesses should perform an internal assessment of what they seek to protect by way of the insurance, just like any other policy. If your business is located at the top of a mountain, you may not need flood insurance, right? Consider the same with cyber security insurance. If your business doesn’t collect or maintain consumer records, then you probably don’t need a policy that covers the theft of consumer records. If you have financial accounts, but don’t have the proper coverage, then the policy may not help you recover from those losses. Many businesses find themselves lost when aimed at increasing cyber security measures trying to identify a good policy for them. In nationwide. In August, the White House august 2013, the Ponemon Institute published distributed some loosely defined sets of Managing Cyber Security as a Business Risk: incentives designed to promote private Cyber Insurance in the Digital Age to help company adoption of the voluntary aspects of guidance businesses understand what’s at the “Cyber security Framework.” At the top of stake, influences on purchasing cyber security the list is a proposed cyber security insurance insurance, and general guidance in navigating market, which calls for the adoption of risk- this policy world. Also check national and state reducing measures and risk-based pricing resources, such as the Better Business Bureau models. So ideally, if businesses opt to comply or independent reviewers such as Tech Target. with the voluntary cyber security standards Today’s policies could change in coming we anticipate in early 2014, and want cyber months. Remember back in February, security insurance, you may have more options President Obama signed an executive order than those who choose not to comply. Cyber Security a Growing Issue for Small Business As more business owners utilize technology cyber threats, making them easy targets just as much a danger for small companies as such as cloud computing and mobile devices for expert criminals,” said Chris Collins, it is for larger ones. Here are three security and apps, the risk of hackers accessing money chairman of the House’s Subcommittee on tips that were offered as part of the testimony: and sensitive business data becomes more Health and Technology. “In addition, many real. The House Committee on Small Business of these firms have a false sense of security employees. When it comes to cyber security, addressed this issue during a special hearing and believe they are immune from a possible one of the biggest problems is the lack of called, “Protecting Small Businesses Against cyber-attack.” education among small-business owners and Emerging and Complex Cyber-Attacks.” The committee heard testimony from “Small businesses generally have fewer a number of professionals from the tech resources available to monitor and combat industry on how and why cyber security is 1. Create a written security policy for their employees, Collins said. Business owners and their IT departments need to stay up-to-date on issues relating see SECURITY on page 7 E P CO R • I n side Origination | October 201 3 6 SECURITY continued from page 6 something that can be guessed based on to cyber security threats and should create public information, consider changing it to a written security policy for employees, something more difficult to crack. suggested Dan Shapero, founder of Laguna Weber told a story about how one of his Beach, Calif.-based pay-as-you-go digital small-business clients used the name of his marketing firm ClikCloud. In it, determine college mascot as his bank password. Hackers whether employees should be allowed to figured out the password and removed have personal data on business devices, he $40,000 from his account. Business owners said. Conversely, figure out whether business should create passwords that are at least 12 data should be permitted on their personal characters long and contain upper and lower devices and what to do in case a device is lost case letters, as well as numbers and special or stolen. characters, Weber said. Then, share the document with employees Also, avoid using the same password across and make certain that they understand what to multiple accounts, recommended Justin do and why cyber security is vital, Shapero said. Freeman, corporate counsel at San Antonio, 2. Use stronger passwords. This might Texas-based IT hosting company Rackspace. seem like a no-brainer to some, but The more passwords between hackers and business owners have been “dumb” about your data or money, the better, he said. creating smart passwords, said William Need a Cyber Security Plan? 3. Encrypt your data. You can’t always keep Weber, senior vice president and general hackers out of your computer systems, so take counsel at Cbeyond, an Atlanta-based steps to protect the data contained within telecommunications and IT company. those systems, Freeman said. That’s where If your password is a common word, or encryption comes in. Disk encryption tools Create your own customized cybersecurity plan with the Federal Communications Commission’s (FCC) Small Biz Cyber Planner 2.0. This online tool will allow you to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. Click here to get started. come standard on most operating systems, including BitLocker for Windows PCs and FileVault for Macs. These programs essentially convert the data on your systems into unreadable code that isn’t easily deciphered by hackers. Source: Entrepreneur; Jason Fell Top 5 OFAC Compliance Facts OFAC is the acronym for the Office of 1. What OFAC Compliance Means entities and their foreign branches. In the Foreign Asset Control. OFAC compliance The Office of Foreign Assets Control cases of certain programs, such as those is critical for U.S. businesses working with administers and enforces economic sanctions regarding Cuba and North Korea, all foreign overseas partners; the regulations are in programs primarily against countries and subsidiaries owned or controlled by U.S. place in part to ensure that companies groups of individuals, such as terrorists and companies also must comply. Certain don’t unwittingly do business with terrorist narcotics traffickers. The sanctions can be programs also require foreign persons in organizations or other unsanctioned entities. either comprehensive or selective, using possession of U.S. origin goods to comply. the blocking of assets and trade restrictions 3. Industry Specific Information businesses, no matter how small, will to accomplish foreign policy and national OFAC provides downloadable guidelines have foreign suppliers or clients, makes security goals. All U.S. persons (which by and FAQs for specific industries, including: it imperative that they understand Office legal definition includes firms) must abide • Financial Sector of Foreign Asset Control Compliance is. by these sanctions—this is the meaning of • Money Service Businesses Businesses are responsible for following compliance. • Insurance Industry The increasing possibility that US OFAC regulations designed to halt terrorist 2. Who Must Be in Compliance • Exporters and Importers and other illegal funds from circulating All U.S. persons must comply with OFAC • Tourism / Travel If you are in an industry with signficant regulations, including all U.S. citizens and • Credit Reporting foreign business, a small business owner, or permanent resident aliens regardless of where • Non-Governmental Organizations an individual doing business, here are the top they are located, all persons and entities five areas to familiarize yourself with. within the United States, all U.S. incorporated (NGOs) / Non-profit • Corporate Registration see OFAC on page 8 E P CO R • I n side Origination | October 201 3 7 OFAC continued from page 7 Information is available on the OFAC Information for Industry Groups page. • Cuba 5. Specially Designated Nationals (SDN) List • Democratic Republic of the Congo OFAC publishes a list of Specially Designated • Iran Nationals and Blocked Persons (“SDN list”) which 4. OFAC Country And List-based Sanctions • Iraq includes over 3,500 names of companies and OFAC Country Sanctions and List-Based • Liberia individuals connected with the sanctions targets. Sanctions, including general licenses for • North Korea A number of the named individuals and entities exceptions; related documents; and laws, rules • Sudan are known to move from country to country and and regulations authorizing the sanctions are • Syria may end up in unexpected locations. U.S. persons available on the OFAC Sanctions webpage. • Zimbabwe are prohibited from dealing with SDNs wherever Included on the Country Sanctions List Are: List-Based Sanctions Programs Include: they are located and all SDN assets are blocked. It • The Balkans • Anti-Terrorism is important to check OFAC’s website on a regular • Belarus • Counter Narcotics Trafficking basis to ensure that your SDN list is current. • Burma • Non-proliferation • Cote d’Ivoire (Ivory Coast) • Diamond Trading Source: About.com Does the International Remittance Transfer Rule Apply to Your Business? The Remittance Transfer Rule, which you, including a temporary exception that amends Regulation E goes into effect on allows insured depository institutions and October 28, 2013. The final rule provides credit unions to use certain estimates in their new protections, including disclosures and disclosures. Any business that sends money error resolution and cancellation rights, to internationally for consumers may find this consumers who send remittance transfers to guide helpful. other consumers or businesses in a foreign This guide may also be helpful to agents, country. The amendments implement software providers, and other companies statutory requirements set forth in the that serve as business partners to remittance Dodd-Frank Act. transfer providers. The remittance transfer rule covers a broad range of companies and types of transfers. Click here to download the International This CFPB’s Small Entity Compliance Guide Money Transfers Small Entity Compliance will help you determine whether the transfers Guide. you send are regulated by this rule, and if so, what your compliance obligations are. Source: NACHA, CFPB It discusses exceptions that might apply to Protecting Personal Information: A Guide for Business The Federal Trade Commission (FTC) Security numbers, credit card, or other your free copy of the guide to safeguard your has developed a guide titled Protecting account data. While collecting information customers’ trust and perhaps even defending Personal Information: A Guide for Business is often necessary in the course of your daily yourself against a lawsuit. to help small businesses learn how to protect business, it can lead to fraud or identity theft consumer information such as names, Social when it falls into the wrong hands. Download E P CO R • I n side Origination | October 201 3 Source: Federal Trade Commision 8 Understanding Healthcare EFTs Healthcare Electronic Funds Transfers (EFTs) offer healthcare providers a safe, convenient, and timely alternative to paper checks or card payments for healthcare claims payments. What is the Healthcare EFT Standard? up to 7 days faster than with paper An EFT is the electronic exchange or transfer checks, improving cash flow. of funds from one account to another. EFTs • Safe and Secure — Checks continue to 2.Provide payment information to health plans — Enroll in EFT with a few health plans each week. Start with the serve as an efficient means of payments for be the dominant payment form targeted health plans that represent the largest providers and their practices. Per the Patient by fraudsters. Replacing all checks with percentage of your business. Protection and Affordable Care Act, the healthcare EFTs via ACH is the single NACHA ACH CCD+ is the healthcare standard. best way to combat fraud. To receive EFTs, providers can request • HIPAA EFT Transaction — As a HIPAA delivery of claims payments via the healthcare transaction, under 45 CFR 162.925, EFT standard, and health plans must comply. providers can request delivery of the Benefits to using the healthcare EFT standard are many: • Easy Automatic Payments — Receiving 3.Receive payments directly in your bank account — In the same ways employees receive payroll via Direct Deposit, receive your claims payments on time, every time. 4.Receive the Reassociation Trace healthcare ET standard and health plans Number directly from your bank must comply. — Contact your bank to receive the • Automatic Reasssocation — Only Reassociation Trace Number to begin healthcare EFTs via ACH is as quick as healthcare EFTs via ACH offer providers automatically matching remittance receiving Direct Deposit. the ability to automatically reassociate information with payments. • Smart, Cost-Effective Choice — The cost of claims via ACH is, on average, only $0.34 versus $10.73 or more for remittance information. How to Enroll to Receive the Healthcare Source: NACHA EFT Standard 1.Contact health plans — Choose the other EFT payment types. • Improved Efficiencies — Healthcare EFTs via ACH ensure funds are available healthcare EFT standard (the ACH CCD+ Addenda) for payment. E P CO R • I n side Origination | October 201 3 9 Through our direct membership in NACHA, EPCOR is a specially recognized and licensed provider of ACH education, publications and support. The Bank of Missouri | 888-547-6541 E P CO R • I n side Origination | October 201 3 10
© Copyright 2024