Synapse FI supports interchange processing for credit and debit cards to enable Platforms to fund user accounts with cards or send disbursements back to cards. Interchange is considered an EFT and is subject to Reg E requirements.
In addition to the CFPB UDAAP requirements, Synapse will require the Platform to be compliant with all requirements set forth in Regulation E (“Reg E”), and the Electronic Fund Transfer Act (“EFTA”) to the extent applicable. This Act states:
- Disclosures must be clear and easily understood, in writing, and in a form the consumer may keep. The disclosures may be provided via electronic form if the consumer has affirmatively consented, after receiving a notice compliant with the E-Sign Act.
- Disclosures may be made available in a language, other than English, if they are also made available in English upon request.
- Disclosures must be compliant with Part 205.7 of Reg E, detailing the timing and content pertaining to initial disclosures.
*Disclosures are required to contain the following information as it applies:
- Liability of the user for unauthorized electronic funds transfers
- Telephone number and address for the user to report possible fraud
- Platform’s business days
- Limitations on frequency or dollar amounts related to transfers
- Any fee that may be imposed
- Summary of the user’s right to receipts and periodic statements
- Summary on the user’s right to stop payment, and the procedures for doing so
- The liability of the Platform to the user for failure to make or stop certain transfers
- The circumstances under which, in the course of business, the Platform may provide information related to the user’s account to third parties
- Error resolution notice (See Model form A-3)
- Any notice of a change of terms must be mailed or delivered to the user at least 21 days before the effective date
Your platform should not reference Synapse or Evolve Bank & Trust in any other way, without express written permission from the respective entity.
If you are debiting User accounts via interchange, include a checkbox and the following appropriate authorization verbiage on the web page the transaction is being created:
Single Transaction Authorization:
"I authorize <Platform Name> to debit the account indicated for the amount noted on today’s date. I will not dispute <Platform Name> debiting my account, so long as the transaction corresponds to the terms in this online form and my agreement with <Platform Name>."
Recurring Transaction Authorization:
"I authorize <Platform Name> to debit the account indicated for the recurring transactions according to the online form and my agreement with <Platform Name>. I will not dispute so long as the transactions correspond to such terms. This payment authorization is valid and will remain effective unless I cancel this authorization by emailing <Platform Name> at <Platform email> at least 3 business days in advance.”
Additionally, please include the following Electronic Fund Disclosure Statement in your Terms of Service:
Electronic Fund Transfer Disclosure Statement
The following disclosures are made in accordance with the federal law regarding electronic payments, deposits, transfers of funds and other electronic transfers to and from your account(s). There may be limitations on account activity that restrict your ability to make electronic fund transfers. Any such limits are disclosed in the appropriate agreements governing your account.
A. Definitions: Electronic Fund Transfer: Any transfer of funds, other than a transaction originated by check, draft or similar paper instrument, that is initiated through an electronic device or computer to instruct us to debit or credit an account. Electronic Fund Transfers include such electronic transactions as direct deposits or withdrawals of funds, transfers initiated via telephone, website or mobile application. Preauthorized Electronic Fund Transfer: An Electronic Fund Transfer that you have authorized in advance to recur at substantially regular intervals; for example, direct deposits into or withdrawal of funds out of your account.
B. Your Liability: Authorized Transfers: You are liable for all Electronic Fund Transfers that you authorize, whether directly or indirectly. Unauthorized Transfers: Tell us at once if you believe your account or PIN or Access Information (as defined below) is lost or stolen or has been or may be subject to unauthorized Electronic Fund Transfers. Support message us immediately to keep your possible losses to a minimum. You could lose all the money in your account(s). If you tell us within two (2) business days after learning of the loss or theft of your account access device, or after learning of any other unauthorized transfers from your account involving your account access device, you can lose no more than $50 if Electronic Fund Transfers are made without your permission. For these transactions, if you DO NOT tell us within two (2) business days after learning of the loss, theft or unauthorized use, and we can establish that we could have prevented the unauthorized transfer(s) if you had told us in time, you could lose as much as $500. Also, if your periodic account statement shows unauthorized transfers and you DO NOT tell us within sixty (60) days after the statement was delivered to you, you may not get back any money you lose after the sixty (60) day period if we can prove that we could have prevented the unauthorized transfer(s) if you had told us in time. If an extenuating circumstance (such as extended travel or hospitalization) prevents you from promptly notifying us of a suspected lost or stolen access device or of any other suspected unauthorized transfer(s), the time periods specified in this Section B may be extended for a reasonable period.
Please include the following transaction and account notifications.
Enable your Users to view and print a transaction receipt immediately after creating a transaction form that contains:
- Full details of the scheduled transaction(s) (i.e. payment amount and date, and, if recurring transactions:, the frequency of transactions, start date, end date or number of transactions and disclosure);
- A transaction number for any transaction processed as part of the scheduled payment(s) when it was entered;
- Contact information for your support and Synapse ([email protected]); and
- Information on how to cancel transaction (ex: “Click here to cancel transaction.”)
If recurring transaction, include the following text, with “click here” as a hyperlink to the page where the customer may cancel the transaction:
“To cancel this transaction, click here. This is an authorized recurring debit from your card, if you would like to cancel future payments, please email us at <Platform email address> with at least 3 business days notice.”
At the following times, email a transaction receipt (as detailed above) to Users and keep copies of the emails for 2 years after the transaction was settled:
After each transaction is created;
Before a new transactions is created if part of recurring transactions; and
After funds have settled into a User Deposit Account (if applicable) with information on how to access those funds on your application
Email Users in advance of any changes to a scheduled transaction amount, frequency or timing.
Email Users monthly statements with their transaction history and, if applicable, balances held in the User’s Deposit Account (ending and beginning balances).
Platform will include the following language in its agreement with Users for resolving errors relating to transactions for Users not opening Deposit Accounts:
Errors or Questions about Transactions
Please contact us by emailing us at <Insert Platform Email> (1) if you believe a transaction receipt or a statement is wrong, or (2) if you need more information about a transaction on the receipt or statement. For consumer accounts, we must hear from you no later than sixty (60) days after we sent you the first statement on which the error or problem appeared. For business accounts, we must hear from you within one (1) business day of us sending you a receipt. Your inquiry must include: (x) your name, email associated with your account, and your account number (if available); (y) a description of the error or the transaction you are unsure about, and a clear explanation of why you believe there is an error or why you need more information; and (z) the dollar amount of the suspected error. If you tell us orally, we may require that you send us your inquiry via email within ten (10) business days.
Protecting Card Data
Platforms are expected to be PCI compliant if they will be accepting, transmitting, or storing any cardholder data. It is the Platform’s responsibility to determine the appropriate level of compliance for their processing or handling volume. In regards to marketing material, if the Platform will be displaying images of cards in advertisements, on websites or mobile applications, or any other communications, the Platform must list sequential or repeating numbers (1234…, 1111...), x’s, or dashes in place of card numbers and security codes to avoid potentially compromising real card data.