Table of Contents
- Description of the Electronic Check (eCheck)
- Why is this happening now?
- When will this be widely available?
- Aren’t checks just a US phenomenon?
- Why aren’t echecks verified online?
- Can an eCheck bounce?
Can an eCheck have a stop payment?
- Do echecks eliminate float?
- What about lockbox services?
- What about remittances and Electronic Document Interchange (EDI)?
- Isn’t this just paving over the cowpaths?
- What are the benefits of Electronic Checks
- What about the legal and regulatory issues?
- What about other “electronic check” initiatives?
- What are echeck’s significant technologies?
- How are Electronic Checks made secure?
- How can I tell if an eCheck is genuine?
- How do I find out the signer’s public key in order to verify a signature?
- How do I know that the eCheck is drawn on a legitimate account?
- Why the emphasis on hardware tokens?
Can someone steal my private key and forge echecks on my account?
- Can someone use my electronic checkbook if it is lost or stolen?
- Will I have a record of echecks written and endorsed?
- Are echecks encrypted?
- Can an eavesdropper or the payee forge checks on my account?
- How will my personal information be protected?
- Can I take my electronic checkbook with me when I travel abroad?
- Do electronic checks enable money laundering and other criminal activities?
- How does eCheck differ from other payment mechanisms?
- How do echecks compare to paper checks
The rapid commercialization and growth of public networks, especially the Internet with its growing user base, is creating a huge potential worldwide electronic marketplace.
To address this opportunity, the Financial Services Technology Consortium(FSTC) aims to accelerate the use of these networks for commerce by providing a new, secure facility modeled on the familiar and widely used paper check — the electronic check, or eCheck as it is commonly known.
While checks represent one of the oldest forms of payment, they remain remarkably relevant in the modern world. In the United States, over 65 billion checks are written each year and the number is growing by over 1 billion/year, 3 to 4 times the number of all other non-cash payment transactions combined, including credit cards, ATM/debit cards, and Electronic Funds Transfers (EFT). Furthermore, businesses account for about half of all checks issued.
As shown in the Payment Flow Chart, checks are the only instrument that can be used in all payment situations: between individuals, merchants, businesses of every size, schools, institutions, foundations and government agencies. No other existing electronic payment instrument even approaches this versatility. Of equal importance, nearly every consumer and business can have a checking account, regardless of credit standing. This makes checking services the most accessible of all non-cash payment vehicles. The FSTC’s eCheck is the first all-electronic payment instrument for all payment situations, by all bank customers.
The Electronic Check is an innovative, all-electronic payment appropriate for all bank customers for making deposits and a broad range of transaction situations. The Electronic Check offers consumers and businesses of all sizes and types the opportunity to issue, receive and process echecks, either singly or in batches, without requiring expensive and disruptive re-engineering of business practices. Information regarding payment can accompany the eCheck in many forms ranging from free-form memo fields (like those on paper checks) to free-form electronic documents (such as word processing documents) to standard Electronic Document Interchange (EDI) messages for invoices and purchase orders.
This secure information object can be used as a payment instrument when it is properly signed and endorsed using digital signatures. Because strong cryptographic algorithms are used in the digital signatures, they are practically immune to forgeries and can be automatically verified at every step in the check processing flow — a real advantage over paper checks. Strong digital signatures also make it impossible to modify an Electronic Check without invalidating the signatures, and hence, the check itself. eChecks can also be encrypted to insure the privacy of the parties, even if they traverse insecure networks or are processed on insecure computers.
An eCheck is a computer document (or file) that can be easily processed by any application and exchanged between systems using any appropriate communications medium. Because the FSTC is defining the information structure of Electronic Checks in an open fashion, using an approach similar to XML, it will be fairly straightforward for any developer to integrate Electronic Checks into their applications. This approach represents a distinct advantage over some other proprietary electronic payment systems. Applications ranging from home finance packages to large corporate accounting systems, will be able to generate and process echecks using standard protocols, algorithms and software tool libraries.
eChecks do not depend on on-line “third party” service provider’s. Electronic checks can be exchanged directly between parties by any means, such as email, the World Wide Web, or private Value Added Networks (VAN) services.
The eCheck provides rapid and secure settlement of financial accounts between trading partners over open public or proprietary networks. These networks can be interconnected with the existing bank clearing and settlement systems infrastructure. Little pre-arrangement is required, other than agreeing on how to exchange the check.
The technical and business capabilities for creating an all-electronic check are only now becoming available on a widespread basis. New capabilities include the public data networks, public key cryptography, commercial use of digital signatures, and the broad adoption of these technologies within the context of an emerging electronic commerce infrastructure. In addition to the technical capabilities, the legal and regulatory environment is also changing to begin to accept electronic documents, particularly with digital signatures, as equivalent to paper documents. Many laws refer to “writings,” for example, and the definition of “writing” is only now evolving to include electronic documents. Lastly, the business understanding required to effectively manage these technologies and leverage them into product offerings by financial institutions is only now emerging.
The FSTC’s Electronic Check harnesses these new capabilities while leveraging the existing payment and clearing infrastructure. This unique combination will allow for rapid adoption because only modest investments in new technology and business process re-engineering are needed for banks and customers alike.
Ultimately, individual financial institutions will offer echecks directly to their own customers. Towards that end, the current US Treasury pilot is just one of a number of pilots we expect to see over the next several years. As banks become more familiar and comfortable with the Internet and echecks, and as customers request this capability, FSTC expects to see widespread deployment in the 2000 or 2001 timeframe.
While the U.S. uses more checks than any other country, they are not just a U.S. phenomena. The US and European usage of checks slide shows just how dominant, in world transaction volume. The relative importance of checks slide highlights the fact that checks are significant in many of the world’s major economies.
Lastly, the slide, US Payment System Growth, illustrates just how critical check payments are to the US marketplace. In spite of years of trying to convert customers to existing electronic payment systems, paper checks still represent a sizable portion of the overall transaction growth. eCheck is designed to help ease the transition between paper check processing and electronic transactions, hopefully changing the dynamics so that paper check volume shrinks, rather than continues its growth. Further, the eCheck is designed to support any currency, including the euro, so that it can be used for global electronic commerce.
During the course of the project there was a great deal of debate over the “best” transaction model. Options included online transaction authorization, as well as the use of online third party guarantee and verification services. Ultimately, the team agreed on an overnight off-line model, one where verification works without requiring an active third party, a method that achieves the best practical balance between low cost and low risk. By shifting most of the risk prevention to the customer enrollment process, the ongoing transaction risk is minimized. The off-line validation model also allows occasional connections, which is particularly important outside the U.S. where the telecommunications infrastructure is more expensive. Additional functionality, such as effective (future) dated payments, also make the online verification model less desirable.
eChecks, like paper checks, can bounce or be returned for a variety of reasons, including for a stop payment, liens or blockages against the checking account, non-sufficient funds, stop payments, fraud, or accounts being closed. The system reduces these occurrences, and when they do happen, the cost is minimized. A completely risk free system would also make more expensive, and require a transaction discount fee, as with the credit card system. Even if an eCheck bounces, since an eCheck is a promise to pay, the underlying promise does not go away.
When payees cannot afford the risk of a bounced or returned eCheck, they can require a certified eCheck or a bank cashier’s eCheck. Although these are more expensive, and will require more prearrangement, they will not be as subject to return.
eChecks support stop payments by using the existing stop payment systems at the bank. Since this requires some flow integration between the eCheck system and the existing stop payment system, different banks will be able to offer different levels of stop payment capability. Similarly, for those customers who use Positive Pay functions by sending an “items issued” file to their bank, the bank can integrate echecks into this capability, providing even greater assurance that only valid, authorized echecks are paid.
eChecks do not eliminate float, although they reduce it significantly. Since echecks move directly from payer to payee, they are subject to float between the time they are sent and the time they clear. Initially banks will process checks in batches, and will clear and settle them overnight.
Since echecks are checks, the payee must decide whether to accept them directly, or to use a lockbox provider to accept the payments on their behalf. Therefore, echecks can be sent to a lockbox provider, rather than directly to the payee.
One of the key design approaches for eCheck was to allow for flexible remittance information to be included with, and bound to, the payment. Since remittances can take many forms, the eCheck project team did not try to define what required form for the remittance. The parties in the transaction can make this decision.
EDI, or Electronic Document Interchange, is a sophisticated, comprehensive standard for exchanging electronic business documents. The EDI standard is managed by the ANSI X12 group, and includes standards for remittances. While adoption has been slower than hoped, the use of the Internet and other factors are accelerating EDI use.
eCheck and EDI are very complementary, and when used together, will provide businesses with maximum benefits from automation of their business processes. When used together, the EDI information can provide the equivalents of the bill and the remittance stub on a paper check, without many of the limitations. The EDI information can include invoice numbers, shipping data, purchase order numbers, discounts, etc. When the proper systems are in place, the EDI information can be used to directly update the accounts receivable, thereby complicating eCheck use.
In addition to traditional ANSI X12 EDI, companies may choose to leverage eCheck payments by exchanging documents in other electronic formats, such as simple plain text, spread sheets, word processing documents, or one of the newer emerging standards such as OFX (Open Finance Exchange) or OTP (Open Trading Protocol). eCheck is supported by any of these formats.
Many people associate checks with paper and feel that eCheck simply repeats the same mistakes of paper system. The existing paper system provides a very solid base from which to work. These “cowpaths” include established and trusted business practices, legal frameworks, risk management techniques, familiarity, and core competencies of financial institutions. Why “start from scratch”, when it’s possible to build on, and greatly improve, what already exists.
eCheck benefits a broad range of markets. These benefits are described below, categorized by the different roles people and organizations assume in a transaction. It is important to realize that a benefit to one party in a transaction may actually be considered a drawback to another. eCheck seeks to achieve an appropriate balance so that the system results in a win win win scenario; a win for payers, a win for payees, and a win for financial institutions.
The potential scale of benefits from eCheck is surprisingly high. The Federal Reserve has estimated that the overall cost of checks to the US economy is in the range of $ 44 Billion/ year, while other estimates are even higher; some estimates approaching 2% of gross domestic product (GDP). eCheck, through its many improvements on the check paying and receiving process, will help reduce that total down.
eChecks significantly streamline the payment process. We expect echecks to save 2 – 5 days on average from today’s payment process.
|Saves Time, all the time|
|No waiting for the mailroom or Post Office to pick up or deliver the mail|
|More timely delivery (from days to minutes or seconds)|
|Reduced/ eliminated mail float or lead time for bill payment instructions|
|No paper envelopes to stuff` or open|
|Remittance info included with payment|
|No paper remittance to find, tear off, or return|
|No need to manually total checks received|
|No need to manually create deposit slips|
|No need to physically take echecks to the bank branch or night deposit|
|No need for manual filing or photocopying of paper checks|
|Improved document tracking|
|Integrates with accounts payable and accounts receivable to eliminate re-keying remittance information (future)|
|Saves time when there is a question|
|Easy to retrieve (stored in database)|
|Provides complete transaction information|
|Provides strong audit trail|
|Easy to identify through unique check numbers|
|Provides strong proof of payment through digital signatures and endorsements|
Obviously, as each business’processes and procedures differ, the specific steps will vary. In some businesses, certain steps are automated, while in others they may be manual. The three tables below indicate the types of steps taken in handling a check for payers, payees, and financial institutions. We have noted where eCheck eventually eliminates or immediately reduces staff time or effort. Saving steps and staff time translates into saving money.
|Manage check stock (order, store, control, retrieve, destroy)||Eliminates|
|Manage envelopes (order, store, retrieve, destroy)||Eliminates|
|Managing signature plates or font (order, lock up, retrieve)||Reduces; requires holder control of Electronic Checkbook|
|Loading checks in printer||Eliminates|
|Stuffing envelopes with checks and remittances||Eliminates|
|Mail room effort (pickup, stamping, delivery to post office)||Eliminates|
|Cash forecasting||Reduces; echecks will clear more consistently|
|Reconciliation||Reduces; fewer remain outstanding for long periods|
|Record keeping and filing||Reduces; no paper checks to keep on file|
|Replacing lost check||Reduces; may be able to simply resend|
|Researching payments||Reduces; records on computer, no need for paper copies|
|Statement Review||Reduced. More descriptive statement information available.|
|Mailroom (Receive envelopes in mail, sort envelopes by department, deliver)||Eliminates|
|Retrieve payments (retrieve mail, open envelopes)||Eliminates; system performs these functions manually or automatically|
|Verify payment information (match remittance, payment amount, conditions against accounts receivable)||Reduces; will eliminate with EDI|
|Verify check (appears legitimate, properly signed, paid to right party, right amount, dated, no hidden conditions, etc.)||Eliminates|
|Create payment record and file (photocopy check, store in paper company files)||Reduce/Eliminate; records stored automatically on computer|
|Prepare deposit (endorse checks, bundle, prepare deposit ticket, total)||Reduce/Eliminate; system automatically performs all steps except endorse|
|Make deposit (go to bank or night deposit box, give to teller, get receipt)||Eliminates; system automatically sends deposit to bank|
|Statement Review||Reduced. More descriptive statement information available|
|Receive check deposits in branch or night deposit (teller inspection, deposit ticket proofing, bundling, balancing, bagging)||Eliminates|
|Item Preparation and Proof and Transit (delivery, unbagging, power encoding, balancing, error correction, batching, pickup)||Eliminates|
|Suspicious item inspection (outsorting, delivery, manual inspection, signature card lookup, paper tests, etc., pickup)||Eliminates manual effort. Every eCheck is automatically validated for signatures, dates, etc.|
|MICR Capture (may include image capture)||Eliminates|
|Reject repair||Eliminates; echecks never need be “repaired”|
|Automated Sorting||Eliminates physical sorter passes. All sorting done electronically. Fine sorts can be done in a single pass.|
|Bundling, cash letter preparation, bagging||Eliminates manual steps. Cash letters automatically prepared for both.|
|Clearing (bag pickup, handoff to transportation company/group, delivery to clearing house, Fed, or other Financial Institution)||Eliminates manual effort. All clearing is electronic.|
|Inclearing (bag delivery, MICR capture, etc. as above)||Eliminates manual effort. All inclearing is electronic.|
|Returns (item pull, storage, bundling, cash lettering, etc., transportation to returns clearing house or collecting bank)||Eliminates manual effort. All returns are electronically processed.|
|Filing (item filing, microfilming, statement retrieval)||Reduces; all items available online through data base inquiry. No physical check to include in statement.|
|Statement Rendering (retrieve checks, fine sort, insert checks into statements, re-image for image statements, stuff envelopes, etc.)||Reduces; no physical items to handle|
|Research (item pull, finding on microfiche, photocopying, deciphering the back, etc.)||Reduces|
While paper checks represent a remarkably reliable system, errors sometimes occur due to the need to re-key information contained on the face of the check, manual creation and totaling of the deposit slips, loss or destruction of a check, or the occasional error on a sorter when reading the information contained in the MICR line of the check.
While these errors do not occur frequently, they have a substantial impact on the overall cost of the check processing system. Typical processing costs for a bank handling a paper check are on the order of a few pennies ie.checks process normally. However, when an error occurs, the handling costs of a paper check rise dramatically, costing dollars instead of cents. Errors of this type can result in customers getting the wrong amount credited or debited from their account, and the bank being out of balance when accounts are settled and reconciled, leading to expensive research to trace the errors.
Since, eCheck eliminates both the rekeying of check information and reading the MICR line on a check sorter, these errors are eliminated.
Handling paper checks can also result in a set of internal bank errors related to the manual processes and handling. These include checks remaining undetected within delivery bags, bundles breaking open, missed delivery, checks cleared before processing, etc. While these are expensive and disruptive for the banks, customers are generally unaware of these situations. Paperless echecks eliminate these errors.
A number of different risks in the payment system impact different parties to the transaction in different ways. The table below summarizes some of the risks of check payments, notes the party bearing the greatest exposure to loss, and notes how echecks impact these risks when compared to paper checks.
The list of caveats about any general risk analysis is endless. The table is intended as an approximate summary, not an absolute or definitive analysis, particularly since the level of risk is different depending on time and the circumstances of the transaction. The table is based on normal business practices of reviewing bank account activity daily, and looks at direct exposure rather than the potential impact resulting from a failed payment, e.g., causing other payments to fail. If the accounts are not reviewed daily, then the risk to the paying bank increases since it may not be able to make the return deadlines required by REG CC (implemented Expedited Funds Availability Act).
Parties with greatest exposure to loss
|Stolen checks||Primarily banks and payee||Reduced through PIN-protected hardware|
|Unauthorized insider issue||Payer||Reduced through personal assignment of signing tokens. Also reduced through support for dual signatures.|
|Forgery||Payee, Paying Bank||Virtually eliminated through digital signatures, automatic verification, and PIN-protected hardware signing keys.|
|Forgery where Facsimile signatures are used on account||Payee, Account owner||Eliminated|
|Counterfeiting||Paying Bank, Payee||Virtually eliminated through digital signatures, automatic verification, and PIN protected hardware signing keys.|
|Duplication||Innocent Payees, Depositing bank for fraudulent payee, Paying bank||Reduced through rigorous duplicate detection functionality, use of payee public key in addition to name in pay to field.|
|Fraudulent unsigned demand draft||Payee, Depositing Bank, Paying bank||Eliminated.|
|Alteration of payee name||Depositing bank*, fraudulent payee, payer||Effectively Eliminated|
|Alteration of amount (no positive pay)||Depositing bank*, payee||Effectively Eliminated|
|Alteration of amount (with positive pay)||Depositing bank*, payee||Effectively Eliminated|
|Amount encoding error||Depositing bank, payee inconvenience, small errors often written off by banks||Eliminated|
|Non-sufficient funds, account closed||Payee**||Reduced due to faster, more consistent clearing times.|
|Stop Payment||Payee**||Reduced due to faster clearing.|
|Check drawn on non-existent bank or account||Payee||Eliminated due to digital certificates issued by banks to account holders|
*assumes depositor takes the money without consequence, since these are fraud activities
**payees may protect themselves by delaying shipment of merchandise, requiring certified or cashiers checks, or performing credit checks
While payees probably have the greatest exposure to losses, they also benefit most when the transaction is processed successfully, as most are. In addition, payees may protect themselves from material loss in a number of different ways, including delaying shipment until payment has cleared, requiring additional identification, using check verification or guarantee services, calling the issuing bank and verifying the information on the check, etc. We expect these, and other techniques to all be applied to echecks as conditions warrant.
Payers can also take additional steps to protect themselves from risk of loss. These steps include reviewing account activity at least daily, using secure check stock, ensuring proper controls on check stock, limiting signing authority, or access to signature stamps, and using positive pay services from their bank. These safeguards will work as well for echecks as they do for paper checks.
Beyond the significant savings in elapsed time and in staff effort, echecks also provide savings in the costs of materials, particularly for payers. The table below summarizes some of the most obvious cost savings.
|Paper check stock||$.02 -> $ .25||Payer|
|Paper remittance forms||$.02 -> $.15||Payee|
|Envelopes||$.02 -> .10||Payer or Payee|
|Postage||$.22 -> $.33||Payer, Bank on statementing|
|Photocopies of checks||$.02 -> .05||Payee, Bank on research items|
|Filing cabinets, storage space||varies||Payee, Payer, Bank|
While each savings sounds small, they add up quickly. Payers, exchange some mail float in the current paper check process for reduced out of pocket costs for printing and mailing payments. Savings can total as much as $.50 per check. When applied to large businesses, like insurance companies, which write hundreds of thousands of claim checks a year, the potential savings are both real and significant.
With echecks, banks can provide enhanced customer services and more timely problem resolution. Today, when a question arises about a paper check, the research process is quite laborious and time consuming, as shown in the Bank Research Time Comparison. With echecks, banks can significantly improve their customer service turnaround times on research items. An echeck’s audit trail precludes the need for additional information from the depositing bank, thereby speeding up the customer response time, and reducing the cost of research and customer service. Customer questions can be answered immediately without having to wait for the check’s return with the monthly statement.
eChecks also help improve customer service for businesses. First, since the overall cost of a payment will be significantly reduced, businesses may seek to gain competitive advantage through making payments more frequently. Second, in the event a payment is not processed quickly, or if the payee reports not receiving the payment, echecks eliminate the need for an expensive stop payment, check re-issuance process. Rather, businesses can simply resend the original eCheck, effecting almost immediate replacement. Each eCheck is only paid once, regardless of how many copies of it are received by the bank, eliminating the threat of checks being cashed more than once.
eChecks also offer a number of non-monetary benefits to banks and customers alike. These “soft” benefits are also quite important and are summarized below.
|Provides Choice||eCheck enables financial institutions to provide their customers an increased array of cost-effective electronic payment alternatives. Its design, which provides true end-to-end security, makes it suitable for use by any bank customer, even in insecure environments like the Internet.|
|Better Information||eChecks provide better, more accessible, information about the transaction than paper checks. For example, on the payer’s bank account statement, eCheck transactions will show the payee name in addition to the check number, date, and amount.|
|Pay Anyone||eChecks are designed to allow payment between any two parties, for most types of transactions. Anyone with a bank account can receive echecks. As with paper checks, we expect services to be developed to enable anyone to receive an eCheck, even if they don’t have a bank account.|
|Pay and Receive||eChecks are designed to enable the same payment instrument to be used for both paying and receiving payments. Many other instruments, such as debit cards, are designed primarily as retail payment vehicles, and can therefore be used by consumers only to make payments.|
|Do business directly||eChecks are designed for direct exchange between transacting parties, rather than requiring an intermediary in the middle of the transaction. They support direct exchange of transaction information, and payment over the Internet.|
|Familiarity||Since echecks are modeled after paper checks, they are familiar, and don’t require a significant effort to learn new terminology or processes.|
|Accepted Legal Basis||eChecks build on the most familiar payments legal infrastructure in the US today, check law. Banks and customers understand the risks of this system, and know which risks are acceptable on a daily basis. Users of the system can be assured the system is stable and relatively unchanging.|
|Payer Control||Through the use of strong digital signatures, echecks enable only authorized transactions to be posted to a bank account, and the authorization is checked every time. Payer’s control and banks can enforce who can make payments from their account, and how much they can do. Business practices, such as dual signatures and transaction limits, are part of the system design, and automatically enforced.|
|Payee Control||Payees can receive echecks directly, or can use electronic lockbox services to simplify their processing. In addition, payees have control over which payments to accept or reject, which account to deposit into, how much risk they are willing to take, and the timing of depositing the transaction (which is particularly important for cash basis businesses managing quarterly results).|
|Co-exist with paper. Helps transition to electronics||eChecks are designed to coexist with paper, reducing the confusion and complexity of accepting eCheck transactions into businesses that currently receive paper checks. They help businesses migrate in a cost-effective, non-disruptive manner from paper to electronic payments.|
Significant issue was whether check law could apply to electronic transactions. Check law consists of the Uniform Commercial Code (UCC) 3 & 4, REG CC, and case law in various states. These laws are further reinforced by clearing house rules that govern additional interbank agreements for clearing paper checks.
A team of lawyers and bank operation staff conducted an extensive review of the relevant parts of UCC
The project team then examined Treasury Check Law, and determined that Treasury Check Law (240 CFR) could also be used as the basis for echecks, when those checks were issued by the US Department of Treasury. The US Treasury Pilot (discussed elsewhere), which involves commercial banks, the Federal Reserve Bank of Boston, and the US Treasury developed a set of governing rules to allow the pilot to run under Treasury Check Law.
Check law, the combined body of case law, UCC, REG CC, and clearing house rules provides the most solid and tested legal and regulatory framework available for non-cash payments in the US.
Regulation E implements the Electronic Funds Transfer Act (EFTA) and applies only to consumers. This regulation provides for disclosures and consumer protections by limiting the consumers liability in the event of an unauthorized transaction. REG E also establishes mandatory timeframes for investigation and requires provisional credit if the investigation will not be completed in time. Regulation E does not apply to paper checks.
For consumer transactions, echecks will be covered by REG E. After extensive analysis by ECCHO and FSTC, it was determined that REG E and check law have little overlap since REG E primarily governs the requirements for a financial institution when serving its own customers. REG E provides extensive requirements for disclosure and problem resolution and provides specific consumer protections and timeframes in the event of unauthorized transactions. Check law, on the other hand, is almost completely silent on the issue of disclosure, and provides consumer protections for unauthorized transactions, but with a vague set of timeframes. eChecks will combine the benefits of both REG E and check law for consumers.
ACH is the system most often associated today with electronic funds transfer (EFT). This system is used for many different purposes, and supports both credit based transfers (e.g., direct deposit of payroll), and debit transfers (e.g., direct payment of mortgages).
The ACH system is not governed by check law (UCC 3 & 4). Rather, NACHA(the National Automated Clearing House Association) has developed a set of operating rules that govern ACH transactions, for both credits and debits. In addition, corporate credits are governed under UCC 4A, and consumer debits are covered by REG E.
The main impact of the differences in ACH rules from check law is found in the liabilities, roles, and responsibilities of the parties to a transaction and to the financial institution. These differences are due, in part, to the difference in flow of the transaction and authorization between ACH and paper checks. This difference is illustrated in more detail in the discussion document Understanding the differences between eCheck and ACH.
Without getting bogged down in details which only a banker or lawyer may be concerned with, the subtle differences between echecks and ACH debits impact:
- Who is ultimately responsible for the payment?
- Who holds (or is responsible for) verifying the authorization?
- How creditworthy does someone have to be to originate (deposit) the payment?
- How much risk is each party to the transaction accepting?
- What are the timing and finality of debits and credits?
|Responsible Party||check writer||Bank putting transaction into system|
|Holds Authorization||returned to check writer||held by originating company|
|Credit requirements||available to anyone with a checking account||debit origination only available to the most credit worthy customers|
|Risk acceptance||Depositor and Paying bank have largest risks.||Most of risk on party putting transaction into the system (Originator) and its bank (ODFI). Payer must check account frequently or risk loss from unauthorized debits.|
|Timing and Finality||Under control of issuer and depositor. Depositor can choose to delay receipt of payment by delaying deposit. Finality subject to funds availability, but most returns occur within 48 hours, with a maximum of 2 weeks.||Originator controls timing, but usually negotiated. Consumer debits subject to return for 60+ days. Business debits usually final within 3 days. Funds usually available on transaction effective date.|
Realistically this depends on your point of view and your specific circumstances. Check law and ACH differ, they provide the opportunity for financial institutions to offer their customers different products and services and allow the customers to choose which is better for them for a given transaction.
Under the Check law, a payment (check) is an obligation of the issuer, not of the bank. The depositor of a check is subject to having the payment returned and the funds reclaimed, since the credit is provisional for a certain period of time (about 2 – 3 days), after which the check is unlikely to be returned by the paying bank. In fact, the depositing bank may apply a funds availability schedule to its customers to limit access to the funds until they are actually collected from the paying bank. Banks are comfortable with these risks, and can allow any customer with an account to deposit checks.
Under ACH, a payment (debit) is an obligation of the Originating Depository Financial Institution (ODFI, serving as the depositing bank) that puts the debit into the system. The ODFI will almost always shift this liability to the originator (depositor) by agreement. As a result most banks can only allow very creditworthy originators to access the ACH system. The Receiving Depository Financial Institution (RDFI, serving as the paying bank) has no liability, as is true for the receiver in the event the transaction is not authorized. The banks and the account holders all have the funds available at the same time.
Many people are confused by the intricacies of the payment system and by the variety of payment choices they have today. However, providing customers choices to meet their needs is important. While introducing more payment options to bank customers may increase confusion, the industry can address this through education and clearer agreement as to the meanings of terms used when describing payments solutions.
Some have made the argument that customers don’t actually care about what type of payment instrument they use, and that all that really matters is that the proper accounts get credited and debited. This argument is not backed by real customer research, market dynamics, branding strategies, or analysis.
A number of initiatives and products also use the term “electronic check” or “eCheck”. These generally fall into one of the following categories:
- Check electronification
- Check imaging
- Check conversion
- Check replacement
- Unsigned drafts
Check electronification is most often associated with the process of taking a paper check and electronically presenting the payment information using a technique called Electronic Check Presentment (ECP). More details on this process can be obtained from the Electronic Check Clearing House Organization. eCheck represents the logical end state for check electronification, where the paper is eliminated in the beginning of the process, rather than after presentment to a financial institution. eCheck also uses some of the same infrastructure components as ECP for interbank communication, allowing banks to leverage this investment.
Check imaging is the process where the paper check is turned into an image by taking a digital photograph of the check. The image is then used in subsequent processing, and in many cases, the image is returned to the customer, rather than the paper check itself. ECP and check imaging improve the processing of paper checks by eliminating the total reliance on paper. FSTC has already completed one project on check imaging, and is now starting a second project, called PACES.
Check conversion is the process of taking a paper check and converting it into another type of payment instrument at the time it is first presented to the payee. The most notable example of this is the work being performed by the National Automated Clearing House Association’s Electronic Check Council. In this process, the check may either be considered to never exist, or to be transformed from one payment instrument and legal framework to another.
Check replacement is the process where transactions currently conducted using paper checks are replaced by transactions using a different approach, such as a debit card. Since these transactions still result in a debit to the account to transfer the funds, they are frequently referred to as “check cards”. These are not checks however, they are covered under a completely different legal framework.
Unsigned drafts is the process where the checking account information from the bottom line of the check (the MICR line) is either typed into a computer screen or read over the telephone. The merchant then creates a demand draft, which is like a paper check, against the customer’s account to collect the funds. Generally, this approach introduces significant risk into the payment system since there is no signature on the draft, and the paying bank cannot determine its validity.
FSTC’s electronic check project is creating a “true” all-electronic eheck without an initial piece of paper or requirement for third party intervention. As with paper checks, echecks are legally binding promises to pay from funds on deposit at a bank, can be moved in any one of a number of paths, and are completely under the control of the parties conducting the transaction.
FSTC’s eCheck is built on five critical technologies:
- Public Data Networks
- The Financial Services Markup Language
- The Electronic Checkbook
- Public Key Cryptographic Signatures
- The Banking System
Yes. The Internet has become the most widely adopted and pervasive of all data networks. It is best characterized as “data dialtone,” and like the telephone network, everyone can plug into it just about anywhere. The Internet reaches most businesses and an ever-growing segment of the overall population–more than 100 million people around the world by the end of the year 2000. Just as the telephone changed the very nature of commerce and the way that business was conducted, so has the Internet. But unlike telephones, which are only usable by humans, the Internet allows computers to communicate with each other, thereby opening up tremendous opportunities to improve the efficiency and degree of automation employed in the conducting of commerce.
But with this power also comes some risks, magnified by the concerns over hackers and the ability to automate attacks on a large scale. Today’s payment systems are not designed to withstand the risks of the Internet.The systems are also threatened by the advent of desktop publishing tools and high-quality color printers, making paper forgeries easier. Yet, if commerce is to be conducted using this faster, cheaper and more global medium, then payments are a necessary part of many commercial transactions.
eChecks were designed with the Internet in mind, and also attempt to address some of the weaknesses that are inherent in the legacy payment systems. eChecks’ necessary security mechanisms allow safe payment transactions over the Internet.
The Financial Services Markup Language (FSML) defines the eCheck markup language approach and offers a general infrastructure for all electronic signed documents.
As a result of this approach, eCheck technology can be used to create and sign a wide variety of financial documents, including echecks, ACH authorizations, and even non-financial contracts. FSTC’s recently released SDML, is a generic version of the signing approach. The FSTC is proposing a work item with the World Wide Web Consortium to incorporate this effort into the XML family of standards, leading to a publicly available digital signature methodology for documents that are easy for both humans and machines to process. FSTC expects to publish FSML during the summer of 1998 for comment and to subsequently work with ANSI to make echecks a formal industry standard payment instrument.
FSML provides several very important capabilities, including the ability to apply digital signatures for signing, co-signing, and endorsing. FSML also defines a methodology for ensuring that the digital signatures remain valid, even when parts of the document are removed. This capability is crucial to businesses that need to exchange large amounts of data that they wish to keep private.
The Electronic Checkbook provides all of the checking equivalents of its paper counterpart: blank checks, deposit slips, and limited record keeping. It also will calculate and verify digital signatures and certificates using public key cryptography. Electronic Checkbooks can be implemented on a smartcard or other cryptographic processor for significantly stronger and easier to use security, and portability.
For more information on digital signatures and public key cryptography in general, we recommend you visit Certicom and RSA to read their white papers and FAQs, or read a book on the subject. “Applied Cryptography” by Bruce Schneier (ISBN 0-471-11709-9) is widely recommended.
Digital signatures, also referred to as public key cryptographic signatures, are used to sign echecks when they are written, co-signed, or endorsed. Two huge benefits of this technology are that digital signatures are virtually impossible to forge, and they can be automatically verified to ensure their integrity.
Digital signatures are also used to create “letters of reference” (cryptographic certificates) that associate a public signature verification key with a named signer. These Certificates are issued by a trusted party, such as a bank, and can be used to improve verification of the signer’s digital signature.
Since a signer’s public key is included in its certificate, (which is in turn signed by its bank), someone who later verifies a signature can be assured of the correct public key for the indicated signer.
The benefits of this approach, when combined with the smartcard electronic checkbooks, are:
- echecks are virtually impossible to forge or alter
- every eCheck can be authenticated and validated automatically
- payees, through relatively simple software, can verify that echecks are issued against a real bank account at a real bank
- eCheck security does not require users to become security experts
- eCheck security is automatic, and integrated into the checks
The banking system is one of the biggest users of technology, and its check payment system is built on a series of technologies, practices, and standards which both safeguard the payments system and make it incredibly efficient. eCheck builds upon these industry practices and incorporates these technologies into the system design in order to ease the transition from paper to electronics. For example, echecks integrate into the check processing system at the bank, enabling stop payments, funds availability risk management practices, float management, checking account posting, and statementing to be applied to echecks without having to redevelop these systems or implement significant changes to the existing applications.
Concern about security was one of the frequent comments made during the FSTC’s market research effort for echecks. In response, the eCheck has an array of strong security features, which make it a safe new payments offering, suitable for use in unsecured environments like the Internet. eChecks use both technology and business practice security safeguards, including state of the art digital signatures, hardware tokens, duplicate detection, blinded account numbers, activation, and current banking practices.
While the questions below speak to many of the security concerns people have expressed during the project, it is important to know that the steps described actually happen automatically, in the eCheck processing software. The design of the eCheck system is such that security is maintained at the highest possible level, while at the same time, the details are hidden from view, and the average user does not have to become a security expert to safely use echecks.
eChecks are signed and endorsed with strong digital signatures created using industry standard public key cryptography. Anyone who knows the public key of the signer can verify the signer’s signature on the check and trust that a) the check hasn’t been altered since it was signed, and b) that the signature was made using the private key possessed only by the signer. The same is true for the endorser’s signature. eChecks include the signer’s bank-issued certificate, which provides both the public key of the signer and the assurance that the public key actually belongs to the issuing bank’s account owner.
The signer’s public key is actually sent as part of the eCheck, from the payer to the payee, as part of a bank issued “public key certificate” (see the RSA WWW site for lots of details). A signer’s name and public key are contained in a “public key certificate,” which is signed by its bank, acting as a “Certificate Authority”. Similarly, the banks have certificates granted by higher-level authorities; in the case of the US Treasury pilot, the US Treasury is acting as the higher level Certificate Authority. These high-level keys rarely change and will be furnished by your bank, preloaded into the Electronic Checkbooks. The certificates are standard X.509 certificates that are compatible with the emerging public key infrastructure for general use in electronic commerce.
To verify the signature on an eCheck, the software gets the highest level key from the Electronic Checkbook, then uses that key to verify the bank-issued certificate. The signer’s key is then extracted from the bank issued certificate and used to verify the issuer’s signature on the eCheck. This happens automatically behind the scenes.
For their own signature verification purposes, banks will maintain independent records of their customer’s public keys and account status. If a customer loses a checkbook, or a key is compromised, the bank can revoke it, much as they do today in the event of lost paper checks or ATM cards.
It should also be noted that this process will enable banks to automatically perform signature verification on all echecks (impossible in the paper world), thereby greatly improving protection against fraud.
The bank-signed information gathered to initiate an account includes the name of the bank, its routing code, the account number, and a pointer to the certificates of the authorized signers for the account. You verify the bank’s signature on this information, as described above, to know that the account is genuine.
Account credentials can also include other information about the account, which might be pre-printed on a check, such as “Two signatures required if over $25,000”, “Void after 90 days”, “Not valid above $ 20”, or “Minimum check $500”. All these conditions can be automatically verified and enforced by software, ensuring that echecks are properly screened before acceptance.
7.4 WHY THE EMPHASIS ON HARDWARE TOKENS?
CAN SOMEONE STEAL MY PRIVATE KEY AND FORGE ECHECKS ON MY ACCOUNT?
Personal and small business accounts will sign and endorse echecks using an “Electronic Checkbook”, typically a smartcard, PC Card, or add in hardware board. The personal computer, server, or point-of-sale terminal will pass the check information to the Electronic Checkbook for signing. Therefore, the private signing key need never leave the Electronic Checkbook.
This approach provides two benefits. First, the user of the system need not be expert in maintaining security. Second, since the key for most users is on a removable smart card, it is easily portable. This means that the private keys are not in a file on the computer’s hard disk, where someone can copy them and have unlimited time to break them without the user even being aware of the threat. With the smart card approach, a user can tell if someone is trying to steal the key, since the smartcard will be missing. Tokens also provide the benefit of making it easy to use multiple machines.
One of the concerns with the software-only approach is who is risk management. Our analysis identified that the majority of risk from a transaction is borne by the party receiving the funds (payees or merchants), not by the party authorizing the transaction. Smartcards and other types of secure tokens protect the interest of all parties to the transaction and provide increased assurances to the parties accepting echecks for payment.
We should also note that no system is totally foolproof, and if made too secure, a system becomes impractical or unusable. Therefore, while it is theoretically impractical to break the cryptography and forge echecks, the system has safeguards against potential threats. Established banking practices, such as stop payments, account monitoring, statements, and dispute resolution processes can all be applied as appropriate.
Not unless they also get your PIN which is needed to activate the Electronic Checkbook. The entry of a number of consecutive incorrect PINs will disable the Electronic Checkbook. Account holders can easily protect their Electronic Checkbooks by keeping them in their possession, and keeping their PINs secret. Like an ATM card, if an Electronic Checkbook is lost or stolen, it must be reported to the bank. The bank will then deactivate the Electronic Checkbook, so that if someone tries to use it, the transactions are not paid.
In addition, the Electronic Checkbook provides the means to write echecks, but does not contain any actual value. Loss of an Electronic Checkbook will be inconvenient, but the cash remains secure.
When the Electronic Checkbook signs the eCheck, it automatically numbers the check and logs several important pieces of information, such as the check number, date, payee name and amount. A similar log entry is made when echecks are endorsed for deposit. This log is protected inside the Electronic Checkbook so that it cannot be overwritten by an attacker. This provides you with a secure record of the checks that were written and endorsed, and then can be synchronized with the data in your financial application or read out by the bank in case of dispute. You still receive your monthly statement from your bank, which will record transactions made with echecks. If needed, a full copy of the paid electronic check can be requested.
Checks are not automatically encrypted by the Electronic Checkbook. However, the financial application, mail agent, or web browser can encrypt the check for transmission from the payer to payee, or from the depositor to the bank. Examples of standard encryption methods that can be used include SSL, which is available in most web browsers, and S-MIME, which will be widely supported by mail systems in the near future. It is important to note that encryption provides point to point privacy, and is not sufficient by itself to protect against all other forms of fraud.
eChecks will carry a separate, unrelated (blinded) account number from paper checks. Since the forger does not know your private signing key, he cannot forge an eCheck. Since the bank will not accept your electronic account number on a paper check, he cannot forge a paper check. Only your bank will know the link between the electronic and paper account numbers, so that it can apply both electronic and paper transactions against a single balance and provide a single statement.
Payee’s sometimes require address, telephone number, drivers license number or other personal information on the check. This type of personal information can be stored in the Electronic Checkbook when it is issued by your bank. When you write a check, you can choose the items of personal information that are included in the eCheck, depending on the specific situation and your relationship with the payee. This gives you more control over disclosure than having such information pre-printed on a check. As noted above, checks can also be encrypted for privacy during transmission.
Because the Electronic Checkbook performs public key signing and verification, but not encryption, and is personalized, you can take it with you when you travel. This means that the strongest available cryptography can be used everywhere to protect your financial transactions against fraud. Furthermore, the Electronic Checkbook is independent of any local regulations limiting key sizes or any requirements for the escrow of keys used for encryption in web browsers and mail programs.
The ability to carry the Electronic Checkbook with you can make life easier. You can make, receive, or deposit payments from anywhere in the world. This important flexibility can assist in disaster recovery planning.
Electronic checks are not anonymous. Banks will have the same procedures for record keeping and reporting as for paper checks.
In addition, echecks provide an exceptionally strong audit trail, since every non-financial institution handling the eCheck signs it with their digital signature. This audit trail, and bank policies and procedures, make echecks ill-suited for illegal activity.
Payment systems are quite intricate, and as is so often the case, “the devil is in the details”. This FAQ will not attempt an exhaustive comparison of all the various payment systems. Rather, in the next few questions, we try to highlight some of the more obvious or significant differences between alternatives.
With credit cards, the payer does not actually pay the payee. Instead, the issuer extends credit to the payer, and the issuer pays the payee. Also, the acceptors of credit cards are limited. For example, you cannot pay a person with a credit card. Some industries, by law or common practice, are unable to accept credit cards for payment, e.g., brokerages.
The inherent requirement of the extension of credit makes the credit card unsuitable for many types of business transactions. Different types of business requirements, such as a two signatures, or different signers on the same account with different limits, cannot be supported by the credit card.
Debit cards face similar restrictions as do credit cards. In addition, most debit cards carry low transaction limits.
In the U.S., most debit card transactions are in fact “off-line” transactions, with the actual financial processing occurring well after the transaction. While on-line debit card activity is processed immediately to the customers’ and merchants’ accounts, customers who prefer to write checks and have the float time of 12 to 48 hours before the checks are posted to their accounts will find that echecks provide the most secure means of meeting this goal — while assuring the merchant that the echecks are drawn on a bank and that the customer has authority to draw funds from the account. See Understanding the differences between eCheck and debit cards for more information.
The Automated Clearing House(ACH)is the current system used for electronic funds transfers such as direct deposit of payroll or automatic deduction of mortgages.
While ACH works well for payments between established trading partners, it is not readily available in many other transaction situations. Unlike ACH, eCheck can be used when payments must be made directly between trading partners without a third party or significant pre-arrangement involving bank accounts. eCheck are well suited for secure business-to-business payments over the Internet.
For a review of some of the subtle, yet significant, differences in risk and liability between ACH and Check, please see 4.3 Can you explain these “subtle differences”? For a more detailed review of the differences between ACH and eCheck, please see Understanding the differences between eCheck and ACH.
In the past several years there have been a large number (over 50) of various Internet payment efforts and new proposals. Most of these efforts take one of three approaches; creating totally new payment vehicles (digital cash, micropayments), improving and electronifying today’s payment products (eCheck, SET), or automating the authorization (demand drafts, ACH). Many of these approaches have been intended to create a proprietary approach to payments, and then to capture enough market or mind share to stake out a significant share of Internet payments.
FSTC’s eCheck effort has been designed with careful attention paid to the bank operational and business issues. It will lead to proposal of an open industry standard, in mid-1998, for electronic checks, once the system’s effectiveness is demonstrated.
Digital cash and micropayments represent two similar schools of new and emerging payments. Digital cash is sometimes also grouped with stored value products. We’ll review each of these very briefly, since many of the differences are based on the underlying structure of the payment instrument, e.g. cash is different than check.
A number of different digital cash-like systems have been proposed and are in various phases of development or trial. These systems are all based on proprietary approaches, and do not truly interoperate. Some of the major players in this arena are: Digicash, Cybercash, Mondex (Mastercard), Proton, and VisaCash. The Digicash and Cybercash systems are designed for online use, while Mondex, Proton (used by American Express), and Visa Cash were initially designed as card-based systems to replace physical cash at the point of sale. Most of these systems are anonymous to the buyer. They are designed to reduce the use of cash, and in many cases, transfer the actual value from a bank account to the user’s card or system.
Micropayments are payments that are very low in value, with an upper threshold of either $ 10 or $ 20 (no standard definition exists). The digital cash systems often target these transactions, the equivalent to pocket change. In addition to these systems, some, most notably Millicent, from Digital Equipment, hope to make value transfer inexpensive enough to be used for transactions below a penny in cost.
Electronic check, unlike these systems, is based on the check processing infrastructure and methodologies. eChecks do not, themselves, represent value. Rather, they are a promise to pay, and are used as authorization by the bank to provide or release value from a customer’s account. Given the inherent costs associated with the security and audit trails provided by eCheck, it is unlikely that the system will be cost-effective for very low value transactions, (below $ 1), although, like paper checks, echecks can be written for any amount supported by a currency.
SET, Secure Electronic Transactions, is the solution developed by Visa, Mastercard, and a host of other companies to secure credit card transactions on the Internet. Its system is endorsed by all the major credit card companies and provides excellent security and structure for using credit cards and co-branded debit cards over the Internet. SET, like eCheck, is in its early stages of development. A large number of SET pilots are underway in the US and abroad, and these pilots are helping to provide consumer, merchant, and financial institution reaction to the protocol and implementation issues. Currently at version 1.0, proposals are under development for SET 2.0 to address the design issues that have been identified.
One important point with SET is that it represents one approach to securing Internet credit cards transactions. Today’s common practice is to use SSL, the secure sockets layer built into web browsers, to establish a private connection between the consumer and the merchant.
eCheck differs from SET in a number of ways, which are discussed in in more detail in Understanding the differences between eCheck and SET. In addition, of course, eCheck differs from SET in the underlying payment instruments; checks as opposed to credit and debit cards as described elsewhere in this FAQ.
While Cybercash has achieved significant recognition in the Internet payments market, a large number of companies are engaged in developing electronic payment systems. Since eCheck is a payment system, rather than a company, no real comparison can be drawn between eCheck and specific companies. FSTC will work toward widespread availability of eCheck technology and adoption, so that the myriad of companies in the payments business can all incorporate echecks into their product offerings.
FSTC designed echecks to be able to perform as the direct analogues (digilog, if you will) of paper checks. In addition, echecks are being defined in such a way that they can be extended to handle payment situations that are beyond the capability of today’s paper checks. This is an ambitious goal, since paper checks come in many types and flavors, and represent a mature, widely accepted means for handling payments in a global economy.
By introducing echecks as the Information Age equivalent of the paper check, the FSTC is helping to ease the transition from primarily a paper-based payment system to one that is all-electronic. Since this transition will require substantial changes to existing systems, and many years (perhaps decades) to complete, the eCheck will serve as a useful bridging technology, coexisting with paper checks. Because echecks can be used in a manner completely analogous to paper checks, they will be immediately familiar to users and can benefit consumers, merchants, businesses, governments, and financial institutions both near-term and long-term.
For additional discussion regarding the differences between paper and echecks, please see Understanding the differences between echecks and paper checks.
Yes, they can be, excluding all the manual handling and item preparation steps. This helps facilitate the introduction of Electronic Checks into the existing check-processing infrastructure, particularly for financial institutions. Consequently, the benefits of echecks can be realized sooner on the part of users and financial institutions. However, as echecks become more widely used, new processing systems are likely to develop that exploit the fundamental benefits of paperless checking.
Yes. Many banks will offer their customers echecks as a new service to complement their existing bank accounts, much as ATM and debit services have been offered in the recent past. This will allow bank customers to mix paper and echecks as part of the same account, with all transaction records appearing on the same periodic statements and online information reporting services. Similarly, bank customers will be able to deposit echecks into their accounts much as they deposit cash and paper checks today, but with obvious benefits in terms of cash flow, efficiency and convenience.
Yes, this is the intent of the FSTC. Different types of echecks will serve as personal checks, business checks, payroll checks, traveler’s checks, cashier checks and so on. Furthermore, similar techniques can be used to process all of these various types of echecks, thereby further reducing costs and improving efficiency for all players. It should be noted, however, that FSTC expects echecks to initially be used in remote business-to-business transactions, not at the physical point of sale.
Yes. With the flexibility inherent in echecks, it will be possible to easily define new types of echecks that can solve specific payment problems or improve the efficiency of electronic commercial transactions. For example, special types of echecks may be defined for use with global EDI-based transactions so that electronic purchase orders and invoices can include the payment in the same message. eChecks may also be defined to handle mixed currencies in order to facilitate global commerce. It is even possible to utilize the Electronic Check model to create new transactions to handle problems such as the transfer of some number of shares of common stock at a given price, or the transfer of property deeds or titles between parties. While none of this is part of the system now, the design is flexible enough to support these and many other options.
The eCheck can also be used to make direct payments for purchases made from Web sites, or for business to business ecommerce transactions which require payment prior to shipping.