Consumers and organizations have a variety of options for making and receiving payments. While these payment types share the ultimate goal of transferring funds from payer to payee, the path those funds travel and the approaches employed for safely and securely completing transactions vary. The Secure Payments Task Force developed the Payment Lifecycles and Security Profiles as an educational resource and to provide perspectives related to:

  • The lifecycles of the most common payment types, covering enrollment, transaction flow and reconciliation
  • Security methods, identity management controls and sensitive data occurring at each step in the payment lifecycles
  • Relevant laws and regulations, and other references, as well as challenges and improvement opportunities related to each payment type

The profiles employ a consistent format for describing the lifecycle of each payment type. The lifecycle template is not designed to represent the nuances of specific payment transaction flows, but as a broad taxonomy that can be applied across different payment types for understanding and comparing controls and risks. The profiles are not all-encompassing in describing the layered security strategies that may be employed by specific networks, providers or businesses and shouldn’t be considered an assessment of overall security of different payment types. The improvement opportunities noted in the profiles highlight areas for further industry exploration and are not intended as guidance or specific solutions to be implemented.

These valuable resources were developed through the collaborative efforts of more than 200 task force participants with diverse payments and security expertise and perspectives. It is the hope of the task force that by helping industry stakeholders better understand these payments processes, the security and risks associated with these processes, and potential improvement opportunities, they will be well positioned to take action to strengthen their payment security practices.

Note: These materials were created by the Secure Payments Task Force and are intended to be used as educational resources. The information provided in the Payment Lifecycles and Security Profiles does not necessarily reflect the views of any particular individual or organization participating in the Secure Payments Task Force. The document is not intended to provide business or legal advice and is not regulatory guidance. Readers should consult with their own business and legal advisors.

Feedback and/or questions related to the Payment Lifecycles and Security Profiles can be submitted by using the “provide feedback” form.

Automated Clearing House Definition: An ACH payment (credit or debit) may include direct deposit payroll, Social Security payments, tax refunds, person-to-person (P2P) payments and the direct payment of business-to-business and consumer bills. Within the ACH system, the originator is the entity that originates transactions, and the receiver is the entity that receives the credit or debit payment (i.e. the payment is credited to or debited from their transaction account). The transactions pass through sending and receiving financial institutions that are authorized to use the ACH system.

Enrollment

Payer ID / Enrollment

Enrollment of a payer includes identity (ID) proofing, management of users (enrollment, de-enrollment, and changes) and determination of authority based on role

Payment Type Operation

Credit

Originating depository financial institution (ODFI) onboards originator utilizing Know Your Customer (KYC), underwriting, and assigning exposure limits.

Originator required to execute origination agreement with the ODFI.

Debit

RDFI onboards receiver (payer) utilizing Know Your Customer (KYC), credit underwriting, and assigning exposure limits.

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Payee ID / Enrollment

Enrollment of a payee includes identity (ID) proofing management of users (enrollment, de-enrollment and changes) and determination of authority based on role

Payment Type Operation

Credit

Receiving depository financial institution (RDFI) validates receiver’s identity as part of onboarding the receiver’s account.

Debit

ODFI validates originator (payee) identity as part of onboarding the originator’s account.

Overview of Security Methods and Associated Risks

Expand

Transaction*

Payer Authentication

Verification of payer when originating payments

Payment Type Operation

Credit

ODFI authenticates customer (originator) utilizing a variety of methods within regulatory guidelines.

Debit

RDFI authenticates customer (receiver) utilizing a variety of methods within regulatory guidelines.

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Initiation: Access Mode / Network

Environment in which the payment origination is requested

Payment Type Operation

Credit

Originator provides instructions through various means to the ODFI.

ODFI may utilize ACH operator or transmit directly to the RDFI.

Debit

Originator provides instructions through various means to the ODFI.

ODFI may utilize ACH operator or transmit directly to the RDFI.

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Initiation: Device / Method Used to Initiate Payment

Type of interaction or device used to enter payment account information

Payment Type Operation

Credit

Originator provides instructions through various means to the ODFI.

ODFI utilizes communications methods as agreed upon with ACH operator or RDFI.

Debit

Originator provides instructions through various means to the ODFI.

ODFI utilizes communication methods as agreed upon with ACH operator or RDFI.

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Initiation: Funding Account for Payment

Entry and/or identification of the funding account (with format checks)

Payment Type Operation

Credit

Verification of account information can occur between ODFI and RDFI prior to initiation (e.g. traditional ACH where a pre-note is sent prior to the actual transaction) based on underwriting and established exposure limits.

(See Payee ID/Enrollment)

Debit

Verification of account information can occur between ODFI and RDFI prior to initiation (e.g. traditional ACH where a pre-note is sent prior to the actual transaction) based on underwriting and established exposure limits.

(See Payee ID/Enrollment)

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Initiation: Payment Initiation Mechanism

Payment network, system and/or third-party accessed

Payment Type Operation

Credit

ACH network via ACH operators (Federal Reserve or Electronic Payments Network (EPN))

Debit

ACH network via ACH operators (Federal Reserve or Electronic Payments Network (EPN))

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Payer Authorization: Payment Network Traversed

“Rails” used to route authorization requests to the holder of the funding account

Payment Type Operation

Credit

N/A

Debit

N/A

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Payer Authorization: Transaction Authorization

Determination of whether to approve or decline a transaction including authorization time-frame, obligations. and any recourse decisions

Payment Type Operation

Credit

Originator must obtain authorization per NACHA operating rules.

Verification of receiver’s account information can occur between ODFI and RDFI prior to initiation.

RDFI can return for a variety of reasons to include account closed or other operational reasons as outlined in the NACHA rules.

Debit

Originator must obtain authorization per NACHA operating rules (i.e. in writing and signed or similarly authenticated).

Authorization occurs between the originator and receiver prior to initiation.

RDFI can return for a variety of reasons to include account closed or other operational reasons as outlined in the NACHA rules.

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Format Exchange

Payment instructions, rules and formatting

Payment Type Operation

Credit

NACHA rules and formats apply

Debit

NACHA rules and formats apply

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Receipt: Acknowledgement / Guarantee

Notification and confirmation of payment completion including terms for use

Payment Type Operation

Credit

N/A

Debit

N/A

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Payee Authentication

Mode of access to funds (or accounts)

Payment Type Operation

Credit

See Enrollment

Debit

See Enrollment

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Clearing and Settlement: Settlement / Exchange of Funds

Actual movement of funds to settle funding arrangements and applicable fees

Payment Type Operation

Credit

ACH clearing effects interbank settlement on Federal Reserve accounts or directly between financial institutions in accordance with established agreements.

Debit

ACH clearing effects interbank settlement on Federal Reserve accounts or directly between financial institutions in accordance with established agreements.

Overview of Security Methods and Associated Risks

Expand

Inventory of Sensitive Payment Data and Associated Risks

Expand

Reconciliation

Reconciliation / Exception Handling

Process and responsibilities associated with reconciliation and handling any exceptions or problems with a payment

Payment Type Operation

Credit

RDFI may return ACH entry for a variety of reasons including account closed, account frozen, or invalid account.

Debit

RDFI may return ACH entry for a variety of reasons including account closed, account frozen, or invalid account. Additionally, for consumer payments, the RDFI has an extended right of return for unauthorized payments.

Overview of Security Methods and Associated Risks

Expand

User Protection / Recourse

Applicable rules, regulations, and legal means of recourse

Payment Type Operation

Credit

UCC 4A applies to corporate credit transfers.

Regulation E consumer protections apply to consumer credit.

Debit

Regulation E consumer protections apply to consumer debit.

Last Updated: 02/21/2018

Footnotes

*Note: Payments/Transfers Flow in Both Directions