[LINK] Questions about the New ePayments Code
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Oct 24 08:20:49 AEDT 2011
[This news is a month old, but it only just reached me, and I've not
seen it reported.]
RIP the ETF Code of Conduct 1986-2013.
ASIC issued a replacement code on 20 Sep 2011, called the ePayments
Code, said to follow "widespread consultation between ASIC, industry
and consumers".
"A major objective of the review was to ensure the Code covers all
consumer electronic payment products, not just those from traditional
banking organisations". The Media Release trumpeted the news that
PayPal "has agreed to sign up ... by the end of the transition period
which is 20 March 2013".
The Code encompasses "ATM, EFTPOS, debit and credit card transactions
(including contactless transactions), online payments, internet
banking and BPAY".
It's unenforceable. But the EFTS Code of Conduct has been (almost
entirely?) respected by those organisations that had signed up to it.
Media Release:
http://www.asic.gov.au/asic/asic.nsf/byheadline/11-205MR+ASIC+releases+new+ePayments+Code?openDocument
Access to the ePayments Code:
http://www.asic.gov.au/asic/asic.nsf/byheadline/ePayments-Code?openDocument
Changes incorporated into the Code include:
* a tailored set of light touch requirements for low value products
(with a maximum balance of $500);
* a new regime to resolve mistaken internet banking payments; and
* plain English drafting that is product and technology neutral.
I submitted to one of the rounds of the review, when the banks were
trying to shift liability to consumers unless consumers (using
unknown means) protected their devices. I haven't been aware of
developments since.
Questions that come to mind:
- do "light touch reqiurements" mean that consumers are unprotected
in the case of those ghastly Visa PayWave and MasterCard Paypass cards?
- now that the 'technology-neutral' mantra has infected the Code,
will it be clear enough, and will there be enough meat in it,
to deal with the diversity of payment mechanisms?
- the list of signatories comprises (all?) banks, building societies
and credit unions, and is long:
http://www.asic.gov.au/asic/asic.nsf/byheadline/List-of-EFT-Code-members-A-H?openDocument
but the real question is 'what relevant organisations *aren't* there'?
- when will providers of Internet Banking be required to validate
the payee data? ( At present, consumers type in 6-char BSBs and
c.9-char account numbers, accompanied by account-holder name, but
FIs declare that they have no responsibility to check that the
name corresponds to the account-number)
- what does this mean: "A consumer is not liable for any unauthorised
transactions on their debit card that were done without a PIN or
signature"? (Contactless card transactions, and even some
contact-card transactions, e.g. at parking stations, are done
without any form of authentication. So does a consumer merely
have to 'say no'??)
- what does this mean: "subscribers need not provide receipts for their
low value products, but must provide consumers with ways to check their
balance and transaction history"? (Merchants are the ones who must
issue receipts)
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list