Appendix A to Part 235 - Official Board Commentary on Regulation II
12:4.0.1.1.6.0.1.11.2 : Appendix A
Appendix A to Part 235 - Official Board Commentary on Regulation II
Introduction
The following commentary to Regulation II (12 CFR part 235)
provides background material to explain the Board's intent in
adopting a particular part of the regulation. The commentary also
provides examples to aid in understanding how a particular
requirement is to work.
Section 235.2 Definitions 2(a) Account
1. Types of accounts. The term “account” includes
accounts held by any person, including consumer accounts
(i.e., those established primarily for personal, family or
household purposes) and business accounts. Therefore, the
limitations on interchange transaction fees and the prohibitions on
network exclusivity arrangements and routing restrictions apply to
all electronic debit transactions, regardless of whether the
transaction involves a debit card issued primarily for personal,
family, or household purposes or for business purposes. For
example, an issuer of a business-purpose debit card is subject to
the restrictions on interchange transaction fees and is also
prohibited from restricting the number of payment card networks on
which an electronic debit transaction may be processed under §
235.7.
2. Bona fide trusts. This part does not define the term
bona fide trust agreement; therefore, institutions must look to
state or other applicable law for interpretation. An account held
under a custodial agreement that qualifies as a trust under the
Internal Revenue Code, such as an individual retirement account, is
considered to be held under a trust agreement for purposes of this
part.
3. Account located in the United States. This part
applies only to electronic debit transactions that are initiated to
debit (or credit, for example, in the case of returned goods or
cancelled services) an account located in the United States. If a
cardholder uses a debit card to debit an account held outside the
United States, then the electronic debit transaction is not subject
to this part.
2(b) Acquirer
1. In general. The term “acquirer” includes only the
institution that contracts, directly or indirectly, with a merchant
to provide settlement for the merchant's electronic debit
transactions over a payment card network (referred to as acquiring
the merchant's electronic debit transactions). In some acquiring
relationships, an institution provides processing services to the
merchant and is a licensed member of the payment card network, but
does not settle the transactions with the merchant (by crediting
the merchant's account) or with the issuer. These institutions are
not “acquirers” because they do not provide credit to the merchant
for the transactions or settle the merchant's transactions with the
issuer. These institutions are considered processors and in some
circumstances may be considered payment card networks for purposes
of this part (See §§ 235.2(m), 235.2(o), and commentary
thereto).
2(c) Affiliate
1. Types of entities. The term “affiliate” includes any
bank and nonbank affiliates located in the United States or a
foreign country.
2. Other affiliates. For commentary on whether merchants
are affiliated, see comment 2(f)-7.
2(d) Cardholder
1. Scope. In the case of debit cards that access funds in
transaction, savings, or other similar asset accounts, “the person
to whom a card is issued” generally will be the named person or
persons holding the account. If the account is a business account,
multiple employees (or other persons associated with the business)
may have debit cards that can access the account. Each employee
that has a debit card that can access the account is a cardholder.
In the case of a prepaid card, the cardholder generally is either
the purchaser of the card or a person to whom the purchaser gave
the card, such as a gift recipient.
2(e) Control [Reserved] 2(f) Debit Card
1. Card, or other payment code or device. The term “debit
card” as defined in § 235.2(f) applies to any card, or other
payment code or device, even if it is not issued in a physical
form. Debit cards include, for example, an account number or code
that can be used to access funds in an account to make Internet
purchases. Similarly, the term “debit card” includes a device with
a chip or other embedded mechanism, such as a mobile phone or
sticker containing a contactless chip that links the device to
funds stored in an account, and enables an account to be debited.
The term “debit card,” however, does not include a one-time
password or other code if such password or code is used for the
purposes of authenticating the cardholder and is used in addition
to another card, or other payment code or device, rather than as
the payment code or device.
2. Deferred debit cards. The term “debit card” includes a
card, or other payment code or device, that is used in connection
with deferred debit card arrangements in which transactions are not
immediately posted to and funds are not debited from the underlying
transaction, savings, or other asset account upon settlement of the
transaction. Instead, the funds in the account typically are held
and made unavailable for other transactions for a period of time
specified in the issuer-cardholder agreement. After the expiration
of the time period, the cardholder's account is debited for the
value of all transactions made using the card that have been
submitted to the issuer for settlement during that time period. For
example, under some deferred debit card arrangements, the issuer
may debit the consumer's account for all debit card transactions
that occurred during a particular month at the end of the month.
Regardless of the time period between the transaction and account
posting, a card, or other payment code or device, that is used in
connection with a deferred debit arrangement is considered a debit
card for purposes of the requirements of this part.
3. Decoupled debit cards. Decoupled debit cards are
issued by an entity other than the financial institution holding
the cardholder's account. In a decoupled debit arrangement,
transactions that are authorized by the card issuer settle against
the cardholder's account held by an entity other than the issuer,
generally via a subsequent ACH debit to that account. The term
“debit card” includes any card, or other payment code or device,
issued or approved for use through a payment card network to debit
an account, regardless of whether the issuer holds the account.
Therefore, decoupled debit cards are debit cards for purposes of
this part.
4. Hybrid cards.
i. Some cards, or other payment codes or devices, may have both
credit- and debit-like features (“hybrid cards”). For example,
these cards may enable a cardholder to access a line of credit, but
select certain transactions for immediate repayment (i.e.,
prior to the end of a billing cycle) via a debit to the
cardholder's account, as the term is defined in § 235.2(a), held
either with the issuer or at another institution. If a card permits
a cardholder to initiate transactions that debit an account or
funds underlying a prepaid card, the card is considered a debit
card for purposes of this part. Not all transactions initiated by
such a hybrid card, however, are electronic debit transactions.
Rather, only those transactions that debit an account as defined in
this part or funds underlying a prepaid card are electronic debit
transactions. If the transaction posts to a line of credit, then
the transaction is a credit transaction.
ii. If an issuer conditions the availability of a credit or
charge card that permits pre-authorized repayment of some or all
transactions on the cardholder maintaining an account at the
issuer, such a card is considered a debit card for purposes of this
part.
5. Virtual wallets. A virtual wallet is a device
(e.g., a mobile phone) that stores several different payment
codes or devices (“virtual cards”) that access different accounts,
funds underlying the card, or lines of credit. At the point of
sale, the cardholder may select from the virtual wallet the virtual
card he or she wishes to use for payment. The virtual card that the
cardholder uses for payment is considered a debit card under this
part if the virtual card that initiates a transaction meets the
definition of debit card, notwithstanding the fact that other cards
in the wallet may not be debit cards.
6. General-use prepaid card. The term “debit card”
includes general-use prepaid cards. See § 235.2(i) and related
commentary for information on general-use prepaid cards.
7. Store cards. The term “debit card” does not include
prepaid cards that may be used at a single merchant or affiliated
merchants. Two or more merchants are affiliated if they are related
by either common ownership or by common corporate control. For
purposes of the “debit card” definition, franchisees are considered
to be under common corporate control if they are subject to a
common set of corporate policies or practices under the terms of
their franchise licenses.
8. Checks, drafts, and similar instruments. The term
“debit card” does not include a check, draft, or similar paper
instrument or a transaction in which the check is used as a source
of information to initiate an electronic payment. For example, if
an account holder provides a check to buy goods or services and the
merchant takes the account number and routing number information
from the MICR line at the bottom of a check to initiate an ACH
debit transfer from the cardholder's account, the check is not a
debit card, and such a transaction is not considered an electronic
debit transaction. Likewise, the term “debit card” does not include
an electronic representation of a check, draft, or similar paper
instrument.
9. ACH transactions. The term “debit card” does not
include an account number when it is used by a person to initiate
an ACH transaction that debits that person's account. For example,
if an account holder buys goods or services over the Internet using
an account number and routing number to initiate an ACH debit, the
account number is not a debit card, and such a transaction is not
considered an electronic debit transaction. However, the use of a
card to purchase goods or services that debits the cardholder's
account that is settled by means of a subsequent ACH debit
initiated by the card issuer to the cardholder's account, as in the
case of a decoupled debit card arrangement, involves the use of a
debit card for purposes of this part.
2(g) Designated Automated Teller Machine (ATM) Network
1. Reasonable and convenient access clarified. Under §
235.2(g)(2), a designated ATM network includes any network of ATMs
identified by the issuer that provides reasonable and convenient
access to the issuer's cardholders. Whether a network provides
reasonable and convenient access depends on the facts and
circumstances, including the distance between ATMs in the
designated network and each cardholder's last known home or work
address, or if a home or work address is not known, where the card
was first issued.
2(h) Electronic Debit Transaction
1. Debit an account. The term “electronic debit
transaction” includes the use of a card to debit an account. The
account debited could be, for example, the cardholder's asset
account or the account that holds the funds used to settle prepaid
card transactions.
2. Form of payment. The term “electronic debit
transaction” includes the use of a card as a form of payment that
may be made in exchange for goods or services, as a charitable
contribution, to satisfy an obligation (e.g., tax
liability), or for other purposes.
3. Subsequent transactions. The term “electronic debit
transaction” includes both the cardholder's use of a debit card for
the initial payment and any subsequent use by the cardholder of the
debit card in connection with the initial payment. For example, the
term “electronic debit transaction” includes using the debit card
to return merchandise or cancel a service that then results in a
debit to the merchant's account and a credit to the cardholder's
account.
4. Cash withdrawal at the point of sale. The term
“electronic debit transaction” includes a transaction in which a
cardholder uses the debit card both to make a purchase and to
withdraw cash (known as a “cash-back transaction”).
5. Geographic limitation. This regulation applies only to
electronic debit transactions that are initiated at a merchant
located in the United States. If a cardholder uses a debit card at
a merchant located outside the United States to debit an account
held in the United States, the electronic debit transaction is not
subject to this part.
2(i) General-Use Prepaid Card
1. Redeemable upon presentation at multiple, unaffiliated
merchants. A prepaid card is redeemable upon presentation at
multiple, unaffiliated merchants if such merchants agree to honor
the card.
2. Selective authorization cards. Selective authorization
cards, (e.g., mall cards) are generally intended to be used
or redeemed for goods or services at participating retailers within
a shopping mall or other limited geographic area. Selective
authorization cards are considered general-use prepaid cards,
regardless of whether they carry the mark, logo, or brand of a
payment card network, if they are redeemable at multiple,
unaffiliated merchants.
2(j) Interchange Transaction fee
1. In general. Generally, the payment card network is the
entity that establishes and charges the interchange transaction fee
to the acquirers or merchants. The acquirers then pay to the
issuers any interchange transaction fee established and charged by
the network. Acquirers typically pass the interchange transaction
fee through to merchant-customers.
2. Compensating an issuer. The term “interchange
transaction fee” is limited to those fees that a payment card
network establishes, charges, or receives to compensate the issuer
for its role in the electronic debit transaction. By contrast,
payment card networks generally charge issuers and acquirers fees
for services the network performs. Such fees are not interchange
transaction fees because the payment card network is charging and
receiving the fee as compensation for services it provides.
3. Established, charged, or received. Interchange
transaction fees are not limited to those fees for which a payment
card network sets the value. A fee that compensates an issuer is an
interchange transaction fee if the fee is set by the issuer but
charged to acquirers by virtue of the network determining each
participant's net settlement position.
2(k) Issuer
1. In general. A person issues a debit card by
authorizing the use of debit card by a cardholder to perform
electronic debit transactions. That person may provide the card
directly to the cardholder or indirectly by using a third party
(such as a processor, or a telephone network or manufacturer) to
provide the card, or other payment code or device, to the
cardholder. The following examples illustrate the entity that is
the issuer under various card program arrangements. For purposes of
determining whether an issuer is exempted under § 235.5(a),
however, the term issuer is limited to the entity that holds the
account being debited.
2. Traditional debit card arrangements. In a traditional
debit card arrangement, the bank or other entity holds the
cardholder's funds and authorizes the cardholder to use the debit
card to access those funds through electronic debit transactions,
and the cardholder receives the card directly or indirectly
(e.g., through an agent) from the bank or other entity that
holds the funds (except for decoupled debit cards, discussed
below). In this system, the bank or entity holding the cardholder's
funds is the issuer.
3. BIN-sponsor arrangements. Payment card networks assign
Bank Identification Numbers (BINs) to member-institutions for
purposes of issuing cards, authorizing, clearing, settling, and
other processes. In exchange for a fee or other financial
considerations, some members of payment card networks permit other
entities to issue debit cards using the member's BIN. The entity
permitting the use of its BIN is referred to as the “BIN sponsor”
and the entity that uses the BIN to issue cards is often referred
to as the “affiliate member.” BIN sponsor arrangements can follow
at least two different models:
i. Sponsored debit card model. In some cases, a community
bank or credit union may provide debit cards to its account holders
through a BIN sponsor arrangement with a member institution. In
general, the bank or credit union will authorize its account
holders to use debit cards to perform electronic debit transactions
that access funds in accounts at the bank or credit union. The bank
or credit union's name typically will appear on the debit card. The
bank or credit union may directly or indirectly provide the cards
to cardholders. Under these circumstances, the bank or credit union
is the issuer for purposes of this part. If that bank or credit
union, together with its affiliates, has assets of less than $10
billion, then that bank or credit union is exempt from the
interchange transaction fee restrictions. Although the bank or
credit union may distribute cards through the BIN sponsors, the BIN
sponsor does not enter into the agreement with the cardholder that
authorizes the cardholder to use the card to perform electronic
debit transactions that access funds in the account at the bank or
credit union, and therefore the BIN sponsor is not the issuer.
ii. Prepaid card model. A member institution may also
serve as the BIN sponsor for a prepaid card program. Under these
arrangements, a program manager distributes prepaid cards to the
cardholders and the BIN-sponsoring institution generally holds the
funds for the prepaid card program in an omnibus or pooled account.
Either the BIN sponsor or the prepaid card program manager may keep
track of the underlying funds for each individual prepaid card
through subaccounts. While the cardholder may receive the card
directly from the program manager or at a retailer, the BIN sponsor
authorizes the cardholder to use the card to perform electronic
debit transactions that access the funds in the pooled account and
the cardholder's relationship generally is with the BIN sponsor.
Accordingly, under these circumstances, the BIN sponsor, or the
bank holding the pooled account, is the issuer.
4. Decoupled debit cards. In the case of decoupled debit
cards, an entity other than the bank holding the cardholder's
account enters into a relationship with the cardholder authorizing
the use of the card to perform electronic debit transactions. The
entity authorizing the use of the card to perform electronic debit
transaction typically arranges for the card to be provided directly
or indirectly to the cardholder and has a direct relationship with
the cardholder with respect to the card. The bank holding the
cardholder's account has agreed generally to permit ACH debits to
the account, but has not authorized the use of the debit card to
access the funds through electronic debit transactions. Under these
circumstances, the entity authorizing the use of the debit card,
and not the account-holding institution, is considered the issuer.
An issuer of a decoupled debit card is not exempt under § 235.5(a),
even if, together with its affiliates, it has assets of less than
$10 billion, because it is not the entity holding the account to be
debited.
2(l) Merchant [Reserved] 2(m) Payment Card Network
1. In general. An entity is a considered a payment card
network with respect to an electronic debit transaction for
purposes of this rule if it routes information and data to the
issuer from the acquirer to conduct authorization, clearance, and
settlement of the electronic debit transaction. By contrast, if an
entity receives transaction information and data from a merchant
and authorizes and settles the transaction without routing the
information and data to another entity (i.e., the issuer or
the issuer's processor) for authorization, clearance, or
settlement, that entity is not considered a payment card network
with respect to the electronic debit transaction.
2. Three-party systems. In the case of a three-party
system, electronic debit transactions are processed by an entity
that acts as system operator and issuer, and may also act as the
acquirer. The entity acting as system operator and issuer that
receives the transaction information from the merchant or acquirer
also holds the cardholder's funds. Therefore, rather than directing
the transaction information to a separate issuer, the entity
authorizes and settles the transaction based on the information
received from the merchant. As these entities do not connect (or
“network”) multiple issuers and do not route information to conduct
the transaction, they are not “payment card networks” with respect
to these transactions.
3. Processors as payment card networks. A processor is
considered a payment card network if, in addition to acting as
processor for an acquirer and issuer, the processor routes
transaction information and data received from a merchant or the
merchant's acquirer to an issuer. For example, if a merchant uses a
processor in order to accept any, some, or all brands of debit
cards and the processor routes transaction information and data to
the issuer or issuer's processor, the merchant's processor is
considered a payment card network with respect to the electronic
debit transaction. If the processor establishes, charges, or
receives a fee for the purpose of compensating an issuer, that fee
is considered an interchange transaction fee for purposes of this
part.
4. Automated clearing house (ACH) operators. An ACH
operator is not considered a payment card network for purposes of
this part. While an ACH operator processes transactions that debit
an account and provides for interbank clearing and settlement of
such transactions, a person does not use the ACH system to accept
as a form of payment a brand of debit card.
5. ATM networks. An ATM network is not considered a
payment card network for purposes of this part. While ATM networks
process transactions that debit an account and provide for
interbank clearing and settlement of such transactions, a cash
withdrawal from an ATM is not a payment because there is no
exchange of money for goods or services, or payment made as a
charitable contribution, to satisfy an obligation (e.g., tax
liability), or for other purposes.
2(n) Person [Reserved] 2(o) Processor
1. Distinction from acquirers. A processor may perform
all transaction-processing functions for a merchant or acquirer,
but if it does not acquire (that is, settle with the merchant for
the transactions), it is not an acquirer. The entity that acquirers
electronic debit transactions is the entity that is responsible to
other parties to the electronic debit transaction for the amount of
the transaction.
2. Issuers. A processor may perform services related to
authorization, clearance, and settlement of transactions for an
issuer without being considered to be an issuer for purposes of
this part.
2(p) Route
1. An entity routes information if it both directs and sends the
information to an unaffiliated entity (or affiliated entity acting
on behalf of the unaffiliated entity). This other entity may be a
payment card network or processor (if the entity directing and
sending the information is a merchant or an acquirer) or an issuer
or processor (if the entity directing and sending the information
is a payment card network).
2(q) United States [Reserved] Section 235.3 Reasonable and
Proportional Interchange Transaction Fees 3(a) [Reserved] 3(b)
Determining Reasonable and Proportional Fees
1. Two components. The standard for the maximum
permissible interchange transaction fee that an issuer may receive
consists of two components: a base component that does not vary
with a transaction's value and an ad valorem component. The
amount of any interchange transaction fee received or charged by an
issuer may not exceed the sum of the maximum permissible amounts of
each component and any fraud-prevention adjustment the issuer is
permitted to receive under § 235.4 of this part.
2. Variation in interchange fees. An issuer is permitted
to charge or receive, and a network is permitted to establish,
interchange transaction fees that vary in their base component and
ad valorem component based on, for example, the type of
transaction or merchant, provided the amount of any interchange
transaction fee for any transaction does not exceed the sum of the
maximum permissible base component of 21 cents and 5 basis points
of the value of the transaction.
3. Example. For a $39 transaction, the maximum
permissible interchange transaction fee is 22.95 cents (21 cents
plus 5 basis points of $39). A payment card network may, for
example, establish an interchange transaction fee of 22 cents
without any ad valorem component.
Section 235.4 Fraud-Prevention Adjustment 4(b) Issuer Standards
Section 235.4 Fraud-prevention adjustment 4(a) [Reserved] 4(b)(1)
Issuer standards
1. An issuer's policies and procedures should address fraud
related to debit card use by unauthorized persons. Examples of use
by unauthorized persons include, but are not limited to, the
following:
i. A thief steals a cardholder's wallet and uses the debit card
to purchase goods, without the authority of the cardholder.
ii. A cardholder makes a purchase at a merchant. Subsequently,
the merchant's employee uses information from the debit card to
initiate a subsequent transaction, without the authority of the
cardholder.
iii. A hacker steals cardholder account information from the
issuer or a merchant processor and uses the stolen information to
make unauthorized card-not-present purchases or to create a
counterfeit card to make unauthorized card-present purchases.
2. An issuer's policies and procedures must be designed to
reduce fraud, where cost effective, across all types of electronic
debit transactions in which its cardholders engage. Therefore, an
issuer should consider whether its policies and procedures are
effective for each method used to authenticate the card
(e.g., a chip or a code embedded in the magnetic stripe) and
the cardholder (e.g., a signature or a PIN), and for
different sales channels (e.g., card-present and
card-not-present).
3. An issuer's policies and procedures must be designed to take
effective steps to reduce both the occurrence of and costs to all
parties from fraudulent electronic debit transactions. An issuer
should take steps reasonably designed to reduce the number and
value of its fraudulent electronic debit transactions relative to
its non-fraudulent electronic debit transactions. These steps
should reduce the costs from fraudulent transactions to all
parties, not merely the issuer. For example, an issuer should take
steps to reduce the number and value of its fraudulent electronic
debit transactions relative to its non-fraudulent transactions
whether or not it bears the fraud losses as a result of regulations
or network rules.
4. For any given issuer, the number and value of fraudulent
electronic debit transactions relative to non-fraudulent
transactions may vary materially from year to year. Therefore, in
certain circumstances, an issuer's policies and procedures may be
effective notwithstanding a relative increase in the transactions
that are fraudulent in a particular year. However, continuing
increases in the share of fraudulent transactions would warrant
further scrutiny.
5. In determining which fraud-prevention technologies to
implement or retain, an issuer must consider the cost-effectiveness
of the technology, that is, the expected cost of the technology
relative to its expected effectiveness in controlling fraud. In
evaluating the cost of a particular technology, an issuer should
consider whether and to what extent other parties will incur costs
to implement the technology, even though an issuer may not have
complete information about the costs that may be incurred by other
parties, such as the cost of new merchant terminals. In evaluating
the costs, an issuer should consider both initial implementation
costs and ongoing costs of using the fraud-prevention method.
6. An issuer need not develop fraud-prevention technologies
itself to satisfy the standards in § 235.4(b). An issuer may
implement fraud-prevention technologies that have been developed by
a third party that the issuer has determined are appropriate under
its own policies and procedures.
Paragraph 4(b)(2) Elements of fraud-prevention policies and
procedures.
1. In general. An issuer may tailor its policies and
procedures to address its particular debit card program, including
the size of the program, the types of transactions in which its
cardholders commonly engage, fraud types and methods experienced by
the issuer, and the cost of implementing new fraud-prevention
methods in light of the expected fraud reduction.
Paragraph 4(b)(2)(i). Methods to identify and prevent fraudulent
debit card transactions.
1. In general. Examples of policies and procedures
reasonably designed to identify and prevent fraudulent electronic
debit transactions include the following:
i. Practices to help determine whether a card is authentic and
whether the user is authorized to use the card at the time of a
transaction. For example, an issuer may specify the use of
particular authentication technologies or methods, such as dynamic
data, to better authenticate a card and cardholder at the time of
the transaction, to the extent doing so does not inhibit the
ability of a merchant to direct the routing of electronic debit
transactions for processing over any payment card network that may
process such transactions. (See § 235.7 and commentary
thereto.)
ii. An automated mechanism to assess the risk that a particular
electronic debit transaction is fraudulent during the authorization
process (i.e., before the issuer approves or declines an
authorization request). For example, an issuer may use neural
networks to identify transactions that present increased risk of
fraud. As a result of this analysis, the issuer may decide to
decline to authorize these transactions. An issuer may not be able
to determine whether a given transaction in isolation is fraudulent
at the time of authorization, and therefore may have implemented
policies and procedures that monitor sets of transactions initiated
with a cardholder's debit card. For example, an issuer could
compare a set of transactions initiated with the card to a
customer's typical transactions in order to determine whether a
transaction is likely to be fraudulent. Similarly, an issuer could
compare a set of transactions initiated with a debit card and
common fraud patterns in order to determine whether a transaction
or future transaction is likely to be fraudulent.
iii. Practices to support reporting of lost and stolen cards or
suspected incidences of fraud by cardholders or other parties to a
transaction. As an example, an issuer may promote customer
awareness by providing text alerts of transactions in order to
detect fraudulent transactions in a timely manner. An issuer may
also report debit cards suspected of being fraudulent to their
networks for inclusion in a database of potentially compromised
cards.
Paragraph 4(b)(2)(ii). Monitoring of the issuer's volume and value
of fraudulent electronic debit transactions.
1. Tracking its fraudulent electronic debit transactions over
time enables an issuer to assess whether its policies and
procedures are effective. Accordingly, an issuer must include
policies and procedures designed to monitor trends in the number
and value of its fraudulent electronic debit transactions. An
effective monitoring program would include tracking issuer losses
from fraudulent electronic debit transactions, fraud-related
chargebacks to acquirers, losses passed on to cardholders, and any
other reimbursements from other parties. Other reimbursements could
include payments made to issuers as a result of fines assessed to
merchants for noncompliance with Payment Card Industry (PCI) Data
Security Standards or other industry standards. An issuer should
also establish procedures to track fraud-related information
necessary to perform its reviews under § 235.4(b)(3) and to retain
and report information as required under § 235.8.
Paragraph 4(b)(2)(iii). Appropriate responses to suspicious
electronic debit transactions.
1. An issuer may identify transactions that it suspects to be
fraudulent after it has authorized or settled the transaction. For
example, a cardholder may inform the issuer that the cardholder did
not initiate a transaction or transactions, or the issuer may learn
of a fraudulent transaction or possibly compromised debit cards
from the network, the acquirer, or other parties. An issuer must
implement policies and procedures designed to provide an
appropriate response once an issuer has identified suspicious
transactions to reduce the occurrence of future fraudulent
electronic debit transactions and the costs associated with such
transactions. The appropriate response may differ depending on the
facts and circumstances, including the issuer's assessment of the
risk of future fraudulent electronic debit transactions. For
example, in some circumstances, it may be sufficient for an issuer
to monitor more closely the account with the suspicious
transactions. In other circumstances, it may be necessary to
contact the cardholder to verify a transaction, reissue a card, or
close an account. An appropriate response may also require
coordination with industry organizations, law enforcement agencies,
and other parties, such as payment card networks, merchants, and
issuer or merchant processors.
Paragraph 4(b)(2)(iv). Methods to secure debit card and cardholder
data.
1. An issuer must implement policies and procedures designed to
secure debit card and cardholder data. These policies and
procedures should apply to data that are transmitted by the issuer
(or its service provider) during transaction processing, that are
stored by the issuer (or its service provider), and that are
carried on media (e.g., laptops, transportable data storage
devices) by employees or agents of the issuer. This standard may be
incorporated into an issuer's information security program, as
required by Section 501(b) of the Gramm-Leach-Bliley Act.
Paragraph 4(b)(3) Review of and updates to policies and procedures.
1. i. An issuer's assessment of the effectiveness of its
policies and procedures should consider whether they are reasonably
designed to reduce the number and value of fraudulent electronic
debit transactions relative to non-fraudulent electronic debit
transactions and are cost effective. (See comment 4(b)(1)-3
and comment 4(b)(1)-5).
ii. An issuer must also assess its policies and procedures in
light of changes in fraud types (e.g., the use of
counterfeit cards, lost or stolen cards) and methods (e.g.,
common purchase patterns indicating possible fraudulent behavior),
as well as changes in the available methods of detecting and
preventing fraudulent electronic debit transactions (e.g.,
transaction monitoring, authentication methods) as part of its
periodic review of its policies and procedures. An issuer's review
of its policies and procedures must consider information from the
issuer's own experience and that the issuer otherwise identified
itself; information from payment card networks, law enforcement
agencies, and fraud-monitoring groups in which the issuer
participates; and supervisory guidance. For example, an issuer
should consider warnings and alerts it receives from payment card
networks regarding compromised cards and data breaches.
2. An issuer should review its policies and procedures and their
implementation more frequently than annually if the issuer
determines that more frequent review is appropriate based on
information obtained from monitoring its fraudulent electronic
debit transactions, changes in the types or methods of fraud, or
available methods of detecting and preventing fraudulent electronic
debit transactions. (See § 235.4(b)(1)(ii) and commentary
thereto.)
3. In light of an issuer's review of its policies and
procedures, and their implementation, the issuer may determine that
updates to its policies and procedures, and their implementation,
are necessary. Merely determining that updates are necessary does
not render an issuer ineligible to receive or charge the
fraud-prevention adjustment. To remain eligible to receive or
charge a fraud-prevention adjustment, however, an issuer should
develop and implement such updates as soon as reasonably
practicable, in light of the facts and circumstances.
4(c) Notification.
1. Payment card networks that plan to allow issuers to receive
or charge a fraud-prevention adjustment can develop processes for
identifying issuers eligible for this adjustment. Each issuer that
wants to be eligible to receive or charge a fraud-prevention
adjustment must notify annually the payment card networks in which
it participates of its compliance through the networks'
processes.
Section 235.5 Exemptions for Certain Electronic Debit Transactions
1. Eligibility for multiple exemptions. An electronic
debit transaction may qualify for one or more exemptions. For
example, a debit card that has been provided to a person pursuant
to a Federal, State, or local government-administered payment
program may be issued by an entity that, together with its
affiliates, has assets of less than $10 billion as of the end of
the preceding calendar year. In this case, an electronic debit
transaction made using that card may qualify for the exemption
under § 235.5(a) for small issuers or for the exemption under §
235.5(b) for government-administered payment programs. A payment
card network establishing interchange fees for transactions that
qualify for more than one exemption need only satisfy itself that
the issuer's transactions qualify for at least one of the
exemptions in order to exempt the electronic debit transaction from
the interchange fee restrictions.
2. Certification process. Payment card networks that plan
to allow issuers to receive higher interchange fees than permitted
under §§ 235.3 and 235.4 pursuant to one of the exemptions in §
235.5 could develop their own processes for identifying issuers and
products eligible for such exemptions. Section 235.5(a)(2) permits
payment card networks to rely on lists published by the Board to
help determine eligibility for the small issuer exemption set forth
in § 235.5(a)(1).
5(a) Exemption for Small Issuers
1. Asset size determination. An issuer would qualify for
the small-issuer exemption if its total worldwide banking and
nonbanking assets, including assets of affiliates, other than trust
assets under management, are less than $10 billion, as of December
31 of the preceding calendar year.
2. Change in status. If an exempt issuer becomes covered
based on its and its affiliates assets at the end of a calendar
year, that issuer must begin complying with the interchange fee
standards (§ 235.3), the fraud-prevention adjustment standards (to
the extent the issuer wishes to receive a fraud-prevention
adjustment) (§ 235.4), and the provisions prohibiting
circumvention, evasion, and net compensation (§ 235.6) no later
than July 1.
5(b) Exemption for Government-Administered Payment Programs
1. Government-administered payment program. A program is
considered government-administered regardless of whether a Federal,
State, or local government agency operates the program or
outsources some or all functions to third parties so long as the
program is operated on behalf of the government agency. In
addition, a program may be government-administered even if a
Federal, State, or local government agency is not the source of
funds for the program it administers. For example, child support
programs are government-administered programs even though a
Federal, State, or local government agency is not the source of
funds. A tribal government is considered a local government for
purposes of this exemption.
5(c) Exemption for Certain Reloadable Prepaid Cards
1. Subaccount clarified. A subaccount is an account
within an account, opened in the name of an agent, nominee, or
custodian for the benefit of two or more cardholders, where the
transactions and balances of individual cardholders are tracked in
such subaccounts. An account that is opened solely in the name of a
single cardholder is not a subaccount.
2. Reloadable. A general-use prepaid card is “reloadable”
if the terms and conditions of the agreement permit funds to be
added to the general-use prepaid card at any time after the initial
purchase or issuance. A general-use prepaid card is not
“reloadable” merely because the issuer or processor is technically
able to add functionality that would otherwise enable the
general-use prepaid card to be reloaded.
3. Marketed or labeled as a gift card or gift
certificate. i. Electronic debit transactions made using a
reloadable general-use prepaid card are not exempt from the
interchange fee restrictions if the card is marketed or labeled as
a gift card or gift certificate. The term “marketed or labeled as a
gift card or gift certificate” means directly or indirectly
offering, advertising or otherwise suggesting the potential use of
a general-use prepaid card as a gift for another person. Whether
the exclusion applies generally does not depend on the type of
entity that makes the promotional message. For example, a card may
be marketed or labeled as a gift card or gift certificate if anyone
(other than the purchaser of the card), including the issuer, the
retailer, the program manager that may distribute the card, or the
payment network on which a card is used, promotes the use of the
card as a gift card or gift certificate. A general-use prepaid card
is marketed or labeled as a gift card or gift certificate even if
it is only occasionally marketed as a gift card or gift
certificate. For example, a network-branded general purpose
reloadable card would be marketed or labeled as a gift card or gift
certificate if the issuer principally advertises the card as a less
costly alternative to a bank account but promotes the card in a
television, radio, newspaper, or Internet advertisement, or on
signage as “the perfect gift” during the holiday season.
ii. The mere mention of the availability of gift cards or gift
certificates in an advertisement or on a sign that also indicates
the availability of exempted general-use prepaid cards does not by
itself cause the general-use prepaid card to be marketed as a gift
card or a gift certificate. For example, the posting of a sign in a
store that refers to the availability of gift cards does not by
itself constitute the marketing of otherwise exempted general-use
prepaid cards that may also be sold in the store along with gift
cards or gift certificates, provided that a person acting
reasonably under the circumstances would not be led to believe that
the sign applies to all cards sold in the store. (See,
however, comment 5(c)-4.ii.)
4. Examples of marketed or labeled as a gift card or gift
certificate.
i. The following are examples of marketed or labeled as a gift
card or gift certificate:
A. Using the word “gift” or “present” on a card or accompanying
material, including documentation, packaging and promotional
displays;
B. Representing or suggesting that a card can be given to
another person, for example, as a “token of appreciation” or a
“stocking stuffer,” or displaying a congratulatory message on the
card or accompanying material;
C. Incorporating gift-giving or celebratory imagery or motifs,
such as a bow, ribbon, wrapped present, candle, or a holiday or
congratulatory message, on a card, accompanying documentation, or
promotional material;
ii. The term does not include the following:
A. Representing that a card can be used as a substitute for a
checking, savings, or deposit account;
B. Representing that a card can be used to pay for a consumer's
health-related expenses - for example, a card tied to a health
savings account;
C. Representing that a card can be used as a substitute for
travelers checks or cash;
D. Representing that a card can be used as a budgetary tool, for
example, by teenagers, or to cover emergency expenses.
5. Reasonable policies and procedures to avoid marketing as a
gift card. The exemption for a general-use prepaid card that is
reloadable and not marketed or labeled as a gift card or gift
certificate in § 235.5(c) applies if a reloadable general-use
prepaid card is not marketed or labeled as a gift card or gift
certificate and if persons involved in the distribution or sale of
the card, including issuers, program managers, and retailers,
maintain policies and procedures reasonably designed to avoid such
marketing. Such policies and procedures may include contractual
provisions prohibiting a reloadable general-use prepaid card from
being marketed or labeled as a gift card or gift certificate,
merchandising guidelines or plans regarding how the product must be
displayed in a retail outlet, and controls to regularly monitor or
otherwise verify that the general-use prepaid card is not being
marketed as a gift card. Whether a general-use prepaid card has
been marketed as a gift card or gift certificate will depend on the
facts and circumstances, including whether a reasonable person
would be led to believe that the general-use prepaid card is a gift
card or gift certificate. The following examples illustrate the
application of § 235.5(c):
i. An issuer or program manager of prepaid cards agrees to sell
general-purpose reloadable cards through a retailer. The contract
between the issuer or program manager and the retailer establishes
the terms and conditions under which the cards may be sold and
marketed at the retailer. The terms and conditions prohibit the
general-purpose reloadable cards from being marketed as a gift card
or gift certificate, and require policies and procedures to
regularly monitor or otherwise verify that the cards are not being
marketed as such. The issuer or program manager sets up one
promotional display at the retailer for gift cards and another
physically separated display for exempted products under §
235.5(c), including general-purpose reloadable cards, such that a
reasonable person would not believe that the exempted cards are
gift cards. The exemption in § 235.5(c) applies because policies
and procedures reasonably designed to avoid the marketing of the
general-purpose reloadable cards as gift cards or gift certificates
are maintained, even if a retail clerk inadvertently stocks or a
consumer inadvertently places a general-purpose reloadable card on
the gift card display.
ii. Same facts as in comment 5(c)-5.i, except that the issuer or
program manager sets up a single promotional display at the
retailer on which a variety of prepaid cards are sold, including
store gift cards and general-purpose reloadable cards. A sign
stating “Gift Cards” appears prominently at the top of the display.
The exemption in § 235.5(c) does not apply with respect to the
general-purpose reloadable cards because policies and procedures
reasonably designed to avoid the marketing of exempted cards as
gift cards or gift certificates are not maintained.
iii. Same facts as in comment 5(c)-5.i, except that the issuer
or program manager sets up a single promotional multi-sided display
at the retailer on which a variety of prepaid card products,
including store gift cards and general-purpose reloadable cards are
sold. Gift cards are segregated from exempted cards, with gift
cards on one side of the display and exempted cards on a different
side of a display. Signs of equal prominence at the top of each
side of the display clearly differentiate between gift cards and
the other types of prepaid cards that are available for sale. The
retailer does not use any more conspicuous signage suggesting the
general availability of gift cards, such as a large sign stating
“Gift Cards” at the top of the display or located near the display.
The exemption in § 235.5(c) applies because policies and procedures
reasonably designed to avoid the marketing of the general-purpose
reloadable cards as gift cards or gift certificates are maintained,
even if a retail clerk inadvertently stocks or a consumer
inadvertently places a general-purpose reloadable card on the gift
card display.
iv. Same facts as in comment 5(c)-5.i, except that the retailer
sells a variety of prepaid card products, including store gift
cards and general-purpose reloadable cards, arranged side-by-side
in the same checkout lane. The retailer does not affirmatively
indicate or represent that gift cards are available, such as by
displaying any signage or other indicia at the checkout lane
suggesting the general availability of gift cards. The exemption in
§ 235.5(c) applies because policies and procedures reasonably
designed to avoid marketing the general-purpose reloadable cards as
gift cards or gift certificates are maintained.
6. On-line sales of prepaid cards. Some web sites may
prominently advertise or promote the availability of gift cards or
gift certificates in a manner that suggests to a consumer that the
web site exclusively sells gift cards or gift certificates. For
example, a web site may display a banner advertisement or a graphic
on the home page that prominently states “Gift Cards,” “Gift
Giving,” or similar language without mention of other available
products, or use a web address that includes only a reference to
gift cards or gift certificates in the address. In such a case, a
consumer acting reasonably under the circumstances could be led to
believe that all prepaid products sold on the web site are gift
cards or gift certificates. Under these facts, the web site has
marketed all such products as gift cards or gift certificates, and
the exemption in § 235.5(c) does not apply to any products sold on
the web site.
7. Temporary non-reloadable cards issued in connection with a
general-use reloadable card. Certain general-purpose prepaid
cards that are typically marketed as an account substitute
initially may be sold or issued in the form of a temporary
non-reloadable card. After the card is purchased, the cardholder is
typically required to call the issuer to register the card and to
provide identifying information in order to obtain a reloadable
replacement card. In most cases, the temporary non-reloadable card
can be used for purchases until the replacement reloadable card
arrives and is activated by the cardholder. Because the temporary
non-reloadable card may only be obtained in connection with the
reloadable card, the exemption in § 235.5(c) applies so long as the
card is not marketed as a gift card or gift certificate.
5(d) Exception
1. Additional ATM access. Some debit cards may be used to
withdraw cash from ATMs that are not part of the issuer's
designated ATM network. An electronic debit card transaction may
still qualify for the exemption under §§ 235.5(b) or (c) with a
respect to a card for which a fee may be imposed for a withdrawal
from an ATM that is outside of the issuer's designated ATM network
as long as the card complies with the condition set forth in §
235.5(d)(2) for withdrawals within the issuer's designated ATM
network. The condition with respect to ATM fees does not apply to
cards that do not provide ATM access.
Section 235.6 Prohibition on Circumvention, Evasion, and Net
Compensation
1. No applicability to exempt issuers or electronic debit
transactions. The prohibition against circumventing or evading
the interchange transaction fee restrictions or against net
compensation does not apply to issuers or electronic debit
transactions that qualify for an exemption under § 235.5 from the
interchange transaction fee restrictions.
6(a) Prohibition of Circumvention or Evasion
1. Finding of circumvention or evasion. A finding of
evasion or circumvention will depend on all relevant facts and
circumstances. Although net compensation may be one form of
circumvention or evasion prohibited under § 235.6(a), it is not the
only form.
2. Examples of circumstances that may constitute
circumvention or evasion.
The following examples do not constitute per se circumvention or
evasion, but may warrant additional supervisory scrutiny to
determine whether the totality of the facts and circumstances
constitute circumvention or evasion:
i. A payment card network decreases network processing fees paid
by issuers for electronic debit transactions by 50 percent and
increases the network processing fees charged to merchants or
acquirers with respect to electronic debit transactions by a
similar amount. Because the requirements of this subpart do not
restrict or otherwise establish the amount of fees that a network
may charge for its services, the increase in network fees charged
to merchants or acquirers and decrease in fees charged to issuers
is not a per se circumvention or evasion of the interchange
transaction fee standards, but may warrant additional supervisory
scrutiny to determine whether the facts and circumstances
constitute circumvention or evasion.
ii. An issuer replaces its debit cards with prepaid cards that
are exempt from the interchange limits of §§ 235.3 and 235.4. The
exempt prepaid cards are linked to its customers' transaction
accounts and funds are swept from the transaction accounts to the
prepaid accounts as needed to cover transactions made. Again, this
arrangement is not per se circumvention or evasion, but may warrant
additional supervisory scrutiny to determine whether the facts and
circumstances constitute circumvention or evasion.
6(b) Prohibition of Net Compensation
1. Net compensation. Net compensation to an issuer
through the use of network fees is prohibited.
2. Consideration of payments or incentives provided by the
network in net compensation determination.
i. For purposes of the net compensation determination, payments
or incentives paid by a payment card network to an issuer with
respect to electronic debit transactions or debit card related
activities could include, but are not limited to, marketing
incentives; payments or rebates for meeting or exceeding a specific
transaction volume, percentage share, or dollar amount of
transactions processed; or other payments for debit card related
activities. For example, signing bonuses paid by a network to an
issuer for the issuer's debit card portfolio would also be included
in the total amount of payments or incentives received by an issuer
from a payment card network with respect to electronic debit
transactions. A signing bonus for an entire card portfolio,
including credit cards, may be allocated to the issuer's debit card
business based on the proportion of the cards or transactions that
are debit cards or electronic debit transactions, as appropriate to
the situation, for purposes of the net compensation
determination.
ii. Incentives paid by the network with respect to multiple-year
contracts may be allocated over the life of the contract.
iii. For purposes of the net compensation determination,
payments or incentives paid by a payment card network with respect
to electronic debit transactions or debit card-related activities
do not include interchange transaction fees that are passed through
to the issuer by the network, or discounts or rebates provided by
the network or an affiliate of the network for issuer-processor
services. In addition, funds received by an issuer from a payment
card network as a result of chargebacks, fines paid by merchants or
acquirers for violations of network rules, or settlements or
recoveries from merchants or acquirers to offset the costs of
fraudulent transactions or a data security breach do not constitute
incentives or payments made by a payment card network.
3. Consideration of fees paid by an issuer in net
compensation determination.
i. For purposes of the net compensation determination, fees paid
by an issuer to a payment card network with respect to electronic
debit transactions or debit card related activities include, but
are not limited to, membership or licensing fees, network
administration fees, and fees for optional network services, such
as risk management services.
ii. For purposes of the net compensation determination, fees
paid by an issuer to a payment card network with respect to
electronic debit transactions or debit card-related activities do
not include network processing fees (such as switch fees and
network connectivity fees) or fees paid to an issuer processor
affiliated with the network for authorizing, clearing, or settling
an electronic debit transaction.
4. Example of circumstances not involving net compensation to
the issuer. The following example illustrates circumstances
that would not indicate net compensation by the payment card
network to the issuer:
i. Because of an increase in debit card transactions that are
processed through a payment card network during a calendar year, an
issuer receives an additional volume-based incentive payment from
the network for that period. Over the same period, however, the
total network fees (other than processing fees) the issuer pays the
payment card network with respect to debit card transactions also
increase so that the total amount of fees paid by the issuer to the
network continue to exceed incentive payments by the network to the
issuer. Under these circumstances, the issuer does not receive net
compensation from the network for electronic debit transactions or
debit card related activities.
Section 235.7 Limitations on Payment Card Restrictions
1. Application of small issuer, government-administered
payment program, and reloadable card exemptions to payment card
network restrictions. The exemptions under § 235.5 for small
issuers, cards issued pursuant to government-administered payment
programs, and certain reloadable prepaid cards do not apply to the
limitations on payment card network restrictions. For example,
debit cards for government-administered payment programs, although
exempt from the restrictions on interchange transaction fees, are
subject to the requirement that electronic debit transactions made
using such cards must be capable of being processed on at least two
unaffiliated payment card networks and to the prohibition on
inhibiting a merchant's ability to determine the routing for
electronic debit transactions.
7(a) Prohibition on Network Exclusivity
1. Scope of restriction. Section 235.7(a) requires a
debit card subject to the regulation to be enabled on at least two
unaffiliated payment card networks. This paragraph does not,
however, require an issuer to have two or more unaffiliated
networks available for each method of cardholder authentication.
For example, it is sufficient for an issuer to issue a debit card
that operates on one signature-based card network and on one
PIN-based card network, as long as the two card networks are not
affiliated. Alternatively, an issuer may issue a debit card that is
accepted on two unaffiliated signature-based card networks or on
two unaffiliated PIN-based card networks. See also, comment
7(a)-7.
2. Permitted networks. i. A smaller payment card network
could be used to help satisfy the requirement that an issuer enable
two unaffiliated networks if the network was willing to expand its
coverage in response to increased merchant demand for access to its
network and it meets the other requirements for a permitted
arrangement, including taking steps reasonably designed to enable
it to process the electronic debit transactions that it would
reasonably expect to be routed to it. If, however, the network's
policy or practice is to limit such expansion, it would not qualify
as one of the two unaffiliated networks.
ii. A payment card network that is accepted only at a limited
category of merchants (such as a particular grocery store chain,
merchants located in a particular shopping mall, or a single class
of merchants, such as grocery stores or gas stations) would not
satisfy the rule.
iii. One of the steps a network can take to form a reasonable
expectation of transaction volume is to consider factors such as
the number of cards expected to be issued that are enabled on the
network and expected card usage patterns.
3. Examples of prohibited network restrictions on an issuer's
ability to contract. The following are examples of prohibited
network restrictions on an issuer's ability to contract with other
payment card networks:
i. Network rules or contract provisions limiting or otherwise
restricting the other payment card networks that may be enabled on
a particular debit card, or network rules or contract provisions
that specify the other networks that may be enabled on a particular
debit card.
ii. Network rules or guidelines that allow only that network's
(or its affiliated network's) brand, mark, or logo to be displayed
on a particular debit card, or that otherwise limit the ability of
brands, marks, or logos of other payment card networks to appear on
the debit card.
4. Network logos or symbols on card not required. Section
235.7(a) does not require that a debit card display the brand,
mark, or logo of each payment card network over which an electronic
debit transaction may be processed. For example, this rule does not
require a debit card that is enabled for two or more unaffiliated
payment card networks to bear the brand, mark, or logo for each
card network.
5. Voluntary exclusivity arrangements prohibited. Section
235.7(a) requires the issuance of debit cards that are enabled on
at least two unaffiliated payment card networks, even if the issuer
is not subject to any rule of, or contract or other agreement with,
a payment card network requiring that all or a specified minimum
percentage of electronic debit transactions be processed on the
network or its affiliated networks.
6. Affiliated payment card networks. Section 235.7(a)
does not prohibit an issuer from including an affiliated payment
card network among the networks that may process an electronic
debit transaction with respect to a particular debit card, as long
as at least two of the networks that are enabled on the card are
unaffiliated. For example, an issuer may offer debit cards that are
accepted on a payment card network for signature debit transactions
and on an affiliated payment card network for PIN debit
transactions as long as those debit cards may also be accepted on
another unaffiliated payment card network.
7. Application of rule regardless of form factor. The
network exclusivity provisions in § 235.7(a) require that all debit
cards be enabled on at least two unaffiliated payment card networks
for electronic debit transactions, regardless of whether the debit
card is issued in card form. This applies to any supplemental
device, such as a fob or token, or chip or application in a mobile
phone, that is issued in connection with a plastic card, even if
that plastic card fully complies with the rule.
7(b) Prohibition on Routing Restrictions
1. Relationship to the network exclusivity restrictions.
An issuer or payment card network is prohibited from inhibiting a
merchant's ability to route or direct an electronic debit
transaction over any of the payment card networks that the issuer
has enabled to process an electronic debit transaction for that
particular debit card. This rule does not permit a merchant to
route the transaction over a network that the issuer did not enable
to process transactions using that debit card.
2. Examples of prohibited merchant restrictions. The
following are examples of issuer or network practices that would
inhibit a merchant's ability to direct the routing of an electronic
debit transaction that are prohibited under § 235.7(b):
i. Prohibiting a merchant from encouraging or discouraging a
cardholder's use of a particular method of debit card
authorization, such as rules prohibiting merchants from favoring a
cardholder's use of PIN debit over signature debit, or from
discouraging the cardholder's use of signature debit.
ii. Establishing network rules or designating issuer priorities
directing the processing of an electronic debit transaction on a
specified payment card network or its affiliated networks, or
directing the processing of the transaction away from a specified
network or its affiliates, except as a default rule in the event
the merchant, or its acquirer or processor, does not designate a
routing preference, or if required by state law.
iii. Requiring a specific payment card network based on the type
of access device provided to the cardholder by the issuer.
3. Merchant payments not prohibited. A payment card
network does not restrict a merchant's ability to route
transactions over available payment card networks in violation of §
235.7(b) by offering payments or other incentives to encourage the
merchant to route electronic debit card transactions to the network
for processing.
4. Real-time routing decision not required. A merchant
need not make network routing decisions on a
transaction-by-transaction basis. A merchant and its acquirer or
processor may agree to a pre-determined set of routing choices that
apply to all electronic debit transactions that are processed by
the acquirer or processor on behalf of the merchant.
5. No effect on network rules governing the routing of
subsequent transactions. Section 235.7 does not supersede a
network rule that requires a chargeback or return of an electronic
debit transaction to be processed on the same network that
processed the original transaction.
7(c) Effective Date
1. Health care and employee benefit cards. Section
235.7(c)(1) delays the effective date of the network exclusivity
provisions for certain debit cards issued in connection with a
health care or employee benefit account to the extent such cards
use (even if not required) transaction substantiation or
qualification authorization systems at point of sale to verify that
the card is only used for eligible goods and services for purposes
of qualifying for favorable tax treatment under Internal Revenue
Code requirements. Debit cards that may qualify for the delayed
effective date include, but may not be limited to, cards issued in
connection with flexible spending accounts established under
section 125 of the Internal Revenue Code for health care related
expenses and health reimbursement accounts established under
section 105 of the Internal Revenue Code.
Section 235.8 Reporting Requirements and Record Retention
[Reserved]
Section 235.9 Administrative Enforcement
[Reserved]
Section 235.10 Effective and Compliance Dates
[Reserved]
[76 FR 43466, July 20, 2011, as amended at 76 FR 43467, July 20,
2011; 77 FR 46280, Aug. 3, 2012]