Understanding Remotely Created Checks (RCCs)

Understanding Remotely
Created Checks (RCCs)

In the dynamic world of digital payments, traditional methods like checks continue to evolve to meet modern demands. One such adaptation is the Remotely Created Check (RCC), an innovative payment method that has garnered attention for its convenience and efficiency. This article delves into what RCCs are, how they work, their uses and benefits, and the associated risks and regulatory considerations.

What is a Remotely Created Check (RCC)?

A Remotely Created Check (RCC) is a type of check that is not created by the account holder but is authorized by them for a specific transaction. These checks are generated by the Bank of First Deposit (BOFD) or Depositing Bank based on the account holder’s authorization, which is typically provided over the phone, online, or via email. Unlike traditional checks, RCCs lack a physical signature, relying instead on electronic authorization.

How RCCs Work

The process of creating an RCC involves several key steps:

  1. Authorization: The payer authorizes the transaction, providing necessary banking details such as the bank account number, routing number, the amount of the check, and consent.
  2. Creation: The Bank of First Deposit (BOFD) or Depositing Bank creates the RCC with the authorized details.
  3. Deposit and Processing: The RCC is deposited into the payee’s bank account and processed through the traditional check-clearing systems.

This streamlined process allows RCCs to be utilized in scenarios where obtaining a physical check is impractical, providing a convenient payment method.

Uses and Benefits of RCCs

RCCs are primarily used in situations where obtaining a physical check from the payer is impractical. Common scenarios include:

  • Telephone and Internet Sales: RCCs facilitate payments when the payer cannot provide a physical check but can authorize the transaction remotely.
  • Bill Payments: Utility companies and service providers may use RCCs to collect payments authorized over the phone or online.
  • Collections: RCCs can be employed by collection agencies to settle outstanding debts quickly.

The benefits of RCCs include:

  • Convenience: They eliminate the need for physical checks, speeding up the payment process.
  • Efficiency: RCCs can be processed faster than traditional checks, improving cash flow for businesses.
  • Flexibility: They allow businesses to accept payments from customers who may not have immediate access to electronic payment methods.

Risks and Regulatory Considerations

Despite their benefits, RCCs carry certain risks, particularly related to fraud and unauthorized transactions. Because RCCs do not require a physical signature, they can be susceptible to misuse if proper authorization is not obtained. The use of Remotely Created Checks (RCCs) is governed by a combination of federal regulations, state laws, and industry standards. These regulations are designed to ensure the legitimacy, security, and proper handling of RCCs to protect both consumers and businesses. Here are the key regulations and governing bodies:

1. Uniform Commercial Code (UCC)

  • UCC Articles 3 and 4: These articles address the laws of negotiable instruments and bank deposits and collections. The UCC requires that negotiable instruments, including checks, be in written form, which means RCCs must exist in paper form initially.

2. Regulation CC

  • 12 CFR Part 229: Also known as the Availability of Funds and Collection of Checks, Regulation CC governs the endorsement, collection, and return of checks. It imposes warranties and responsibilities on banks that handle RCCs to ensure their legitimacy and proper handling.

3. Electronic Fund Transfer Act (EFTA)

  • Regulation E (12 CFR Part 1005): This regulation provides protections to consumers against unauthorized electronic fund transfers. While it primarily deals with electronic payments, its consumer protection measures can extend to transactions involving RCCs.

4. Telemarketing Sales Rule (TSR)

  • 16 CFR Part 310: The TSR, enforced by the Federal Trade Commission (FTC), prohibits certain payment methods deemed unfair and abusive, including remotely created payment orders (RCPOs). This rule impacts RCCs used in telemarketing by adding additional compliance requirements.

5. Check Clearing for the 21st Century Act (Check 21 Act)

  • Public Law 108-100: Enacted in 2004, this federal law allows the digital processing of checks by creating a substitute check from the original paper check. It facilitates the electronic exchange of check images, which is essential for RCC processing.

6. Federal Reserve Bank Operating Circulars

  • Operating Circular 3 (OC3): This circular provides guidelines on the clearing and settlement of checks, including RCCs. The Federal Reserve Bank has also banned RCPOs that did not exist in paper form before being imaged, effective in 2019.

7. ECCHO Rules

  • Electronic Check Clearing House Organization (ECCHO): This private sector organization provides rules and standards for electronic check processing, including RCCs. ECCHO’s rules complement federal regulations and help ensure the proper handling and clearing of RCCs.

8. State Laws

  • State Variations: While the UCC provides a uniform framework, individual states may have variations in their implementation of UCC Articles 3 and 4. Businesses must comply with both federal and applicable state laws regarding RCCs.

To summarize, Remotely Created Checks are allowed by state and federal check laws, but they must be in writing, in physical form (e.g., paper) in order to be legal instruments. Remotely Created Payment Orders (RCPOs) are only legal items if they existed as paper before being imaged and processed through the check processing system.

Best Practices for Originators of RCCs

To ensure the secure and effective use of RCCs, merchants should adhere to several best practices:

  1. Product Offering and Marketing: Clearly articulate the reasons for offering RCCs and ensure they are marketed for legitimate purposes, not as a means to circumvent regulatory thresholds. Differentiate why RCCs are best for customers, such as providing more information than ACH formats and including detailed contact information on checks.
  2. Agreements: Establish distinct agreements with payment processors that outline the necessity of RCCs being paper items before imaging and processing.
  3. Policies and Procedures: Document policies addressing prohibited products and services, return rate thresholds, and the requirement for authorization verification. Policies should prohibit the use of RCCs for payments authorized over the telephone, which would violate the Telemarketing Sales Rule.
  4. Due Diligence: Implement rigorous due diligence processes for customers to ensure proper authorization and periodic review.
  5. Monitoring and Training: Regularly monitor return rates and consumer complaints, and ensure staff undergo annual training on RCC policies.
  6. Compliance and Oversight: Establish a compliance function to monitor adherence to internal policies and regulatory changes, with regular oversight reporting to ensure compliance. This reporting should occur at least quarterly and be documented in meeting minutes.
  7. Independent Review: Conduct independent reviews of the RCC program to test adherence to policies and procedures, documenting and remediating any failures.

Conclusion

Remotely Created Checks represent a notable innovation in the payments industry, providing a convenient and efficient alternative to traditional checks. However, their use necessitates meticulous attention to authorization and regulatory compliance to mitigate fraud and ensure transaction security. As businesses and consumers increasingly adopt RCCs, it is crucial to thoroughly understand their operation, benefits, and risks to leverage this payment method effectively.

July 9, 2024

About Tim Romick

He is a seasoned Senior Executive with expertise spanning Payments, Treasury, FinTech, Operations, Risk, Process Improvement, and Product Management. With a rich experience of over two decades, he brings a visionary approach, seamlessly integrating people, payments, and technology to deliver unparalleled service. His unwavering commitment extends to championing compliance and establishing robust risk assessment protocols.

Bigger Possibilities Await.

Contact Us


Read More

The Significance of PCI Compliance

The Significance of PCI Compliance

Ensuring Security for Your
Business and Customers

In the dynamic landscape of today’s digital era, the importance of PCI compliance cannot be overstated. As the world of payment processing undergoes continuous transformation, the safeguarding of sensitive payment card data is of utmost importance. The Payment Card Industry Data Security Standard (PCI DSS) serves as a vital framework for protecting this data, and its value goes beyond being a mere regulatory obligation. In this comprehensive guide, we delve into the multifaceted reasons why PCI compliance should be a top priority for your business and how it benefits both you and your valued customers.

1. Fortifying Data Security: Safeguarding Your Digital Assets

In the face of relentless cyber threats, protecting your digital assets is no longer a choice – it’s a business necessity. The PCI DSS encompasses rigorous technical requirements that cover every aspect of payment card data processing, handling, storage, and transmission. By adhering to these standards, your business establishes a robust defense against cybercriminals and data breaches. This proactive approach shields your organization from potential security breaches, mitigating the financial and reputational fallout that can adversely affect both your employees and customers.

2. Cultivating Unwavering Customer Confidence

Earning and maintaining customer trust is the foundation of any successful business endeavor. A single data breach can shatter the trust you’ve painstakingly built over years. Research reveals that the aftermath of a data breach goes beyond immediate losses – a significant majority of US adults indicate they would not return to a business post-breach. Demonstrating PCI compliance is not a mere checkbox exercise; it sends a powerful message to your customers. It underscores your unwavering commitment to data security, instilling confidence and peace of mind among all stakeholders.

3. Upholding the Responsibility of Protecting Client Data

With the privilege of processing payment card data comes the legal and ethical responsibility of safeguarding it. Failure to uphold this responsibility can lead to severe consequences, including lawsuits and hefty fines – particularly if claims of robust security measures are proven false. PCI compliance offers a tangible way to ensure you are taking every possible step to protect your clients’ sensitive information. By aligning your practices with PCI standards, you demonstrate your dedication to fulfilling your obligations and safeguarding your customers’ financial well-being.

4. Establishing a Gold Standard for Information Security

For businesses grappling with the complexities of information security, the PCI DSS offers a solid starting point. The 12 comprehensive requirements encapsulated within the standard provide a strong foundation for crafting a holistic and tailored security program. By adapting these requirements to your business’s unique size, industry, and card data handling methods, you lay the groundwork for a robust security posture that aligns with industry best practices.

5. Mitigating Financial and Reputational Risks

The consequences of a data breach extend well beyond immediate financial losses. The ripple effects can be catastrophic, resulting in legal battles, government fines, and a tarnished brand image. Non-compliance with PCI standards significantly elevates these risks. On the other hand, a proactive commitment to PCI compliance empowers your business to mitigate potential breaches, thereby shielding your organization from crippling financial setbacks and safeguarding its hard-earned reputation.

6. Reducing the Enormous Costs of Data Breaches

The financial toll of a data breach can be astronomical, encompassing not only direct expenses but also indirect ones. Costs associated with replacing compromised credit cards, compensating affected customers, conducting thorough investigations, and undergoing mandatory audits can quickly accumulate. The infamous Target breach, which resulted in a staggering $162 million in costs, serves as a stark reminder. Embracing PCI compliance acts as a proactive deterrent against data breaches, thereby minimizing the potential financial impact on your business.

Conclusion: A Strategic Imperative for Modern Businesses

In essence, PCI compliance transcends being a mere regulatory requirement – it emerges as a strategic imperative that safeguards your business, your workforce, your clients, and your brand. By aligning your practices with the robust standards set forth by the PCI DSS, you not only fulfill your legal obligations but also gain a distinct competitive edge. Enhanced security measures and a reputation bolstered by customer trust become invaluable assets in an increasingly competitive market. The time to prioritize PCI compliance is now – take proactive steps to protect what matters most and propel your business toward a future fortified by security, trust, and success.

August 11, 2023

About Tim Romick

He is a seasoned Senior Executive with expertise spanning Payments, Treasury, FinTech, Operations, Risk, Process Improvement, and Product Management. With a rich experience of over two decades, he brings a visionary approach, seamlessly integrating people, payments, and technology to deliver unparalleled service. His unwavering commitment extends to championing compliance and establishing robust risk assessment protocols.

Bigger Possibilities Await.

Contact Us


Read More