On Friday, August 3, 2012, the Board of Governors of the Federal Reserve System (the “Board”) issued final rules amending certain provisions of its new Regulation II (12 CFR Part 235) with respect to debit card pricing and other requirements for debit card transactions and systems. Regulation II was implemented pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Act”).
On July 20, 2011, the Board issued a final rule implementing its new Regulation II. Section 1075 of the Act amends the Electronic Fund Transfer Act by adding a new section regarding interchange transaction fees and rules for payment card transactions. Under the revised statute, an “interchange fee” or “interchange transaction fee” is any fee established, charged, or received by a payment card network for the purpose of compensating a card issuer for its involvement in an electronic transaction in which a consumer uses a debit card. Various fees (commonly referred to as “swipe fees”) are associated with this process. Regulation II contains restrictions on interchange fees, requirements with respect to the operation of card networks, and reporting requirements for issuers and networks.
Also on July 20, 2011, the Board issued an interim final rule, with a request for comment, on standards for receiving a fraud-prevention adjustment to interchange transaction fees. Both the final rule and the interim final rule were reported in this publication on August 10, 2011.
Under the separate interim final rule, which became effective October 1, 2011, the Board allows an issuer to charge an additional one cent per transaction, so long as it develops, implements and updates policies and procedures reasonably designed to identify and prevent fraudulent electronic debit transactions.
The final rule published on August 3, 2012, modifies certain of the provisions set forth in the interim final rule. In general, the revised rule requires the following for an issuer to be able to charge the additional fee:
- The issuer must establish policies and procedures addressing (i) methods to identify and prevent fraudulent transactions, (ii) the monitoring of the issuer’s volume and value of fraudulent transactions, (iii) appropriate responses to suspicious transactions and (iv) methods to secure debit card and cardholder data.
- The issuer must review its policies and procedures at least annually and update as necessary, in light of their effectiveness in preventing fraud, their cost-effectiveness, and changing methods and types of fraudulent activity, as gleaned from a variety of sources.
- The issuer must notify its payment card networks annually that it is in compliance with the above.
Upon notice by the issuer’s federal regulatory authority that it is no longer permitted to charge the fraud-prevention adjustment, it must notify all of its payment card networks of this fact within 10 days after such notice and cease charging the fee no later than 30 days after notice to its networks.
These requirements are effective October 1, 2012.