The ePayments Code may be extended to small business and will be brought up to date to include coverage of NPP payments.
These are among proposals included in a consultation paper issued by ASIC on Friday detailing the results of a review of the code.
Other proposals include removing the requirement that code subscribers report to ASIC annually, while giving ASIC additional monitoring functions. ADIs would be required to provide additional on-screen warnings about mistaken internet payments.
And in a series of changes to update the code, ASIC will define biometric authentication in the code, include virtual debit and credit cards in the definition of “payment card instrument” and include electronic receipts in the code’s provisions relating to transaction receipts.
The ePayments Code is a voluntary code of practice that regulates electronic payments, including ATM transactions, online payments, BPAY, point of sale of sale transactions, credit and debit card transactions and mobile banking.
The key protection in the code is that consumers will not be liable for any unauthorised transactions on their accounts if they have taken reasonable precautions to protect their accounts.
Other protections include a requirement to disclose product terms and conditions and fees; a requirement to assist consumers to seek a return of funds mistakenly transferred to the wrong recipient; and a requirement to handle complaints.
The last review of the code was in 2010.
The proposal to extend to code to small businesses would provide an opt-out arrangement whereby subscribers may elect not to extend the protections to their small business customers.
ASIC said some code subscribers were concerned that because small businesses engage in a greater volume and frequency of transactions, subscribers face a higher risk of mistaken internet payments.
The opt-out proposal is ASIC’s attempt to reach a compromise on the issue.
Another important proposal is to extend the mistaken internet payments protection to allow consumers to retrieve partial funds if the full amount of the payment is not available.
Under the current arrangement, the process of retrieving mistaken internet payments applies only where the sending ADI is satisfied that there are sufficient funds available in the account of the unintended recipient to the value of the payment.
ASIC also proposes to clarify the definition of “mistaken internet payment” so that it only covers actual mistakes inputting the account details and does not include payments made as a result of scams.
“Detecting and responding to scams involves a range of different considerations,” ASIC said.
ASIC also proposes to clarify the definition of “unauthorised transactions”. Under the current code, consumer protection is available when a third party has conducted a transaction without the consumer’s consent.
Under the proposed change, the unauthorised transaction provisions would only apply when a third party has made a transaction on a consumer’s account without the consumer’s consent and do not apply where the consumer has made a transaction themselves as a result of misunderstanding or falling victim to a scam.
ASIC’s view is that fraud and scam activity is not an area that should be covered by the code. “We think it is more appropriate that measures to address payment fraud for part of an overall broader approach to scam prevention, outside the code,” ASIC said.