This is part three of a four-part series about payment portals. Click to read part one and part two.

Consumer payment portals can be one of the most consumer-friendly experiences a third-party debt collector can offer. That’s because portals:

• Are always available.
• Provide consumers with immediate access to their account information.
• Walk consumers through their payment options.
• Can store documents.
• Can help consumers manage communication preferences.
• Can also manage Terms and Conditions for website use.

But those same consumer payment portals are also fraught with compliance requirements. So, before launching your third-party collections payment portal, review these important and necessary elements –a portal readiness checklist, if you will. This will help ensure that your portal checks all the boxes and is ready for prime time.

Separation

It is imperative that you create a unique payment portal for consumers. This must be separate and apart from your client-facing website. Client-facing websites are essentially marketing tools. They frequently contain statements about your collection strategies that may, at the very least, be off-putting to your consumers from whom you are seeking payment. Moreover, client-facing websites often include statements and statistics about your collection strategies that can establish a basis for Fair Debt Collection Practices Act (FDCPA) claims based on unfair, false or misleading communications and the Unfair Deceptive or Abusive Acts and Practices (UDAAP) Act section of the Dodd-Frank Act.

Affirmation

Organizations must require consumers to affirmatively agree to the Terms and Conditions using a clickwrap agreement. Make sure your Terms and Conditions address at minimum:

• State law disclosures – In addition to mini-Miranda disclosures, license number disclosures, and out-of-statute debt disclosures, state laws require debt collectors to comply with a myriad of state laws and regulations. Your Terms and Conditions agreement is an excellent place to not only secure your consumers’ assent to abide by your payment portal requirements, but also an excellent place for you to educate consumers about their rights.
• Regulation F – This covers consent to exceed the frequency of communications if the consumer triggers the communication from the portal; consent to communicate outside of safe time to text, call or email should the consumer trigger an auto-response from the portal outside of the 8:00 a.m. to 9:00 p.m. restriction; and direct consent to email and text should you want the protection of the Reg F Safe Harbor.
• Regulation E – This requires you to include your agency’s contact information (phone number, email address, mailing address and dispute address); hours of operation; requirements regarding revocation of a payment or a payment arrangement; elements of a preauthorized electronic fund transfer; definition of business days vs. calendar days; and refund and chargeback policies.
• Telephone Consumer Protection Act (TCPA) and the TCPA Regulation – Together these require:
  • If you intend to make any calls using an “artificial or prerecorded voice to any telephone number” assigned to, among other examples a cellular telephone service…you MUST first obtain the consumer’s prior express consent to do so.
  • If you intend to “initiate any telephone call to any residential telephone line” (to date this reference to residential telephone line in the context of this section is a reference to a landline) using an artificial or prerecorded voice to deliver a message, you MUST first obtain the prior express consent of the called party, unless the call is initiated for emergency purposes or is exempted by rule or order by the Commission under paragraph (2)(B). In 2023, the Commission did exempt commercial calls that do not include an advertisement or a solicitation from this prior express consent requirement so long as the number of such initiations of any telephone call does not exceed three (3) in 30 consecutive days.
  • According to Telephone Consumer Protection Act 47 U.S.C. § 227
    227. [47 U.S.C. 227] RESTRICTIONS ON THE USE OF TELEPHONE EQUIPMENT
    (b) RESTRICTIONS ON THE USE OF AUTOMATED TELEPHONE EQUIPMENT.—
    (1) PROHIBITIONS.—It shall be unlawful for any person within the United States, or any person outside the United States if the recipient is within the United States—
    (A) to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice—
    …(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call;
    (B) to initiate any telephone call to any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party, unless the call is initiated for emergency purposes or is exempted by rule or order by the Commission under paragraph (2)(B).

Communication

Organizations must understand that once a consumer enters your payment portal, you are engaging in a communication in connection with the collection of a debt, as that term [Communication] is defined by the Fair Debt Collection Practices Act (FDCPA) and confirmed in the case of Alexander v. Consumer Adjustment Company, Inc.  

Consider this scenario: 

On September 1, a debt collector receives debt A from the creditor. On September 1, the debt collector posts debt A on the agency’s consumer payment portal. On September 2, the debt collector mails Validation Information on debt A to the consumer. On September 8, the consumer receives Validation Information for debt A via first-class USPS mail and visits the collection agency’s payment portal. 

On September 15, a debt collector receives debt B from the creditor.  The same consumer owes both debts A and B.  

On September 15, the debt collector posts debt B on the agency’s consumer payment portal.  

On September 16, the consumer visits the payment portal to view the status of debt A and notices debt B has been posted on the payment portal. The moment the consumer views debt B on the payment portal is the moment the initial communication occurs between the debt collector and the consumer regarding debt B.  

This means the debt collector must send the consumer the Validation Information pertaining to debt B within 5 days of that initial communication in order to comply with the Validation Notice requirements of the FDCPA. 

As a practical matter, do not include any accounts on your payment portal assigned to you for collection until you are confident the Validation Information has been received in fact, or presumptively received, by the consumer. 

This scenario underscores the need to withhold posting accounts to a consumer payment portal until the debt collector has sent the Validation Information. Ensuring this workflow is in place is a great way to build your bona fide error defense should you fail to send the Validation Information to the consumer within the five days of an initial communication inadvertently caused by your payment portal. 

Security

Make sure your payment portal has multifactor authentication (MFA)vincorporated. The Federal Trade Commission’s Safeguards Rule requires non-phishing-resistant MFA to be in place as a means to protect all databases and systems, including payment portals.

Non-phishing-resistant MFA may be accomplished by requiring consumers to identify themselves by providing the portal with

• Something they know, such as an account number; and
• Either something they have, such as a code, or a human characteristic unique to the consumer, such as their retina or fingerprint.

Disclosure

If you do collect an out-of-statute debt, make sure your portal includes a pop-up, a tooltip, or a text box that includes required notices and disclosures that the consumer must be provided before proceeding to make any payments on the debt or settlement of the debt.

Compliance

Take the Americans with Disabilities Act (ADA) seriously. The ADA requires that websites, including consumer payment portals, be accessible to people with disabilities or impairments. Hard stop! It is generally believed that a website must conform at least to WCAG 2.0 Level AA to be considered accessible to people with disabilities under the ADA. Failure to comply with these standards can expose your organization to significant penalties.

The U.S. Department of Justice (DOJ) imposes fines for ADA compliance penalties. Penalties serve as a deterrent to non-compliance and motivation for businesses to make their websites accessible to individuals with disabilities. There are two types of ADA compliance penalties:

• Civil penalties – These are fines imposed on businesses for violating the ADA. The maximum civil penalty for a first-time violation is $75,000 with the maximum penalty for subsequent violations being $150,000.
• Compensatory damages – In addition to penalties and fines, individuals who have been harmed by the noncompliance may sue the business for compensatory damages. These can include the costs of emotional distress, lost wages, and other expenses incurred by the harmed person.

The ADA is one of the most litigated consumer protection laws. The latest U.S. Chamber Institute of Legal Research (ILR) research shows Americans with Disabilities Act (ADA) lawsuits have skyrocketed since 2013 and have disproportionately impacted small businesses.

Checklist complete

A lot of thought and planning must go into your payment portal. Is having a payment portal really worth all this trouble? In today’s digital age, when consumers expect the ability to create a payment plan that fits their life and budget, as well as the ability to make a payment at any time from anywhere, the answer is…yes!

As such, organizations must ensure that their payment portal is a source of revenue, not lawsuits and legal hassles. Checking the above boxes is a good start.

Disclaimer: Finvi is a technology company and provides this post solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Finvi’s advice, services, tools, and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Finvi’s efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.