This is part two of a four-part series about payment portals. Click here to read part one.

We’ve all seen them, and some of us have even read them. They are there when you download new software, sign in to a new app for the first time, and in a plethora of other places. I’m talking about consumer agreements – that long text that most people scroll past and eventually sign without even reading.

Consumer agreements are an important part of any payment portal. They enhance transparency for the user and compliance for your organization, as well as help improve overall payment efficiency. That’s why collections agencies must understand the different consumer agreements and how they can affect your payment portal.

What is a browsewrap agreement?

In a browsewrap agreement, the terms of use are typically provided as a hyperlink on a website, usually in the footer or during the registration process. Users are deemed to have accepted the terms simply by using the website or service. In addition:

• This type of consumer agreement does not require an explicit action from the user to manifest their agreement.
• It relies on the assumption that users are aware of and have agreed to the terms by using the platform.
• Generally, it is considered less legally secure than clickwrap agreements, as it may be more challenging to prove user consent.

What is a clickwrap agreement?

In a clickwrap agreement, users are required to actively click a button (such as a checkbox or “I agree” button) to indicate their acceptance of the terms before they can proceed with using the website or service. In addition:

• This type of consumer agreement requires a confirmatory action, such as clicking a button.
• Often, it is more legally secure because it provides clear evidence of user consent.
• It is commonly used in e-commerce transactions, software installations, and other online activities where a clear agreement is necessary.
• It is a recommended form of agreement for third-party debt collector payment portals.

The difference is…

The main distinction between browsewrap and clickwrap is the level of affirmative action required from the user to signify their acceptance of the terms.

Clickwrap agreements are generally considered more enforceable and legally secure because they provide clear evidence of user consent. At the same time, browsewrap agreements may be deemed less reliable, especially if there is no clear indication that users were aware of the terms.

It’s essential for businesses to carefully consider their method of obtaining user consent and to ensure that it aligns with legal standards and requirements in their jurisdiction. Additionally, laws, such as the Electronic Signatures in Global and National Commerce Act (ESIGN) in the United States and the European Union’s General Data Protection Regulation (GDPR), may have implications for the enforceability of online agreements. For example, Regulation E provides that consumers may evidence their assent to a preauthorized recurring payment agreement in writing or by similarly authenticating the agreement in accordance with ESIGN.

Browsewrap: It begins at sign-in

As browsewrap agreements gain user consent simply by using the site, this begins when the user logs in. Therefore, it is important to keep the following in mind:

• Common login authorization requirements include:
  • Account number
  • Date of birth
• Why this might not work for you.
  • Financial institutions (e.g. credit issuers, debt collectors, debt buyers, collection attorneys) are required to comply with the Federal Trade Commission’s Safeguards’ Rule.
  • One of many requirements of the Safeguards’ Rule is the duty to protect databases and consumer information systems using multifactor authentication (MFA).
• At a high level, MFA requires the person accessing a database or system to authenticate by providing:
  • Something they know such as a username, password, birthdate, account number, or other similar information as well as one of the following:
    • Something they have, such as an authenticator app, a Google app, a token, a PIV card, etc.
    • Something inherent and unique about the individual (such as a fingerprint or a face scan).
  • In addition, phishing-resistant MFA is required for employees and independent contractors, consultants, etc. In this instance, the solution must require the user to have a separate device, token, application, or PIV card as a condition of accessing the database or system. Emails or texts containing codes are not permitted because they are not phishing-resistant. Examples of acceptable phishing-resistant approaches include:
    • Federal Government’s Personal Identity Verification (PIV) standard
    • World Wide Web Consortium’s (W3C’s) Web Authentication standard

Some organizations worry that consumers will not have the patience to use multifactor authentication. However, it is vitally important and must be included in any payment portal.

Clickwrap: Let’s talk Terms and Conditions

Terms and Conditions structure the agreement between the organization’s portal and the consumer. If your payment portal uses a clickwrap agreement, here are a few tips to keep in mind:

• Require the user to scroll through the Terms and Conditions before allowing them to agree.
• Keep an inventory of the provisions in the Terms and Conditions.
• Check for inconsistencies between the Terms and Conditions and other disclosures or statements presented to the consumer on the portal. A common mistake is to require the consumer to provide three days’ notice of revocation of a payment authorization in the Terms and Conditions and one day’s notice to revoke in other places on the portal.
• Use a checklist to ensure the scope of the Terms and Conditions.
• Continually ensure the enforceability of the Terms and Conditions.
• Manage the updates to Terms and Conditions by using version control.
• Present a notice to the consumer each time a term or a condition changes. Provide or make available a copy for the user.
• Retain all iterations of the Terms and Conditions.

That’s a wrap

It’s your portal, and you must decide which consumer agreement works best for you. Browsewrap requires less action from the user. Clickwrap is often viewed as the safer option, especially considering data privacy laws and the need to constantly update your privacy policy.

Regardless of which one you choose, the fact remains that this payment portal is something consumers will interact with regularly. So, it must provide a way for users to make their payments in a timely and convenient fashion. And it must also provide your organization with the protections needed to keep you in compliance and successfully collect debt.

In short, organizations must explore their options and choose a payment portal that has clear consumer agreements and strong security, and is robust enough for any collections organization.

Disclaimer: Finvi is a technology company and provides this post solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Finvi’s advice, services, tools, and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Finvi’s efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.