eCheck Records Retention Requirements
You must retain all authorizations for 2 years after a transaction completes, after a final
recurring transaction, or after a payment authorization is revoked.
- For paper authorizations, you must retain the original authorization.
- For authorizations made over the telephone or over the internet, you must retain a copy of the authorization and a record of the authentication.
- For transactions that involve a paper check, you must retain a copy of the check for a minimum of 2 years because the signed check is considered the customer’s authorization.
Nacha grants customers 60 days to identify an unauthorized charge.
If a customer identifies an unauthorized charge after the 60-day
period, the customer’s bank can request a copy of the original authorization for the
transaction from the merchant through the ODFI. If the appropriate authorization is not
provided to the customer’s bank within 10 banking days, the ODFI is permitted to allow
the customer’s bank to return the transaction.
IMPORTANT
Although Nacha and
Cybersource
require record retention for
customer authorization records for a period of 2 years, the statute of limitations for
state laws governing transaction disputes may dictate a period of between 2 to 7 years.
Cybersource
recommends that you be familiar with these
laws.You must be able to provide a copy of the authorization to the customer upon request.
Cybersource
might also request the original or a copy of a customer’s payment authorization at any time.
Merchants will have 3 business days to comply.
If no response is received by the date requested, to avoid a Nacha rules violation,
Cybersource
will give permission for the return.
If two future requests also go unanswered, Cybersource
assumes that
you are giving blanket permission to allow all returns and
then accepts them on your behalf.