Should lenders require the customer to provide verbal authorization for one-time debit card payments over the phone? Should lenders retain recordings of such authorizations?

Regulation E does not establish requirements pertaining to authorizations for one-time EFTs, but that doesn’t mean that lenders shouldn’t have certain practices in place to ensure those transactions are carried out properly. This is especially true for verbal authorizations that are given over the phone because those transactions expose the lender to greater legal risk than written authorizations. With written authorizations, the lender typically provides written disclosures that the customer can read and review before granting consent. When obtaining verbal authorizations, lenders must rely on employees to make disclosures, which introduces a wider range of risks than are present with written authorizations.

For example, obtaining verbal authorizations over the phone increases the risk that the customer does not fully understand what they are authorizing. That is because the key terms of the transaction (e.g., payment amount, timing and method of payment, etc.) must be disclosed verbally over the phone rather than in writing. This may result in a transaction that is more difficult for a customer to fully comprehend.

And if the call is not recorded and retained, the lender may encounter challenges demonstrating that proper disclosures were provided and that customer authorization was granted.

The bottom line is that verbal authorizations are part of doing business. So naturally, the question is “How can a lender mitigate the risks that come with obtaining and accepting verbal authorizations over the phone?”

Here are a five ways:

1. Establish and maintain strong and effective policies and procedures that are designed to ensure proper authorizations.

2. Monitor for compliance with company policies and procedures.

3. Consider using scripts so employees know exactly what to disclose and to ensure that the customer understands what he or she is authorizing.

4. Implement effective training.

5. Be vigilant about monitoring calls in real-time.

Do you have a question we can answer? If so, drop us a note here.