Best Practices for Instant Payouts

A Disbursement transaction is a transaction initiated directly by a Merchant that results in a credit to
either a Payment Credential or a bank account (push-to-account payout) for a purpose other than
refunding a purchase. They can be used to enable Money Transfers, funds disbursements, prepaid loads,
and credit card bill payments. They alone cannot be used for the purchase of goods or services. Visa
refers to them as Original Credit Transactions (OCTs) and Mastercard as Moneysend disbursements.

Primary Use Cases for Disbursements:

• Person-to-Person (P2P) payments where the disbursement is funded by a consumer

• Business-to-Consumer (B2C) or Government-to-Consumer (G2C) Funds Disbursements (e.g., payroll, tax, insurance claims, commission payments, shared economy etc.,) where the disbursement is funded by a business, corporate, or government entity.

Characteristics of Disbursements:

• Issuer Acceptance: Issuers must accept an incoming disbursement unless prohibited by applicable laws, regulations, or card network rules.

• Fast Funds: Funds associated with a disbursement must be available in the Recipient’s account within 30 minutes of the issuer approving the authorization message.

• Real-time authorization: disbursements allow for issuers to provide real-time authorization decisions to Merchants.

• Disbursement use cases generally fall within two categories: Money Transfer and Non-Money Transfer activities. Networks identify the case using specific data elements.

o Money transfer activities typically include:

* P2P transaction leg reaching a P2P beneficiary’s external account

* Me-to-me/account-to-account offloads (movement of funds from a hosted account to beneficiary’s external account)

* Movement of funds out of a digital wallet account to an external account

o Non-Money Transfer activities typically include:

* Corporate/Non-Corporate Disbursements: Merchants, government entities, and corporations disburse funds to a cardholder’s account. Examples: insurance claims, corporate and manufacturing rebates, affiliate and contractor payouts, expense reimbursements, government disbursements (such as value-added tax refunds), and online gambling and lottery payouts.

* Merchant Settlements: Acquirers or Third-Party Agent Service Providers use disbursements to speed up settlement payments between Acquirers or Payment Facilitators and their Merchants.

Risk Management Considerations and Merchant Responsibilities:

• Merchants are responsible for conducting Know Your Customer (KYC) checks on their customers and including sender data in the disbursements (DE 106).

• Merchants who originate disbursements must establish controls and monitor transaction activity for signs of fraud, money laundering and terrorist financing as well as misuse of the disbursement for the payment of goods and services

• Merchants must provide appropriate terms and conditions, disclosures, fee information, transaction confirmation, receipts, and notifications to customers and users.

• Merchants must have a robust, bank reviewed and approved Anti-Money Laundering (AML) program in place in accordance with local laws and regulations.

• Merchants must ensure compliance with all applicable local laws and regulations.

• Merchants must not disburse a daily amount greater than the amount held in their account used to fund disbursement activity. The account is generally opened at the Sponsor Bank and should be pre-funded with ~1 day of processing activity. TabaPay will set a daily aggregate disbursement limit and sends Merchant an alert once a certain threshold is reached (default 90%)

Transaction Controls and Monitoring:

Manual or automated transaction monitoring mechanisms or models should be implemented to detect
anomalous activity.

• A Merchant’s transaction monitoring system should consider the following:

o Transaction limits

o The geographies from and to which transactions are sent

o Any due diligence being performed by all parties to the transaction

• Anomaly detection mechanisms should focus on individual account holder or peer group behavior:

o Establish a model of expected behavior for each account holder.

o Analyze pattern of activity including types of disbursements they send, frequency of disbursements and subsequent withdrawal activity, amount of disbursements, senders and recipients of disbursements etc.

o Establish thresholds for new or dormant accounts to monitor for large or multiple disbursements followed by withdrawals.

o Establish multi-factor authentication before account credentials can be changed or new beneficiaries are established.

o Establish distinct first, second, and third lines of defense to monitor and test design and operating effectiveness of policies, procedures, and monitoring mechanisms.

o Establish enhanced controls over changes to account profiles initiated online or via customer service representatives.

• Merchants engaging third-party vendors and technology solutions to monitor accounts for suspicious activity must dedicate internal resources to monitor vendor performance and ensure technology solutions are updated with the latest patches.

• Track chargebacks, reversals and declines to identify patterns.

• Monitor accounts that may have historical suspicious activity with enhanced due diligence.

• Identify customer devices and establish procedures to verify unidentified devices initiating transfers.

• In addition to the above practices that typically apply to disbursements for both P2P payments and funds disbursements, Merchants should consider key differentiators such as geography, customer base, risk appetite and any other factors to monitor for suspicious activity and establish transaction limits based on these differentiators.

Examples of Suspicious Activity Indicators for disbursements:

• Change in account credentials following out-of-pattern disbursement activity

• Large volume of transactions immediately followed by cash withdrawals, conversion to monetary instruments, payments to a third-party or transfer of funds to a different account

• Significant activity on account reactivated from inactive or dormant status which may or may not include subsequent withdrawals to deplete transferred money

• Increasing volume of disbursements or significant fluctuations in type or volume of disbursements that are inconsistent with patterns identified in a customer’s profile

• Several disbursements during the same day or over a span of a few days from the same sender (sender data is included in every disbursement) or different senders who share the same common identifiers such as family name, address, or telephone

• Large disbursements from foreign jurisdictions not consistent with account activity or from countries known to be associated with terrorist activity

• Upon receipt of disbursements, increasing volume of cross-border transfers or transfers to beneficiaries in countries known to be associated with terrorist activity

• Client contacts bank to report that they do not know the sender(s) of disbursements

• Bust-Out/Sleeper Fraud: A fraudster opens an account and establishes a history of successful transactions over a period and then ‘busts-out’ of this pattern with large transactions.

Merchant Industry and Use Case Considerations - Velocity Controls:

The risk profile of the Merchant’s disbursement program may vary based on the source of the funds.
Different controls for P2P money transfer and funds disbursement may be implemented to manage
relative risks. For example, disbursements for P2P money transfers will have different ranges of
standard activity than funds disbursements. Merchants may consider monitoring and analyzing their
portfolios and patterns of activities depending on the use case and should set velocity checking limits on
their programs with TabaPay based on what is appropriate for their industry and use case.

Required Transaction Receipt Content for OCTs:

☐ Sender name
☐ Recipient name
☐ Sender’s payment credential (masked and/or truncated)
☐ Date and time of transfer
☐ Amount of transfer in the sender’s currency and/or recipient’s currency
☐ Total amount paid (i.e., amount of transfer plus any fees)
☐ Fees associated with the transaction
☐ Foreign currency conversion rates for cross-border transactions
☐ Sender Reference Number
☐ Description (e.g., Money Transfer)

OCTs are covered under the card networks’ disputes and liability rules; however, OCTs can only be
disputed for the following reasons:

• Non-Matching Account Number

• Duplicate Processing

• Credit Not Processed

Application of the concept of “liability” for an OCT is viewed differently by the nature of the transaction.
Liability refers to the entity that will take the financial loss because of cardholder reported fraud or
dispute. OCTs represent the pushing of payments/crediting of funds onto a debit card. If a Recipient
refuses the credited funds, they can ask their issuer to dispute the credit and return the funds to the
Merchant. In this scenario, the Merchant is made whole by the return of the funds by the issuer. There
is no financial loss to the issuer related to cardholder dispute of an OCT.

Did this page help you?