1. Electronic payment systems on the internet

Websites involved in e-commerce will generally provide a mechanism by which consumers pay for goods and services purchased online and will specify what payment systems may be used. Various systems for electronic payment may be used on the internet including credit card payments, electronic cheques, digital cash, internet banking and other systems.

The choice of what payment system a business website or individual may use on the internet will depend on:

(a) the allocation of legal risk for any fault or fraud occurring in relation to the payment system; and

(b) any legislation, code of practice or other law applying to the payment system (see below).

2. Payment system and jurisdiction

Parties to an electronic payment system (EPS) may be located in different jurisdictions giving rise to the following issues:

(a) which law applies to transaction disputes;

(b) how the transaction is enforced by a party in one jurisdiction against a second party in another jurisdiction;

(c) how regulators protect the integrity of the payments and financial systems in each jurisdiction;

(d) how the laws of one jurisdiction apply to a party outside that jurisdiction using an EPS to sell products to residents in the former jurisdiction; and

(e) how the risk of technical failure and fraudulent activity can be reduced.

The conflict of law rules in the jurisdiction in which the payment dispute is brought will determine the law that governs a cross-border electronic payment. Generally, a transaction occurs offshore if an Australian resident remits funds to an account with a foreign bank with no presence in Australia. Provided the payment is not a reportable transaction under the Financial Transaction Reports Act 1988 (Cth), the deposit would be regarded as a foreign deposit and not regulated by Australian law.

See Jurisdiction fact sheet for more information.

3. Regulation of electronic payment systems (EPS)(1)

The following legislation may apply to electronic payment systems:

(a) Reserve Bank Act 1959(Cth)
(b) Currency Act 1965(Cth)
(c) Corporations Law
(d) Banking Act 1959(Cth)
(e)Payment Systems (Regulation) Act 1988
(f) Financial Sector (Shareholdings) Act 1998(Cth)
(g) Financial Transaction Reports Act 1988(Cth) (FTRA)
(h) Unclaimed moneys legislation
(i) Taxation legislation (see Taxation fact sheet )
(j) Consumer Credit Code (CCC)
(k) Finance Industry Codes of Practice
(l) Electronic Funds Transfer Code of Conduct (revised version 2001)
(m) Smart Card Code of Conduct

See Electronic Payment Systems fact sheet for more information.

4. Corporations Law (proposed Financial Services Reform Bill amendments)

Proposed amendments to the Corporations Law by the Financial Services Reform Bill (Cth) (FSRB) (not yet operational) will impact on payment systems as follows:

(a) A facility or arrangement through which a person makes non-cash payments is a financial product under the Corporations Law. An EPS is likely to fall within this category.(2)

(b) A person providing advice about or dealing in financial products is a provider of financial services and must be licensed or obtain an exemption from ASIC (Financial Services Licence). The provider or operator of an EPS is likely to be a financial services provider.(3)

(c) A person must not operate a financial products market (in which financial products are acquired or disposed) without a licence or exemption from ASIC (Financial Products Licence).(4)

(d) The holder of a Financial Services Licence must:(5)

* comply with ASIC, the Corporations Law and licence conditions including the handling of client funds, assets, and the keeping and lodgment of financial records;

* monitor and supervise the activities of its representatives;

* have sufficient financial, technological and human resources to properly provide the services and supervision in an efficient, fair and honest way;

* maintain relevant skills and experience to provide the services; and

* provide dispute resolution and compensation arrangements in relation to services provided to retail clients.

(e) The holder of a financial products market licence must:(6)

* comply with ASIC, the Corporations Law and licence conditions;

* make adequate arrangements to supervise the market including dispute resolution procedures, monitoring conduct and enforcing compliance with the market's operating rules;

* have sufficient financial, technological and human resources to properly operate and supervise the market in a fair, orderly and transparent way;

* have adequate clearing and settlement facility arrangements; and

* provide compensation arrangements where required.

The FSRB amendments will impose extensive and stringent disclosure obligations on licensees.(7)

5. Payment Systems (Regulation) Act 1998 (Cth)

Establishes the Payment Systems Board (PSB) (within the Reserve Bank of Australia (RBA)) which regulates payment systems such as an EPS (including clearing and settlement systems). The PSB implements policies to improve payments system efficiency and enhance competition in the market for payment services.

A payment system is a "funds transfer system that facilitates the circulation of money" between participants in the system. Smart cards are considered a payment system.

A payment system will be regulated by the Act if designated by the RBA by notice in the Gazette after satisfying a public interest test. No existing or proposed EPS has been designated by the RBA at the time of writing.

The RBA (through the PBS) has power to:

(a) vary an access regime to a payment system (entitlement of a person to become a participant or user of the system on a commercial basis on fair and reasonable terms) and undertake enforcement action;

(b) direct a participant in a payment system to undertake or refrain from certain specified conduct;

(c) determine standards to which designated payment systems must adhere (eg impose inter-operability or authentication standards on a dominant EPS); and

(d) arbitrate disputes arising from an EPS with the consent of the parties provided issues of financial safety, efficiency or competitiveness of the EPS are involved.

If an EPS becomes a dominant payments system and access by potential participants is restricted, the RBA may use its powers in the public interest to regulate such a system.

A corporation is not permitted to hold the store of value for a purchased payment facility (PPF) unless it is an approved deposit-taking institution or has an authority or exemption under the Act.(8) A PPF includes Store Value Cards (SVCs) and internet cash facilities.

It is likely a PPF must involve a facility provider and third party merchant to constitute a PPF for the purposes of the legislation. The regulation of payment systems and PPF under the Act are similar. The issuer of a SVC may be subject to regulation as the holder of the store of value for a PPF and further regulated by the RBA as the operator of a payment system.

The RBA may exempt a PPF from the Act depending on restrictions limiting the number or types of people who may purchase the facility or to whom payments are made.

Smart cards operated in closed system by a single merchant or small group of merchants (such as telephone cards) are likely to gain exemption from the RBA.

6. Consumer Credit Code (CCC)

Regulates the provision of credit to individuals or strata corporations wholly or predominantly for personal, domestic or household purposes. Obligations are placed on lenders concerning the form and content of contracts, the charging of fees and administration of loans.

It is currently unclear whether the CCC requires credit contracts to be paper based and not in electronic form.

7. Finance industry Codes of Practice

Australian banks, building societies and credit unions are subject to codes of practice (Banking Code of Practice; Building Society Code of Practice; Credit Union Code of Practice).

The codes apply to certain services provided by financial institutions to individuals wholly and exclusively for their private and domestic use. Although pre-dating EPS, the codes are likely to apply to digital cash and SVCs offered wholly and exclusively for individuals' private and domestic use by the institutions to which they apply. The Banking Code would clearly apply if an institution offered internet banking services.

Under the codes, a bank has a general duty of confidentiality towards a customer and must take reasonable steps to protect personal information it holds against unauthorised loss, access, use, modification or disclosure.(9)

8. Electronic Funds Transfer Code of Conduct (EFT Code)

The current EFT Code provides protection for certain consumers by governing what happens in relation to an unauthorised EFT transaction, an EFT transaction error, who is liable for EFT transaction losses and against whom claims can be made. It only applies to transactions that are initiated by a consumer through an electronic terminal by the combined use of an EFT plastic card and a PIN.

The EFT Code (revised version 2001) goes further and covers all forms of electronic transactions (including the use of credit cards for online payments), SVCs and digital cash and all forms of access methods, including digital signatures and biometric identifiers. (10) The revised EFT Code comes into force on the 1 April 2002 and addresses:

(a) the availability, disclosure and variations to product terms and conditions;

(b) transaction receipts and balances;

(c) liability and procedures to deal with lost and stolen cards, breaches of security and system malfunction;

(d) refunds of unused stored value;

(e) dispute resolution; and

(f) the obligation of issuers and subscribers of the Code fund holders to comply with National Privacy Principles in the Privacy Act 1988 .

For more information, see the Consumer Protection fact sheet .

9. Smart Card Code of Conduct

The voluntary Smart Card Code of Conduct of the Asia-Pacific Smart Card Forum (a special purpose industry association) sets out principles applying to SVC transactions, including notification of the loss, theft or unauthorised use of personalised cards, information acquisition and confidentiality, dispute resolution and penalties.

10. Common law duties of bankers (may apply to EPS operators)

A banker has the duties of confidentiality, to exercise reasonable care and skill in obtaining and carrying out instructions, to exercise reasonable care and skill in giving advice and a duty not to make payments to a third party from a client's account in cases of fraud.

11.Consumer friendly electronic payment systems

A consumer friendly EPS operating over the internet should:

(a) be easy to use and offer a level of security appropriate to the transaction and method of payment;

(b) provide consumers with information on:

* the available methods of making payments;
* the level of risk associated with those methods; and
* how to effectively use those methods;

(c) provide consumers with a confirmation process that allows the consumer to: buy, review and accept or reject the contract terms; identify and correct any errors; and confirm acceptance or rejection of the offer, and allows the vendor to acknowledge receipt of the order.


Other relevant Articles on this site:
Encryption of data
Digital signatures

Other relevant Fact Sheets:
Consumer Protection 

End Notes
(1) Based on A Beatty "Internet banking, digital cash and stored value cards" in Going Digital 2000: legal issues for E-commerce, software and the Internet (2000).
(2) Corporations Law(Cth) sections 762B, 763A, 763D.
(3) Corporations Law(Cth) sections 766A, 881A.
(4) Corporations Law(Cth) sections 767A, 791A.
(5) Corporations Law(Cth) sections 883A-883G.
(6) Corporations Law(Cth) sections 792A-792H.
(7) Corporations Law(Cth) Pts 7.6, 7.8.
(8) Payment Systems (Regulation) Act 1998(Cth) sections 9, 23, 25.
(9) Banking Code cl 12.10, Building Society Code cl 11.10; Credit Union Code cl 12.10.
(10)Refer to the definition of “biometric identifiers” in the dictionary.