- What is the ePayments Code?
- Who is bound by the new Code?
- What does the new Code do?
- What does it mean for consumers?
- Exemptions and declarations under the Code
- Compliance reporting
- Download the Code
The ePayments Code regulates consumer electronic payment transactions, including ATM, EFTPOS and credit card transactions, online payments, internet and mobile banking, and BPAY.
It was formerly known as the Electronic Funds Transfer Code of Conduct (EFT Code) which has existed since 1986.
ASIC is responsible for the administration of the ePaymentsCode, including compliance monitoring and reviewing it regularly.
The ePayments Code has commenced. Organisations are progressively transitioning from the old EFT Code and will all have done so by 20 March 2013.
Virtually all banks, credit unions and building societies currently subscribe to the EFT Code along with a number of non-banking subscribers. The ePayments Code continues to be a voluntary code of practice.
Re-subscription of EFT Code subscribers to the ePayments Code commences from the Codes release date (20 September 2011). ASIC strongly encourages organisations that provide electronic payments who have not previously subscribed to the EFT Code to subscribe to the new Code.
The ePayments Code plays an important role in the regulation of electronic payment facilities in Australia.
It complements other regulatory requirements, including financial services and consumer credit licensing, advice, training and disclosure obligations under the Corporations Act 2001 and the National Consumer Credit Protection Act 2009.
Among other things, the ePayments Code:
- requires subscribers to give consumers clear and unambiguous terms and conditions,
- stipulates how terms and conditions changes (such as fee increases), receipts and statement need to be made
- sets out the rules for determining who pays for unauthorised transactions, and
- establishes a regime for recovering mistaken internet payments.
There are more limited requirements for low value facilities that can hold a balance of no more than $500 at any one time.
The Code only protects consumers who deal with a subscriber. You should check that the banking or payment services organisation you are dealing with is a subscriber by
- checking the ASIC register of subscribers; or
- checking their terms and conditions (if the company is a subscriber, it will say so in the product’s terms and conditions)
As the administrator of the ePayments Code, ASIC may exempt or declare that the application of the Code is modified in a specified way. A written instrument will be created to give effect to the exemptions or declarations, and published on this website.
Subscribers who would like to make an application for an exemption or declaration under the Code should follow the procedures set up for the application process.
Code subscribers must report to ASIC information about unauthorised transactions annually. Information Sheet 195 ePayments Code: Reporting data on unauthorised transactions sets out the scope of the reportable data, as well as some guiding principles and definitions to be used in preparing the compliance report.
Each data collection period starts on 1 January and ends on 31 December of that year. The report needs to be lodged with ASIC by 1 March the following year. Reports should be lodged by email to firstname.lastname@example.org.
An Excel template is available for download from this webpage for subscribers to use in preparing their report on unauthorised transactions.
ASIC may also undertake targeted compliance monitoring of specific obligations under the Code. The focus of targeted monitoring may change from time to time.
- Read Information Sheet 195 (updated September 2017)
- Download the template for ePayments Code Compliance Reporting 2017 (NEW) (Excel 94 KB)
Under the Code, authorised deposit-taking institutions (ADIs) are required to have processes in place to respond to consumer reports of mistaken internet payments.
Please note that data collection by ASIC on mistaken internet payments was only required as a once-off for a three month period during 2015. Subscribers are no longer required to lodge this data with ASIC. Subscribers do, however, have an annual obligation to report data on unauthorised transactions.