The Federal
Trade Commission (FTC) has long explored mobile payment compliance and
consumer protection issues
with reports
dating to the days of flip phones. As
technology has developed and proliferated, creating new benefits and risks to
consumers, the FTC has been aggressive in exploring ways to protect them. It has held workshops, issued reports, and
undertaken enforcement actions involving mobile technology and its impact on consumer payments. In a
staff report
issued on March 8, the FTC published its latest guidance on this rapidly
expanding field and the consumer protection issues it generates. The report, prepared by the FTC staff, is a
follow up to the “
Paper,
Plastic. . . or Mobile” workshop the FTC held on April 26, 2012 in which
industry participants discussed the progress mobile payment technology (
morning
session) and the potential consumer vulnerabilities such technology can
create, including dispute resolution, data security, and privacy issues (
afternoon
session).
The FTC has
defined mobile payments broadly to “include[ ] technologies and products in
which a payment is made using a mobile device, such as payments made through
Near Field Communication (NFC) technologies, mobile apps, online checkout
wallets, and mobile carrier billing.” At
the April 26 workshop, participants identified multiple ways in which these technologies
benefit consumers. In addition to the
convenience of payment, mobile payment makes it easier for consumers to use
coupons or loyalty programs. In the new
report, FTC staff also acknowledged that “[m]obile payments . . . may provide
under-served communities with greater access to alternative payment
systems.” An alternative payment system
also benefits businesses, who may see lower transaction costs thanks to
consumers choosing to pay with their mobile devices, not their credit or debit
cards. More broadly, “[m]obile payments
may also spur competition among payment methods, benefitting consumers and
merchants alike.”
Where the
workshop took a balanced approach to benefits and drawbacks, the new report
focuses almost entirely on the risks and concerns the workshop panelists
identified: dispute resolution; consumer
data security; and privacy. One of the
greatest benefits mobile payments provide to both consumers and businesses --
flexibility -- is the source of the problem for dispute resolution,
specifically the web of statutory requirements that may protect some consumers
or businesses, but not others, and certainly not in the same ways. For example, a fraudulent transaction
involving a credit card has a statutory liability cap
of $50, but if the same transaction involves a gift card, the FTC Act, the
FTC’s general consumer protection mandate, is the sole statutory protection
(the Consumer Financial Protection Bureau has proposed
a rule related to gift card laws and the FTC has
commented). The FTC is evaluating whether to implement “consistent
protections across mobile payments,” and, as it does, urges businesses to
“develop clear policies regarding fraudulent and unauthorized charges and
clearly convey these policies to consumers.”
The FTC singles out mobile carrier
billing for special attention. Like gift
cards, there are no specific statutory protections for consumers who find
fraudulent third-party charges on their phone bills, a practice known as
“cramming.” The new report notes an FTC comment to the
Federal Communications Commission (“FCC”) that “consumers should be able to
block all third party wireless charges” and should have “clear[ ] and
prominent[ ]” service provider information about third-party charges and how to
block any unwanted charges. The FTC also
wants providers to establish a clear dispute resolution system. The FTC will host a workshop on mobile
cramming on May 8 to assess the breadth of potential solutions to cramming,
including those that industry stakeholders have provided to the FCC.
The FTC report also refers to a Federal
Reserve study that found data security to be a chief consumer worry related
to mobile payments. The FTC encourages “all companies in the mobile payments
chain” to adopt safeguards like end-to-end encryption and dynamic data
authentication, reminding businesses that harm to consumers due to a data
breach can not only harm the reputation of the business, but also can trigger
liability under state or federal data security laws.
A frequent concern of the FTC, the
report highlights the privacy anxieties associated with the distinction between
data collection capabilities in “traditional” and mobile payments. In a traditional payment, data is split among
the merchant (purchase) and the credit card company or bank (contact information;
location of purchase). No one entity has
all of the purchaser’s information. Mobile payments add many new players at each step of the payment chain
and provide a “mobile payments ecosystem to gather and consolidate personal and
purchase data in a way that was not possible under the traditional payments
regime.” Such collection and
consolidation is not inherently bad, but it does raise the potential for
increased risks to consumer data privacy. To help protect consumer privacy and ease privacy concerns, the FTC
previously offered three privacy principles in its March 2012 report Protecting Consumer Privacy in an Era of Rapid Change (as this
blog described). The FTC continues to encourage businesses to
follow these principles of “privacy by design,” consumer choice, and
transparency in a new mobile payments report.
As it
develops a more complete framework for mobile payments, the FTC is looking to
the experiences of other countries for both the manner in which the mobile
payments systems operate as well as the manner of their regulation. The new report includes short descriptions of
practices or policy proposals in other countries and by multinational
organizations, indicating which models the FTC may explore in determining how
to address the consumer privacy, security, and trust issues that arise as
mobile payment technology develops.
- Nancy Perkins and Seth Wiener