On August 1, the FTC released a staff report on the agency’s review of shopping apps—those used for comparison shopping, to collect and redeem deals and discounts, and to complete in-store purchases. The FTC staff examined information available to consumers before they download the software onto their mobile devices—specifically, information describing how apps that enable consumers to make purchases dealt with fraudulent or unauthorized transactions, billing errors, or other payment-related disputes. The staff also assessed information on how the apps handled consumer data. The FTC staff determined that the apps studied “often failed to provide pre-download information on issues that are important to consumers.” For example, according to the report, few of the in-store purchase apps provided any information prior to download explaining consumers’ liability or describing the app’s process for handling payment-related disputes. In addition, according to the FTC, most linked privacy policies “used vague language that reserved broad rights to collect, use, and share consumer data, making it difficult for readers to understand how the apps actually used consumer data or to compare the apps’ data practices.” The FTC staff recommends that companies that provide mobile shopping apps to consumers: (i) disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions; (ii) clearly describe how they collect, use, and share consumer data; and (iii) ensure that their strong data security promises translate into strong data security practices. The report also includes recommended practices for consumers.
While 2014 is closing out with worldwide cyber-threats, at BuckleySandler, we’re going to close out our first year publishing Digital Insights & Trends on an optimistic note. Looking forward, we welcome a mobile payments development that could be cause for cyber-celebration in 2015 and the years to follow.
As financial services lawyers, we usually navigate the regulatory concerns of e-commerce providers in the financial sector for a clientele of banks, other financial institutions and technology companies. But we are keenly aware that access to financial services is vital even for those without access to traditional banks. This reality, referred to as the “unbanked” problem, has preoccupied financial service providers (and consumer advocates, and policymakers) for decades. Mobile payment technology may be the solution. Read more…
Recently, the Federal Reserve Board released two payments-related reports: (i) a report to Congress on government-administered general use prepaid cards; and (ii) a detailed report on the Federal Reserve’s 2013 payments study. The report on government-administered prepaid cards analyzes the $502 million in fee revenue collected by issuers in 2013, a majority of which was attributable to interchange fees. For consumer-related fees, the report indicates such fees derived primarily from ATM-related charges. The second report details findings from the 2013 Federal Reserve Payments Study, the fifth in a series of triennial studies conducted by the Federal Reserve System to comprehensively estimate and study aggregate trends in noncash payments in the United States. The paper expands on the 2013 summary findings originally published last December, and includes, among many other things, the following new findings: (i) credit cards are more prevalent than other general-purpose card types; (ii) among general-purpose cards with purchase activity in 2012, consumers preferred debit cards, with an average use of 23 payments per month, compared with an average of 11 payments per month for general-purpose credit cards and 10 payments per month for general-purpose prepaid cards; (iii) although the number of ATM cash withdrawals using debit cards and general-purpose prepaid cards dropped slightly, growth in the value of ATM withdrawals continued to exceed inflation; (iv) the number of online bill payments reported by major processors, which included those initiated through online banking websites and directly through billers and settled over ACH, exceeded three billion in 2012; and (v) there were more than 250 million mobile payments made using a mobile wallet application, and at least 205 million person-to-person or money transfer payments.
On June 11, the CFPB released a request for information (RFI) about how consumers are using mobile financial services (MFS) to access products and services, manage finances, and achieve financial goals, with a focus on “economically vulnerable” consumers. The request does not cover point of sale payments, except with respect to mobile payment products targeted to underserved consumers. The request states that the information will be used to inform the CFPB’s “consumer education and empowerment strategies.” On June 12, the CFPB hosted a field hearing on MFS, which included presentations from consumer advocates and emerging mobile services providers regarding the future potential of MFS to reach the underserved. Read more…
On May 16, the Conference of State Bank Supervisors Emerging Payments Task Force held a public hearing to examine the changing payments landscape and opportunities and risks presented by current and emerging technologies. The Legacy Payment Systems panel focused on continued efforts to improve efficiency and speed while simultaneously “preserving consumer confidence and system stability.” The Retail Payments Innovations panelists described innovative electronic and mobile payment systems and suggested that further innovation would be best supported by existing regulatory framework, which offers sufficient consumer protections. Finally, the Virtual Currencies panel urged state and federal regulators to “provide clear and consistent regulatory expectations and guidance without restricting innovation.” The event was the most recent of a number held by federal and state policymakers to address the proliferation of emerging financial technologies used to move money and transfer funds, which range from enhancements of traditional ACH or credit and debit methods of payment to virtual currencies that disrupt the traditional model. The CSBS is expected to use public hearings like this one to develop a proposed regulatory framework for state agencies.
On February 20, the CSBS announced the formation of an Emerging Payments Task Force to study changes in payment systems—including virtual currencies and other innovations—to determine the potential impact on consumer protection, state law, and banks and nonbank entities chartered or licensed by the states. The Task Force is comprised of nine state regulators, including New York State Department of Financial Services Superintendent Lawsky who has recently indicated New York will seek to become the first state to directly address virtual currency through new regulations. The Task Force will be chaired by David Cotney, Commissioner of the Massachusetts Division of Banks, who testified on these issues on behalf of the CSBS last fall before the Senate Banking Committee. The CSBS stated that the Task Force will “take a comprehensive approach to studying the changing payment systems” by engaging with a broad range of federal, state, and industry stakeholders to understand how new entrants and technologies affect the stability of payment systems and the broader financial marketplace and “to develop ideas for connecting the emerging payments landscape to the financial regulatory fabric.”
On January 28, the House Financial Services Committee held a lengthy hearing with CFPB Director Richard Cordray in connection with the CFPB’s November 2013 Semi-Annual Report to Congress, which covers the period April 1, 2013 through September 30, 2013. The hearing came a day after the Committee launched a CFPB-like “Tell Your Story” feature through which it is seeking information from consumers and business owners about how the CFPB has impacted them or their customers. The Committee has provided an online submission form and also will take stories by telephone. Mr. Cordray’s prepared statement provided a general recap of the CFPB’s recent activities and focused on the mortgage rules and their implementation. It also specifically highlighted the CFPB’s concerns with the student loan servicing market.
The question and answer session centered on the implementation and impact of the CFPB’s mortgage rules, as well as the CFPB’s activities with regard to auto finance, HMDA, credit reporting, student lending, and other topics. Committee members also questioned Mr. Cordray on the CFPB’s collection and use of consumer data, particularly credit card account data, and the costs of the CFPB’s building construction/rehabilitation.
Mortgage Rule Implementation / Impact
Generally, Director Cordray pushed back against charges that the mortgage rules, in particular the ATR/QM rule, are inflexible and will limit credit availability. He urged members to wait for data before judging the impacts, and he suggested that much of the concerns being raised are “unreasoned and irrational,” resulting from smaller institutions that are unaware of the CFPB’s adjustments to the QM rule. He stated that he has personally called many small banks and has learned they are just not aware of the rule’s flexibility. He repeatedly stated that the rules can be amended, and that the CFPB will be closely monitoring market data.
The impact of the mortgage rules on the availability of credit for manufactured homes was a major topic throughout the hearing, On the substance of the issue, which was raised by Reps. Pearce (R-NM), Fincher (R-TN), Clay (D-MO), Sewell (D-AL), and others, Director Cordray explained that in his understanding, the concerns from the manufactured housing industry began with earlier changes in the HOEPA rule that resulted in a retreat from manufacture home lending. He stated that industry overreacted and now lenders are coming back into the market. Mr. Cordray has met personally with many lenders on this issue and will continue to do so while monitoring the market for actual impacts, as opposed to the “doomsday scenarios that are easy to speculate on in a room like this.” Still, he committed to work on this issue with manufacturers and lenders, as well as committee members. Read more…
Look Before You Invest: Bitcoins, Virtual Currencies, Emerging Payment Products, and Regulatory Compliance
Margo H.K. Tank, Michael Zeldin, and Ian C.B. Spear, attorneys with BuckleySandler LLP in Washington DC, advise financial institutions on electronic financial services, mobile payments, prepaid access and virtual payment methods, in the areas of anti-money laundering, privacy, trade sanctions, and regulatory compliance.
Emerging payment products, such as Bitcoin, present tantalizing investment opportunities. The claim that these products are “unregulatable,” or “free of the power of the state” increases the temptation to participate, because if true, regulatory uncertainty associated with traditional financial industries would be eliminated. Notwithstanding these claims, virtual currency laws and regulations seem primed to explode. Acknowledging that “virtual currency systems offer ‘legitimate’ financial services,” the Department of Justice, for example, has investigated and prosecuted illegal activities involving virtual currencies. As a result, risk-related issues like money laundering, terrorist financing, and economic and trade sanctions remain critical to evaluating investments in emerging payment products. To understand why, consider how the emerging payments industry is regulated now and what additional regulation might emerge.
On October 1, three payment network providers proposed that industry stakeholders collaborate on a token-based global security standard for online and mobile commerce. To meet growing consumer demand for secure digital transactions, the providers propose replacing traditional account numbers with a digital payment “token” for online and mobile transactions. They argue that tokens provide an additional layer of security and eliminate the need for merchants, digital wallet operators or others to store account numbers. The proposed standard used to generate tokens would be based on existing industry standards and would be available to all payment networks and other payment participants. The providers identify the following as key elements of the proposed standard: (i) new data fields to provide richer information about the transaction, which can help improve fraud detection and expedite the approval process, (ii) consistent methods to identify and verify a consumer before replacing the traditional card account number with a token, and (iii) a common standard designed to simplify the process for merchants for contactless, online or other transactions. The proposed standard incorporates comments from card issuers and merchants, and the participants intend to seek further collaboration from standard-setting bodies and other stakeholders.
On September 10, the Federal Reserve Banks issued a public consultation paper that identifies “key gaps and opportunities” in the U.S. payment system. They include: (i) payment recipients prefer other forms of payments than checks but exercise little control over the sender to request a preferred form of payment, (ii) the system lacks a “near-real-time” payment capability, (iii) innovations have not gained significant market penetration while legacy systems tend to be more ubiquitous, (iv) legacy systems lack certain desired features, including, for example, assurance that a payment will not be returned or reversed, (v) cross-border payments are slow and costly, and lack fee and timing transparency, (vi) some digital wallet applications reduce the visibility and choice of payment instrument at the point of sale, (vii) businesses’ legacy payment and accounting systems make straight-through processing difficult, but are costly to change, and (viii) data security fears inhibit adoption of electronic payments. The paper outlines certain desired outcomes and seeks input on strategies and tactics to address the perceived gaps and shape the future of the domestic payment system. Interested stakeholders can submit comments until December 13, 2013.
As the technology continues to grow and become a part of day-to-day life, smartphones and tablets are reshaping the delivery of financial services to consumers. The mobile device is quickly becoming a full-fledge platform for electronic financial services, especially for mobile payments.
The variety and number of mobile devices and service providers to support them has introduced new and different stakeholders – all of whom are competing with traditional financial institutions for dominance in the mobile commerce/mobile payment space. This new and rapidly evolving environment presents new and operational risks for consumers, payment providers, and the recipients of the payments. It will be vital to identify who has legal responsibility and liability for the various risks associated with payment platforms and payment transactions.
To learn more about the mobile technology issues impacting the financial services industry, please review some of our recent articles on the issue. BuckleySandler attorneys Margo Tank and David Whitaker raise legal considerations surrounding the regulatory uncertainty in mobile payments in their article, “Is Regulatory Uncertainty an Impediment to Mobile Payments?” earlier this year. In “Federal Regulators Issue Guidance on Social Media and Mobile Privacy” Margo, David, and Ian Spear discuss the recent guidance and flexible guidelines issued by the FFIEC and FTC. Another recent article by Margo and David provides a list of the accessibility items financial services companies should consider when developing their websites and mobile apps.
On March 27, the Federal Reserve Board presented the findings of a November 2012 online survey of consumers’ use of mobile technology to access financial services and make financial decisions. The report follows a related March 2012 Federal Reserve Board report, and includes the Board’s general findings that (i) mobile phones and mobile Internet access are in widespread use, (ii) the ubiquity of mobile phones is changing the way consumers access financial services, (iii) mobile phones are also changing the way consumers make payments, (iv) security and usefulness concerns continue to be the main impediments to the adoption of mobile financial services, (v) smartphones are changing the way people shop, and (vi) mobile phones are prevalent among unbanked and underbanked consumers. The report points out that the use of mobile phones to make payments at the point of sale has increased more rapidly than the use of mobile phones for banking, and that there is “substantial growth potential” for mobile payments as the ability to make them becomes more widespread.
On March 8, the FTC released a report on mobile payments by consumers. The report, based on a FTC workshop held in April 2012, focuses on financial, security, and privacy consumer protections. The FTC encourages companies to develop clear dispute resolution policies to address customer claims of fraudulent mobile payments or unauthorized charges. The report highlights “special concerns” with mobile carrier billings, in which mobile carriers place charges on phone bills on behalf of third-parties, based on the FTC’s concern that there are no federal statutory protections governing consumer disputes about fraudulent or unauthorized charges placed on mobile carrier bills. The FTC also encourages industry-wide adoption of strong security measures and suggests ways sensitive financial information can be kept secure during the mobile payment process, including end-to-end encryption. The report highlights the need for mobile payment companies to practice “privacy by design,” incorporating strong privacy practices, consumer choice, and transparency into their products from the outset. Finally, the report notes privacy issues arising from the consolidation of consumers’ personal information in the mobile payment process.
On February 19, the Electronic Transactions Association’s (ETA) Mobile Payments Committee released three resources to help firms navigate emerging issues in the mobile payments market. The Committee is an industry-wide task force of representatives from credit card networks, processors, mobile network operators, developers, financial institutions, and device manufacturers. The first resource, “Best Practices and Guidelines for Mobile Payment Solutions,” addresses security, privacy and competition issues relevant to merchants, consumers, federal and state legislators, federal regulators, merchant acquirers, credit card issuers, and infrastructure providers. In the second, a white paper entitled “Beyond the Hype: Mobile Payments for Merchants,” the Committee provides a comprehensive overview of the current state of mobile payments, as well as analysis of the risks and costs for merchants to consider before deploying mobile payments solutions. Finally, the Committee issued a “Mobile Payments Glossary of Terms.”
On February 14, the PCI Security Standards Council, the open global forum responsible for setting payment security standards, issued guidelines for merchants on the factors and risks they must address to protect card data when using mobile devices. The guidance addresses the three main risks associated with mobile payment transactions: account data entering the device, account data residing in the device, and account data leaving the device. The guidance also (i) provides recommended measures for merchants regarding the physical and logical security of mobile devices used for payment acceptance, and (ii) recommendations regarding the different components of the payment acceptance solution, including the hardware, software, the use of the payment acceptance solution, and the relationship with the customer. The PCI Security Standards Council also recently released guidance for securing payment card data in cloud environments, and guidance regarding security for payment transactions conducted over the Internet.