On April 26, 2012, the Federal Trade Commission (“FTC”) held a public workshop entitled “Paper, Plastic . . . or Mobile? An FTC Workshop on Mobile Payments” to examine the use of mobile payments in the marketplace and their impact on consumers. The workshop provided information on the nascent mobile payments industry and a forum for dialogue between the FTC and the stakeholders involved in creating and shaping the industry. The workshop gathered consumer advocates, industry members, technologists, FTC staff members, and academics to discuss the opportunities and challenges that mobile payments pose for businesses and consumers.
During the workshop, the participants gave presentations and participated in discussions organized into four panels that explored the following topics:
- Opportunities and Challenges for Businesses and Consumers
- Legal Landscape and Dispute Resolution
- Fraud Mitigation and Data Security
- Privacy Issues
In addition, the workshop included presentations on the present and future landscape of mobile payments, an overview of mobile payments around the world, and an FTC study on the disclosures and privacy policies of nineteen mobile payments service providers.
The workshop highlighted areas of consensus, issues upon which participants did not agree, and where (in the opinion of some) more work needs to be done to protect businesses and consumers. For those implementing mobile payments programs, however, little new information emerged from the workshop. Still, the workshop is a resource for anyone who wants to learn more about emerging mobile payment technologies and the issues they raise. The workshop was recorded and is available for viewing here.
Summary of Panel Discussions
The first panel included representatives from companies that are at the forefront of mobile payments and from consumer protection groups, who discussed topics ranging from the benefits of mobile payments, merchant issues, dealing with the under- and un-banked, and educating consumers on the use of mobile payments.
After the first panel, the FTC presented data on a study it completed that looked at the funding sources and the disclosure and privacy policies of nineteen entities delivering mobile payments solutions. The FTC reported that ten of the nineteen companies reviewed did not state what a consumer’s total liability would be for fraudulent or unauthorized transactions. That disclosure shaped the discussion for the second panel, which focused on the legal protections in place for consumers who use mobile payments. The discussion tended to suggest that direct carrier billing and stored value cards pose the greatest potential risk to consumers because these offerings do not have the same protections that are in place for credit/debit cards and bank accounts.
Panel three discussed fraud mitigation and data security with respect to mobile payments. The panelists suggested that focusing solely on the security of the mobile device was misplaced, given certain security weaknesses in the underlying payment network architecture. For example, attention should be directed to eliminating areas where data may be stored in unencrypted form and other secondary opportunities to obtain personally identifiable information (such as information in paper form or on laptops).
In a lively discussion, panel four focused on privacy concerns with respect to mobile payments. Many of the panelists cautioned the FTC to move carefully in establishing regulations for mobile payments, inasmuch that new FTC rules should parallel those for the underlying form of payment and not be specific to the technology. The privacy discussion also discussed the use and disclosure of the data generated from mobile payment transactions. There was wide disagreement on whether the use of mobile transaction increases consumer trust due to more personalization or whether the sharing of more consumer data to more companies weakens consumer privacy. Consumer advocates on the panel believe that consumers should be given more control over how their data is being used and who can use it. On the other hand, industry panelists contend that the use of the data can lead to more trust through personalization, targeted ads, and an enhanced shopping experience.
Is the FTC looking too hard for consumer protection issues in mobile payments? The payment systems concerns articulated at the workshop seem largely theoretical in nature given the (sensible) reluctance of the carriers to provide carrier billing for large-ticket physical goods and the ever-increasing regulation of prepaid and stored-value programs, as evidenced by the new FinCEN prepaid access rule. Moreover, since certain U.S. Treasury rules took effect in December 2010, bank-issued open-loop prepaid vehicles that accept funding via ACH essentially all adhere to the liability and other consumer protections in Regulation E as a matter of contract. (Closed-loop cards are by definition limited in liability to the amount of value the consumer loads to the device and are generally much lower dollar value to begin with.) In any event, since the Dodd-Frank Act, the FTC has little jurisdiction remaining to enforce the relevant payments system regulations, having ceded such authority to the new Consumer Financial Protection Bureau.
The FTC seems on safer ground in focusing on privacy issues, for which it has retained broader jurisdiction, and is likely to serve a valuable function by embedding the policy discussion in the broader context of innovations in e- and m-commerce. Hopefully the agency will continue to move incrementally to ensure that the consumer’s voice can clearly be heard in the marketplace by adopting or rejecting offerings from the increasingly crowded menu of competing mobile payments and commerce products and services.