The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


Leave a comment

FTC Issues Staff Report on Mobile Payments

The Federal Trade Commission (FTC) issued last week a staff report titled “Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments,” which is based on a workshop held in April 2012 by the FTC.

Consumers are more and more often offered the possibility of paying bills, or making a purchase and paying for it, using their mobile phone.

The report quotes a 2011 survey which found that 83% of financial executives predicted that mobile payments would be widely adopted by consumers by 2015. A report published in 2012 by the Federal Reserve found that 12% of the 87% of Americans owning a mobile phone had made a mobile payment in the past 12 months, mostly to make an online bill payment. Forty-two percent of the persons who had not made such payment yet cited security concerns as the primary reason for not doing so.

Panelists in the April 2012 FTC workshop cited three main sources of concern regarding mobile payment: dispute resolution, data security, and privacy.

Dispute Resolution

The level of protection of consumers against fraudulent or unauthorized transactions depends on the underlying funding source of the mobile payment. If the funding source is a credit card, the capping liability for the consumer is $50, under 12 C.F.R. § 1026.12.

Same goes for a debit card, if the consumer reports the fraud within two business days, but the cap is $500 after that, pursuant to 12 C.F.R. § 1005.6.

However, no federal statute protects the consumer if the funding source of the unauthorized transaction is a pre-paid card or a gift card, but the Consumer Financial Protection Bureau is currently examining the possibility of such protection.

Also, no federal statute protects consumers against fraudulent charges on mobile carrier bills. It is a source of concern for the FTC, as a mobile payment may be done by charging it to a mobile phone bill. The FTC recommends giving consumers the power to block all third-party charges on their mobile accounts. Also, mobile carriers should have a clear and consistent dispute resolution process for dealing with suspicious charges.

Data Security

There are federal and state laws imposing data security requirements on businesses collecting and using financial and sensitive information. Consumers themselves are advised by the FTC to take practical steps to secure their financial information, such as setting a second password for any payment apps.

Privacy

Many different parties are privy to an online payment transaction, including banks, merchants, apps developers, and mobile carriers. They all have access to more consumer data as compared to data collected during a traditional payment, as they know about the financial information and the purchase information.

The recommendations set forth in the FTC Privacy Report, such as privacy by design and consumer’s choices about data to provide for collections should also apply to companies dealing with online payments. The FTC also recommends providing transparency about mobile payment data practices in order to improve consumers’ trust.

Mobile payments are here to stay. The FTC notes in its conclusion that, as this industry is still in its infancy, there is a possibility to create new products with financial, security and privacy protection in mind.


Leave a comment

Sens. Rockefeller and Blumenthal Introduce the Do-Not-Track Online Act of 2013

On February 28, U.S. Senators Jay Rockefeller (D-WV) and Richard Blumenthal (D-CT) introduced the “Do-Not-Track Online Act of 2013,” which would require all Web browsers, online companies, and mobile app developers to allow users to opt-out of online tracking by online advertising networks, data brokers, and others.  The bill is similar to legislation that Senator Rockefeller introduced in 2011.

The bill would create a universal legal obligation for all online companies to honor consumer choice when consumers do not want any entity to collect information about their online activities.  In addition, the bill would allow the Federal Trade Commission to pursue enforcement action against a company that does not honor a consumer’s request to not be tracked.

Under the bill, companies could track personal information in limited instances, including when (1) such tracking is necessary to deliver a service requested by the consumer being tracked, so long as the information is anonymized or deleted once the service is delivered; or (2) the individual receives clear and conspicuous notice that the collection is occuring, and consents to such collection.

The legislation is in response to ongoing dialogue (and disagreement) between the online industry and consumer groups over how best to implement an industry-wide Do Not Track standard.  According to Sen. Rockefeller, “[i]ndustry stood at the White House and made a public pledge to honor do-not-track requests, but has since failed to live up to that commitment.”  In response, Sen. Rockefeller states that this latest bill will give consumers “the opportunity to simply say ‘no thank you’ to anyone and everyone collecting their online information. Period.”