Privacy Concerns, Limitations of Devices Factor into Mobile Payment Regulations, Officials Say
The mobile payment regulatory realm is shaped by concerns about the potential for money laundering, privacy concerns and inherent limitations of mobile devices, officials from federal agencies said during a Monday panel on mobile payments hosted by Law Seminars International.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The scope and complexity of the mobile payment realm presents its own set of challenges to regulators, said Patti Poss, chief of the FTC Consumer Protection Bureau’s Mobile Technology Unit. There is a “high number of companies involved” and “a large amount of data being collected and processed,” she said. To adequately evaluate the world of mobile payments, regulators must consider who “has access to that data flow,” she said. The FTC has “brought jurisdiction over all the rest of those players in the mobile payment ecosystem.” The agency encourages mobile app developers to engage in privacy by design, simplified choice and transparency, she said, stressing the need for transparency with consumers. “That is a really hot topic, with the NTIA and Commerce Department stakeholder process,” she said. In the past year, and at the direction of the White House, the NTIA has convened a group of mobile privacy stakeholders to draft a code of conduct regarding transparency around how apps collect and share user data.
There’s tension between data collection requirements and privacy concerns for mobile banking solutions, said Andrew Lorentz, a Davis Wright lawyer who focuses on mobile payments. The Bank Secrecy Act requires that companies collect certain information, but in the mobile phone space, many parties are vying for user data, he said. “Then you've got this free-for-all, because everyone wants” the consumer data.
The FTC has brought two cases against companies allegedly engaging in mobile payment fraud under its authority through Section 5 of the FTC Act, Poss said: a case against Jesta for its alleged “scareware scheme” and a case against Wise Media for cellphone cramming. “We have a long history of bringing cramming cases,” Poss said of the FTC. “The law applies in the wireless space also.” In the Jesta case, users were falsely told their mobile devices had been infected with malware and that they should buy an antivirus program to eliminate the malware, she said. Consumers who went to purchase that antivirus program were then charged for unrelated ringtones, she said.
The Consumer Financial Protection Bureau approaches mobile banking the same way it does other consumer finance products, said Regulations Counsel Eric Goldberg. The agency must figure out “which of our tools in our toolbox is appropriate to solving a particular” problem, including its rulemaking and enforcement abilities in consumer finance markets and how it responds to individual complaints filed by consumers, he said. Goldberg couldn’t say whether the CFPB is considering issuing guidance on whether the definition of financial institutions applies to mobile payment solutions. “I know it’s something that’s a hot topic back at the bureau,” he said, but “there’s nothing imminent that I know the bureau is considering doing."
Payments through mobile devices include unique features that “in some way … change the game” for regulators, Poss said. Some such features are the devices’ small screens, location-tracking abilities, that devices are “personal to one user” and the multiple ways people use devices -- for texting, for the Web and for apps. The ability for consumers to understand disclosures on mobile devices’ limited screen size is one of the “unique challenges of mobile products” that the CFPB is examining, as well as the “innovation and benefits to consumers” that come along with mobile payments, Goldberg said.
The virtual currency industry received compliance guidance earlier this year through formal guidance from the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and the Liberty Reserve case, Lorentz said. The May federal case against virtual currency firm Liberty Reserve centered around money laundering charges and that the firm “didn’t think they really needed to verify customers,” Lorentz said. “The guidance came out just shortly before this case was announced,” providing “some more formal FinCEN guidance on what is virtual currency.” -- Kate Tummarello <?p>