You just wanted a cup of coffee to start the morning.
Now, as you fumble with your wallet, taking it out, retrieving the cash or credit card, you can feel the glares and impatience of the other java drinkers standing behind you, waiting, needing to get to work.
Enter an emerging technology which makes paying for that coffee as easy and convenient as waving your smartphone. Mobile payments are a new trend which enables consumers to make retail purchases without using their credit or debit cards or cash. It can turn that morning “argh” moment into “ahhh.”
However, how that mobile payment is processed has been compared to the Wild West. With the transaction potentially passing through many hands before it reaches the bank, using your smartphone could be the equivalent of giving your card numbers, account numbers, pin codes, passwords and personal data to strangers.
Suddenly that “ahhh” has changed to “uh-oh.”
Adding to the financially damaging situation, if a consumer discovers fraud or theft linked to the mobile payment, he or she may learn that the traditional consumer protections that apply to banks do not apply here.
“It’s the Wild West, it’s just nobody knows it,” said Sarah Jane Hughes, scholar and fellow in commercial law at Indiana University Maurer School of Law.
The innovation can be divided into two categories: mobile banking and mobile payments.
Mobile banking gives direct access to a bank account and comes with all the protection and security that covers a bank. The primary law governing this kind of transaction is the Electronic Fund Transfer Act and Regulation E of the Federal Reserve Board. Enacted by the U.S. Congress in 1978 in response to the introduction of ATMs, the EFTA defines the rights and liabilities of consumers along with the responsibilities of all participants in the electronic transfer activity.
Mobile payments that directly access the consumer’s credit card are governed by the federal Truth in Lending Act and Regulation Z of the Federal Reserve Board. Those that draw from a debit card are generally regulated by the federal EFTA and the state’s Uniform Commercial Code.
The least consumer protection comes with mobile payments that rely on intermediaries to process the transaction. For example, the account information used in making the mobile payment will travel from the consumer to the merchant, then to a payment provider, then possibly to the bank or to the mobile service provider like AT&T or Verizon where the charge will show up on the individual’s phone bill.
In a presentation during the International Payments Policy Conference at the Federal Reserve Bank of Kansas City, Mo., Hughes pointed out the mixed bag that
comes with mobile payments. While payment providers’ innovations are making payments faster, easier and maybe less costly, these new products are not covered, as a whole or in part, by the traditional regulatory regimes. Consequently, consumers and merchants could be uncertain of their rights and responsibilities.
“The disparity between the regulation of mobile payments made via access devices directly between the sender’s demand account to a merchant and those that use processing intermediaries including telecom and other nondepositary providers to handle such payments is likely to remain until Congress acts,” Hughes told the conference.
Capitol Hill has convened a couple of hearings on mobile payments but attorneys do not see nor expect any new laws to be enacted in the near future regarding this technology.
Tom Walsh, partner at Ice Miller LLP, looked back to the late 1990s when consumers turned to buying goods and services over the Internet. At that time, regulations had to play catch-up because many businesses took advantage of loose privacy laws, collecting and selling personal data which put consumers at risk.
He does not see any gapping hole in the regulatory polices that are leaving consumers exposed as they make mobile payments. The framework is now in place so the regulations will just have to be adapted rather than created from a consumer protection standpoint.
Despite the questions about safeguards, customers seem to be embracing mobile payments. Juniper Research predicted that over the next five years, mobile payments will quadruple globally to more than $1.3 trillion. Also, a survey of stakeholders by the Pew Internet & American Life Project found that 65 percent of respondents believe by 2020 “most people” will be using smart devices to make purchases.
One thing that will attract Congressional attention and make consumers nervous is bad behavior. A major event like large-scale fraud or identity theft linked to mobile payments that injures a significant portion of the public would likely slow adaptation and trigger new laws and rules.
States usually defer to the federal government to regulate the banking industry, said Howard Cohen and Jane Shea, attorneys at Frost Brown Todd LLC. One way that states could implement new rules would be to amend the Uniform Commercial Code, but that process can take many years because, in order to keep the code consistent across state lines, most if not all states would have to adopt the same language.
However, a rule change could be done relatively quickly through the Federal Reserve Board. Even though the board is required to publish its proposals and solicit public comment, the process could be completed in months.
Currently, consumers do not always have a clear understanding of which government agency or business in the mobile payment chain to call when they discover irregular activity on their accounts. All the stakeholders, said Michelle Kaiser Bray, partner at Faegre Baker Daniels LLP in Indianapolis, are collaborating, along with looking for regulatory guidance, to address data protection, risk management, privacy and security concerns.
Bray cautioned against the government becoming heavy-handed.
“We don’t want to be so bogged down in regulatory framework that we freeze the innovation itself,” Bray said. “It will chill innovation and all the stakeholders will be less inclined to come up with product which, at the end of the day, hurts consumers.”
Just like the Wild West of old, consumers today will have to be very proactive in protecting themselves. Log-ins and passwords are no longer sufficient security, according to attorneys. Consumers should install on their mobile devices the ability to lock it down and wipe it clean if it is lost or stolen. And, just like when a wallet is lost, consumers should know the phone numbers of the financial institutions and service providers to call immediately.
Also, consumers should read the contracts and privacy agreements that come from their banks, mobile providers and with the apps they purchase. Instead of rapidly scrolling through the contracts and clicking “I Accept,” attorneys said consumers should read them so they know what to do and whom to contact if their accounts are compromised.
“They aren’t easy to read,” said Abby Kuzma, director of the Consumer Protection Division at the Office of the Indiana Attorney General, “but, nonetheless, that’s the reality.”•