The Federal Trade Commission issued a report and recommendations for mobile payments called Paper, Plastic... or Mobile? An FTC Workshop on Mobile Payments, which is based on a workshop held by the Commission in 2012 to examine these issues.
The report, while noting that mobile payments can provide innovative and convenient options for consumers, highlights three major areas of potential concern for consumers. The first concern is how consumers can resolve disputes in the case of fraudulent payments or unauthorized charges. Many mobile payment platforms (such as those using Near Field Communications (NFC) technologies, mobile apps and online checkout wallets) allow consumers to choose among several different funding sources for payment, such as a credit card, debit card, bank account or mobile phone account. Consumers may not recognize that their protections against fraudulent or unauthorized transactions can vary greatly depending on the underlying funding source. Generally, credit cards and bank debit cards provide the strongest level of statutory protection (e.g., liability limitations, disclosure requirements for fees and expiration dates, error resolution procedures, and authorization standards for recurring payments); however, other types of funding mechanisms do not have the same statutory protections. For example, there are no federal statutes besides the FTC Act that protect consumers from unauthorized charges if their mobile payment mechanism is linked to a pre-funded account or stored-value card such as a gift card or general purpose reloadable card, also known as a pre-paid debit card. The report reiterated the significance of the Consumer Financial Protection Bureau's pending proceeding where the issue of whether to extend certain statutory protections to general purpose reloadable cards is under consideration. The FTC filed comments in that proceeding supporting extended protections for consumers of these cards. As such, the report recommends that companies develop clear policies on how consumers can resolve disputes arising from fraudulent mobile payments or unauthorized charges.
The report also discusses the growing problem of mobile "cramming," which occurs when third parties place unauthorized charges on consumers' mobile phone bills. The Commission explained that it has previously indicated in a comment proceeding before the FCC that consumers should receive basic protections against this practice of mobile cramming by, among other things, giving consumers the ability to block third-party charges on their mobile devices. The report explains, however, that because there are several approaches to addressing fraudulent charges on mobile carrier platforms, there will be an FTC roundtable in May to discuss this issue.
Second, the report addresses the need for strong data security measures to ensure security throughout the mobile payment process. The report addresses ways sensitive financial information can be kept secure during the mobile payment process, such as through end-to-end encryption (i.e., allowing for encryption throughout the entire payment chain). The report encourages all stakeholders in the mobile payment ecosystem to raise awareness about the security of mobile payments and identify the steps consumers can take to safeguard data on their mobile devices (e.g., by encouraging consumers to set one password to unlock the mobile device and another password to access the payments app on the device).
The third concern is privacy. The FTC explains that the use of mobile payments raises significant privacy concerns, due to both the high number of companies involved in the mobile payment ecosystem and the large amount of data being collected. The Commission reiterates its "privacy by design" recommendation (i.e., companies should consider and address privacy at every stage of product development) and urges companies to incorporate strong privacy practices, consumer choice and transparency into their products from the beginning of the design process. The report also notes the privacy issues arising from the consolidation of consumers' personal information in the mobile payment process. Mobile payment providers may have access to more information than a traditional retailer would, such as contact information and a record of a consumer's location.
Mobile payments frequently involve entities such as hardware manufacturers, operating system developers, application developers, data brokers, coupon and loyalty program administrators, payment card networks, advertising companies, and retailers and other merchants. The FTC will continue to monitor mobile payment options and to evaluate whether consumers have adequate protections and the information they need to make informed choices about these services.