WASHINGTON—The Pew Charitable Trusts released an issue brief today describing the uncoordinated and uncertain regulatory environment surrounding the use of mobile devices to make payments. The brief highlights the significant risks to consumers at each stage of the mobile payments process—contracting for services, using mobile devices to make payments, and tracking transactions after making payments.
The brief, “Mobile Payments: Regulatory Gaps, Ambiguities, and Overlap Summary Report,” summarizes the findings of a white paper commissioned by Pew and authored by Mark E. Budnitz, professor emeritus at the Georgia State University College of Law. The complete white paper, also being released today, is available on Pew’s website.
Mobile payments enable consumers to make financial transactions using their smart phones via a website, text message, or app; at point of sale; or through direct carrier billing. The technology in turn relies on many other products and services, including debit, credit, and prepaid cards, as well as wireless carriers and nonbank providers. However, state and federal laws have not kept pace with technology and are not comprehensive or consistent, which can place mobile payment users at risk.
“Consumers are increasingly using their phones to make payments, but where do they turn and which rules apply if something should go wrong?” said Susan Weinstock, director of Pew’s consumer banking project. “Today, more than 15 different federal laws apply to mobile payments, leaving major gaps and confusion for consumers and policymakers.
“As mobile payments become more commonplace,” Weinstock said, “so do the risks in having such a disjointed and inconsistent legal framework for these transactions.”
For example, when consumers first click through service agreements on websites or apps, they lack clarity regarding what they have agreed to and any terms that they are now bound by. When making payments, a lack of comprehensive consumer protections—especially for prepaid cards, nonbanks, and mobile transactions—leaves some customers vulnerable to, for example, financial liability or fraud. And after making mobile payments, consumers face inadequate federal protections, putting them at risk of security breaches and privacy invasions by providers or third-parties.
Budnitz’s analysis reviews the laws and oversight related to mobile payments and considers gaps where no law applies; ambiguities as to whether or how a law applies; and overlap in which two or more laws apply to the same situation, more than one agency has legal authority over the same type of conduct, or both. The findings include:
- No law dictates whether a mobile device should be treated as legally equivalent to a credit card or, instead, as an “access device” (such as a debit card)—which carry different consumer protections—when a mobile payment is charged to a checking account.
- The Dodd-Frank financial reform law does not clearly articulate whether bank regulators have authority to enforce the Federal Trade Commission Act, which includes provisions regulating unfair and deceptive acts and practices and could apply to providers of mobile payments. No comprehensive federal or state law regulates transaction services from nonbank mobile payment providers—which are not supervised by any federal agency. The courts have not developed clear rules or standards for what terms and conditions consumers may have agreed to when they read through content on a website.
- Until the Consumer Financial Protection Bureau enacts a final rule governing prepaid cards, limitations on liability for lost or stolen prepaid cards (including those connected to mobile payment transactions) are only available at the discretion of the prepaid provider. The rule requiring that consumers affirmatively agree (“opt in”) to be charged for debit card overdraft transactions does not apply to payments made with a mobile device, except for one-time debit card purchases—which still allow an institution to assess a fee for a check, an electronic payment known as ACH, or other type of transaction. Although the law grants consumers the right to stop payment of preauthorized electronic payments, it does not clearly provide that right when consumers make other types of electronic payments, such as one-time mobile payments.
- No comprehensive federal or state law protects consumers from security breaches or privacy invasions when making mobile payments, and existing law offers only limited protections. Consumers have no right to sue if a financial institution violates the law and must rely on federal enforcement actions, and state laws vary greatly, typically requiring only that consumers be notified after a breach.
The issue brief is intended to summarize the white paper’s findings and to steer interested parties to the white paper for greater detail.
# # #
The Pew Charitable Trusts is driven by the power of knowledge to solve today’s most challenging problems. Learn more at www.pewtrusts.org.