Between 2010 and 2018, U.S. investments in financial technology, or “fintech,” grew from almost $2 billion to more than $100 billion, with over half of the increase occurring in 2018 alone. Among the ripest spaces in the financial sector for a technology upgrade is payments—the systems that move money between people and institutions—which currently rely on aging infrastructure and often make consumers wait for access to their funds. Payments innovation is important not only to ensure the expediency and safety of everyday transactions, but also to speed the delivery of government benefits or funds to those in need, especially during emergencies, such as natural disasters and the COVID-19 pandemic and resulting recession. As businesses and policymakers seek to promote the development of new payments technologies, the need to also ensure safety and efficiency will present a range of challenges to regulators and traditional financial systems.
Mobile payments, in which consumers conduct transactions from their smartphones, are perhaps the most significant payment innovation since credit cards. In recent years, they have evolved from a novel, sometimes risky tool, into an extension of the mainstream financial system and, increasingly, a primary vehicle through which new payment options are made available to end users. Many consumers already rely on mobile payments for electronic person-to-person (P2P) money transfers—such as between family or friends—and faster payments, which move funds between accounts in an instant, and are now leveraging them as a way to avoid contact with others amid the pandemic. Research from The Pew Charitable Trusts found that, as of 2018, more than half of U.S. adults had made a mobile payment in the past year, though nearly 30% of consumers said that they have avoided mobile payments to protect against loss of funds.
Regulators have responded to the risks of consumer losses by improving protections for most mobile payments. In particular, the Consumer Financial Protection Bureau’s (CFPB’s) Prepaid Rule, which went into effect in 2019, filled key gaps in existing regulation and created a relatively cohesive regulatory structure. Specifically, the rule extended the traditional safeguards that protect debit card users against losses to newer nonbank products, including general purpose reusable (GPR) prepaid cards and most mobile “stored value” accounts, such as mobile wallets and apps that hold funds and enable P2P transfers. Previously, consumers had little or no legal recourse in the event of a loss of funds on these accounts.
Technology advances have made mobile payments increasingly useful and popular, and regulations have become more uniform across payment types. But antiquated financial and regulatory infrastructure means that most payments still take up to three days to transfer the funds between banks and that companies and regulators continue to encounter obstacles when seeking to test innovative ideas. To address these challenges, regulators are acting to change the U.S. payment market in two key ways: creating a faster payments system, which will provide nearly instant transaction processing for most of the U.S., and establishing fintech “sandboxes,” programs that temporarily reduce licensing and regulatory requirements to help spur development of novel financial products and technologies.
Regulators, policymakers, and industry leaders say they intend these strategies to create greater financial inclusion by bringing useful and affordable products to the quarter of American households that are unbanked or underbanked (those who have no bank account or who use nonbank financial providers, such as check cashers and payday lenders).1 However, Pew’s research has shown that, despite widespread smartphone ownership, mobile payments use is significantly lower among these groups—as well as among older Americans, those without jobs or higher education, and those with lower household incomes—compared with the broader population, often because of a high reliance on cash and a lack of consistent cellular data service. Further, more recent research indicates that, though the pandemic has spurred some people to use mobile payments for the first time, it has also deepened the financial distress of millions of households, which is likely to exacerbate the impact of these barriers to mobile payments use.
Without steps to address these obstacles, low adoption rates will continue to limit the ability of fintech companies that rely on mobile payments to expand peoples’ financial options. Yet, even if the proposed strategies do help people more easily access funds or financial services, they also risk undermining the consumer protection parity regulators have achieved among innovative and traditional products by creating new gaps in those safeguards. This, in turn, could shake consumers’ tenuous confidence in the safety of mobile payments, increase risk, and exacerbate remaining regulatory gaps. Policymakers should ensure that financial protections continue to apply equally to all consumers across payment methods and remain robust as technology advances.
This brief summarizes the present landscape of mobile payments and identifies key issues for policymakers and regulators to consider as the industry evolves, including gaps in current regulations and how changes in payment policy may affect consumers’ trust and adoption of mobile payments.
More than half of Americans use mobile payments
Mobile payments let consumers complete transactions, such as ordering rideshares, paying for meals, and sending money to friends, directly from their smartphones, and financial companies often leverage mobile payment technology to deliver products and services.2 Traditional payment methods, such as debit and credit cards, have become seamlessly integrated into a wide range of apps, and this blending of old and new has helped drive a rapid increase in investments in U.S. fintech, which more than doubled from $50 billion in 2017 to over $100 billion in 2018.3 In 2019, the CFPB’s Prepaid Rule expanded this integration to the regulatory environment, extending safeguards that cover debit cards to include P2P transfer apps, mobile wallets, and GPR prepaid cards and creating relative parity in protections for consumers against loss of funds from errors, theft, or fraud.4
Six in 10 Americans reported shopping or browsing on their mobile phone in 2019, and Pew’s 2018 research found that once consumers begin using mobile payments, most continue to do so: Fifty-six percent had used a mobile payment in the past year and, of those, 84% had used one in the past month.5 And preliminary information indicates that, as people have cut back on point-of-sale transactions and in-person transfers amid the pandemic, mobile payments adoption and volume have grown.6
Consumers fund mobile transactions in several ways. More than 80% of mobile payment users connect a bank account, credit, or debit card to an app, and 15% report either linking a GPR prepaid card to an app or using a “stored value” account. (See Figure 1.)
Mobile payment users reported several benefits of the technology, including payment or account alerts, electronic receipts, rewards, discounts, and help with budgeting. Also, nearly half of respondents were interested in using mobile payments to help them avoid overdraft or check cashing fees.7
Mobile payment protections have improved but consumer distrust and other challenges persist
Although mobile payments have become seamlessly integrated with credit and debit cards, some consumers who chose not to use mobile payments said they were already well served by other methods and saw no reason to switch. However, nearly 30% of both users and nonusers said they chose not to use mobile payments, at least sometimes, to prevent loss of funds from theft, double billing, or disputes with merchants or app providers.12
Apprehension stymies mobile payment use
Consumers view mobile payments as less protected than traditional payment methods and worry about losses when transacting with a phone even when the underlying method is a credit card, which carries the strongest available safeguards against loss of funds. Pew found that 61% viewed credit cards as well protected compared with 35% for a mobile payment linked to a credit card.13
Not only do consumers’ attitudes about mobile and traditional methods differ, but so do their experiences with disputes across these payment types. Only 2% of mobile payment users had a problem, such as a billing error or fraud, in the past year, but those with a dispute were twice as likely to say it was difficult to resolve compared with people who had debit, credit, or GPR prepaid card transaction issues (39% vs. 20%).14 They were also more than four times as likely as traditional payment users to not know whom to contact (23% vs. 5%).15
Cash-reliant and unbanked consumers face additional hurdles
Cash poses another challenge to mobile payments adoption because it must be deposited into a prepaid, checking, or other account before it can be used for mobile transactions. Nationwide, 14% of Americans say they primarily pay with cash, and Pew’s previous research shows that these consumers were significantly less likely to have used a mobile payment in the past year (39%) than people who usually transact with debit or credit cards (63% and 58%, respectively).16
Lack of access to a bank account is another barrier to mobile payment adoption. Unbanked consumers tend to have lower household income than those with bank accounts and are most often paid with paper checks, which they must cash in order to access the funds. But without a bank account and access to a debit card, converting that cash for use on mobile platforms is particularly difficult.17 This is a key reason why mobile transaction use is significantly lower among the nation’s 14.1 million unbanked adults (6.5% of households) than among people who have bank accounts.18 In Pew’s research, three-quarters of unbanked respondents said that they had not adopted mobile payments because they mostly use cash.19
In addition, although 4 in 5 unbanked consumers own a smartphone, they are more likely than people who have accounts to have canceled or suspended their cellphone service for cost reasons (18% vs. 10%), which also limits their ability to use mobile payments.20
Challenges to Achieving Financial Inclusion Using Mobile Payments
According to the Federal Deposit Insurance Corporation, about a quarter of Americans are either unbanked or underbanked. These consumers generally have lower household incomes, rates of employment, and levels of education than the broader U.S. population, and in the absence of bank accounts and debit cards, they use cash or alternative financial products, which tend to lack robust consumer protections and can be unaffordable and abusive.21
Regulators, policymakers, and industry representatives often say that one goal of expanding fintech is to promote financial inclusion by improving access to affordable and helpful tools and services.22 However, as noted earlier, Pew’s research shows that unbanked and underbanked Americans are less likely to adopt mobile payments than consumers who are well served by traditional financial institutions. And though data suggests that mobile payment use is increasing during the COVID-19 pandemic, the financial hurdles to adoption could become more acute as more American families face increased economic distress. To address these barriers and truly reach underserved populations, regulators and others need to consider three key questions:
- Which populations would be excluded from new products and services that rely completely on mobile payment technology?
- Will a lack of mobile payments adoption pose problems for either these consumers or the success of the overall system? For example, one benefit of faster payments could be to reduce overdrafts and late fees on bills due to timing issues, but lower adoption of mobile apps by certain populations could undermine this value.
- How will challenges with dispute resolution impede further uptake or exacerbate current problems?
Consumer protections for mobile payments have improved but hazards remain
Before the Prepaid Rule, mobile payments posed significant risks at every stage of the process, from sign-up to completion of the transaction.23 The rule codified protections against unauthorized transactions, such as theft and fraud, for GPR prepaid accounts, mobile wallets, and P2P money transfer apps, closed some of the gaps in regulation, and substantially bolstered safeguards for consumers using mobile payments,24 creating relative regulatory parity across electronic payment types. As a result, nearly all mobile payments now give a customer recourse in the event of a loss of funds, but in certain circumstances some ambiguity persists.25
For instance, because mobile payments fall under the purview of multiple regulators, no single regulatory framework governs their operation. In addition, the Prepaid Rule left some gaps, such as a persistent lack of guidelines to protect privacy and secure data, leaving consumers open to harm.26 Further, mobile payment companies frequently shift liability away from themselves. Pew reviewed disclosures for 12 firms in 2019 after implementation of the Prepaid Rule and found that though most nonbank app providers limit consumer obligations when funds are transferred via an app, they also place responsibility for consumer losses on mobile carriers, phone manufacturers, or other parties, who often are not explicitly named in the disclosure. In addition, providers do little to inform customers about their recourse in the event of a loss of funds.27
Policymakers aim to modernize payments and protect consumers
Federal and state regulators have announced—and in some cases launched—efforts to enhance peoples’ payment experience while maintaining consumer protections, involving two key approaches: real-time “faster payments” and regulatory “sandboxes.” Although these strategies could accelerate consumers’ access to and adoption of new payment technologies and products, they also have the potential to exacerbate risks to consumers.
Faster payments increase speed and risk
Mobile payments appear to consumers to instantly transfer funds, but in reality, they usually take two to three business days to move the money from the sender’s bank account and make them available to the recipient. However, new technologies can support virtually instant funds transfers, known as faster, or real-time, payments. At least 54 countries already use real-time payments.28 In the U.S., several companies purport to offer an instant payment experience, but just one, the Clearing House (a banking association and payments company owned by the nation’s largest banks), has created an infrastructure capable of moving funds in minutes or seconds. However, the Clearing House’s system is not available to all consumers.29 In 2019, the Federal Reserve expressed its intention to offer similar services to all financial institutions and greatly increase access to faster payments for U.S. businesses and consumers.
The Federal Reserve’s Foundational Work on Faster Payments
The Federal Reserve has been studying faster payments for nearly a decade and has taken a novel approach to identifying and solving issues that would prevent the success of the system in the U.S. By using a variety of task forces, working groups, and councils that include stakeholders from financial institutions, payment providers, consumer groups, regulators, businesses, and consultants, the Fed has enabled key constituencies to participate in creating a faster payments system. Over the past five years, this work has entailed:
- 2015-2017: The Faster Payments Task Force, made up of more than 300 individuals, developed a set of “Effectiveness Criteria” to provide guidance on the important aspects of an improved payments system: “ubiquity, efficiency, safety and security, speed, legal, and governance.”30 The task force’s work culminated in two reports, the second of which included 16 proposals from various financial firms on how to more quickly move money from senders to recipients.31
- 2017-2018: Three working groups—Governance Framework Formation Team, Directories Work Group, and Rules Standards, Laws, and Regulations—sought solutions to issues that could stymie broad adoption of faster payments.32
- 2019: Announcement of the Fed’s intention to develop a new financial transaction infrastructure, called the “FedNow Service,” which will facilitate payment processing between banks 24 hours a day, 7 days a week, 365 days a year, enabling users to send and receive money and access all funds within seconds.33
- 2019-present: Creation of the U.S. Faster Payments Council, a membership organization comprising the Federal Reserve and companies and individuals representing diverse stakeholders, to advance faster payments.34
Federal Reserve seeks to expand faster payments
In 2014, the Fed found that 12% of U.S. transactions—roughly 29 billion—each year could benefit from faster payments, including P2P; person-to-business, such as for bills that would incur fees if delayed; business-tocustomer, such as insurance claims; and between two businesses, for instance from a firm to a supplier. Faster payments allow the recipient to have certainty that funds have been transferred and to use them right away.35 The ability to move money in real time is especially critical during recessions and emergencies, such as the COVID-19 pandemic, when millions of Americans are out of work and need instant access to funds transferred from family, friends, or the government to pay bills and buy necessities.36
In a recent speech, Federal Reserve Board Governor Lael Brainard highlighted the impact real-time payments could have for consumer financial well-being, noting that an expanded faster system could help households with tight budgets avoid overdraft or late fees that result from standard payment processing times.37 However, as the Fed noted in 2017, faster payments will not protect families that routinely have insufficient income to meet expenses against overdrafts (about $35 per transaction) or the need to borrow money to cover a shortfall.38
Faster payments could widen gaps in financial protections
Existing systems process payment transactions as either “credit-push,” in which the sender (typically the consumer) initiates and authorizes a payment to a recipient (such as a merchant), or “debit-pull,” which requires the sender to give his or her account or card information to the recipient, who then originates the transaction. (See Figure 3.) Debit-pull transactions are more common and include nearly all retail purchases involving a debit or credit card, but existing and proposed P2P and faster payments systems use a credit-push process.
Before 2019, Regulation E of the Electronic Fund Transfer Act and Regulation Z of the Truth in Lending Act protected debit card and credit card transactions, respectively, against fraud and theft, but GPR prepaid cards, mobile wallets, and P2P apps did not carry such safeguards. The Prepaid Rule extended provisions of Regulations E and Z to these payment types and created relatively consistent protections against losses from theft, fraud, and billing errors.39 (See Appendix B.)
Cohesive protections must extend to credit-push and faster payments
Under Regulation E, consumers are well protected against unauthorized transactions, but precisely when an authorization of a credit-push transaction is invalid remains unclear, especially in instances of fraud. When customers are conned into revealing their bank account and routing numbers, the resulting debit-pull transaction authorizations, which are fraudulently initiated by the receivers using the victims’ information, are plainly invalid according to existing regulation, and customers have recourse to recover their lost funds. However, because credit-push technology moves money so quickly, consumers using this payment method are more at risk of other types of scams, particularly “push payment fraud.” In these scams, a victim is tricked into sending an actual payment—rather than banking information—typically to purchase a product or service that is not legitimate. In these instances, the regulations are ambiguous on whether the transaction authorization, which the consumer originated, is valid. And in the absence of well-defined guidance, P2P and faster payments companies have largely treated customer identification and initiation of a payment as lawful authorization, regardless of the legitimacy of the recipient.40 Regulators need to clarify this point to ensure that P2P and faster payment customers have the protections they need to safely conduct credit-push transactions.
In 2017, the Federal Reserve’s Faster Payment Task Force noted the need for “strong fraud/error resolution processes” to avoid customer dissatisfaction with real-time payments, but this level of protection has not yet been achieved.41 The CFPB has the opportunity to close this gap by clarifying the Regulation E definition of “authorization.”42 Failure to do so would probably lead to an increase in push-payment fraud as faster payments become more available.43 And the need may be even more urgent amid the pandemic as the Internal Revenue Service and CFPB both have issued public warnings about an increase in scams as shopping behaviors change and consumers are increasingly isolated.44 Unless regulators and industry find credible ways to alleviate fraud risk, clarify authorization criteria and liability protections, and improve procedures for resolving problems, consumers may distrust and avoid the faster payments system and the mobile payments that facilitate them.45
Lack of friction points in faster payments increases risk
U.S. financial institutions do not generally report losses from payment fraud. But in 2019, the Federal Trade Commission’s Consumer Sentinel Network received nearly 389,000 complaints of fraud that resulted in financial loss, totaling $1.9 billion.46 Of that sum, $667 million resulted from imposter scams (the second-most reported category), with a median consumer loss of $700.47
Wire transfers, which are credit-push payments, account for the bulk of losses in the U.S: 23% of total losses and 29% of reported frauds involving a payment method in 2019.48 The wire transfer process, however, has numerous friction points that slow it down, reducing the likelihood of theft. For example, wire transfers generally require the sender to physically go to the bank and provide identification as well as the recipient’s account number and personal information. At that point, a banker might question the transaction or raise other red flags before sending the money. When a customer is initiating a legitimate transaction, these steps can be annoyances and could be made less so as part of improved mobile and new faster payments systems. However, when scams are occurring, this friction gives consumers time to discover and avoid the theft.49
Emerging faster payments systems generally lack such procedural hurdles, and people have already started to leverage these systems to carry out scams.50 In response, some mobile and faster payments companies attempt to warn customers about risky transactions using “just in time” disclosures—messages that pop up on a phone or computer screen before the user completes the final step to initiate a transfer.51 But disclosures alone cannot eliminate fraud risk because credit-push payment scams are not always easy to recognize. These scams often employ social engineering, in which criminals “groom and manipulate people into transferring money or divulging personal and financial details.”52 For example, some frauds involve demanding money that victims legitimately owe but providing a false recipient account, persuading people that they will receive large cash deposits by first sharing their bank information, or hijacking a business’s email account and sending fraudulent invoices.53
Stronger legal recourse for victims may help: Lessons from the U.K.
In the United Kingdom, which has had real-time payments for more than a decade, losses from credit-push scams accounted for 30% of fraud losses in 2018 and totaled approximately $472.4 million.54 Of these, 64% were personal losses, and the rest were business losses.55
In 2016, the U.K.’s largest independent consumer advocacy group, known as “Which?”, filed a “super-complaint” to the Financial Conduct Authority (FCA), which oversees that nation’s financial markets and prudential regulation, contending that push-payment fraud in the faster payments system was causing significant consumer harm because of two key problems:56
- Faster payments place liability on the wrong parties. Consumers bear all the risk of loss if they initiate a transaction to the wrong person or a thief, even though banks bear this risk in most other payment situations and are better equipped to guard against it.
- Banks lack incentives to prevent scams. Banks are far better positioned than consumers—and have the data and technology individually and collectively—to institute controls on credit-push transactions, such as those that are already in place to protect against debit-pull theft. These include confirming that the account name and number match before sending funds. However, because financial institutions bear little or no liability, they may have limited motivation to prevent credit-push thefts.57
The complaint also contended that market forces cannot correct this misalignment without government intervention. A bank’s ability to manage this risk is greatly dependent on the involvement of other banks, and though a single institution has the power to stop its own customers if it suspects them of stealing people’s money, it has limited ability to protect its customers from thieves using accounts at other institutions unless those firms also act. As a result, an individual bank working on its own to protect customers would be relatively ineffective.58
The FCA investigated the complaint and found that institutions receiving funds on behalf of customers could do more to identify and prevent credit-push fraud. At the end of 2019, the FCA introduced new rules, allowing victims of fraud, who previously had no recourse, to have their complaints handled by either the sending or the receiving institution in cooperation with the Financial Ombudsman Service. In addition, the Payment Systems Regulator, which the FCA created in 2013 to oversee payments, established a steering group to develop a voluntary industry code. The FCA notes that credit-push fraud remains a growing problem in the country, and although changes that give fraud victims better legal recourse should help curb scams, whether they will sufficiently protect consumers is not yet clear.59
As in the U.K., federal rules in the U.S. empower financial institutions to track, identify, and intervene against scams. And banks, credit unions, and other financial entities have a strong incentive to prevent losses from debit-pull transactions because they—not their customers—are generally liable when a payment is unauthorized. For these reasons, U.S. financial institutions generally do act to prevent theft involving debit-pull payments by flagging probable fraudulent transactions and contacting customers. Updates to or clarification of Regulation E could apply similar rules to credit-push transactions to protect consumers from losses that can undermine adoption of mobile and other payment technologies.60
Fintech sandboxes foster innovation but may undermine protections
As of 2020, fintech sandbox programs are in place at the federal level (overseen by the CFPB) and in a handful of states: Arizona, Utah, and Wyoming all have active programs, and in July 2020, Florida passed a bill to establish a sandbox. The overall goal of these programs is to reduce regulatory barriers to market entry for novel fintech products and services and to provide a venue for testing of emergent business models and technologies.61 Sandboxes allow fintech firms to avoid—with regulatory approval—certain requirements, such as licensure and disclosure rules; generally limit a company’s participation to a couple of years per product; and often restrict the number of customers that can access a product while it is being tested.
However, because sandboxes exempt firms from some or all licensure, disclosure, or other requirements and from oversight by traditional financial regulators, they may create opportunities for companies to sidestep important regulations and cause emerging consumer protection issues to be overlooked.62 Although proponents largely view sandboxes as a way to increase innovation and inclusion in the financial services marketplace, whether they ultimately benefit or imperil consumers is unclear.63
In 2019, the CFPB launched two sandbox programs and related initiatives:
- Trial Disclosure Sandbox waives certain rules and reduces participating firms’ liability for a limited time to enable testing of disclosures that would otherwise violate regulatory requirements.
- Compliance Assistance Sandbox allows companies to test new products or services for a restricted amount of time while sharing data with the CFPB.
- Streamlined no-action letter policy simplifies the application and approval process for “no action” letters, which officially exempt companies from specific supervisory or enforcement actions by the CFPB.64
- American Consumer Financial Innovation Network (ACFIN) facilitates coordination among state and federal regulators and encourages financial innovation; members include the federal Office of the Comptroller of the Currency and 13 state regulators.65
Consumer advocates, however, have voiced concerns that these programs will allow companies to bring riskier products and services to market without transparency or public input and potentially to evade important consumer protections or enforcement.66
In March 2018, Arizona enacted H.B. 2434, which was the first regulatory sandbox for financial services innovation in the U.S., and Florida, Utah, and Wyoming have since started their own programs.67 States often develop their sandboxes to attract banking and fintech firms. Florida Governor Ron DeSantis (R) has said that one of his priorities is “to create a regulatory environment that provides opportunities for businesses in the financial technology and banking sectors to thrive.”68 And Arizona and Utah both frame their programs as a way to provide “safer, affordable, and innovative financial services and products.”69
These state programs can have an outsized influence on the financial technology marketplace because states play a significant role in regulating nonbank companies, including many fintech firms. Specifically, outside of a sandbox program, such businesses must hold money transmitter licenses, and companies operating under these licenses are primarily overseen by state regulatory agencies dedicated to the examination, enforcement, and compliance handling of nonbank money service providers.70 However, firms enrolled in a state sandbox are generally not required to hold these licenses and so are supervised by the sandbox administrator—the Arizona Attorney General’s office, Utah Department of Commerce, and Wyoming Secretary of State’s office—which may have less experience regulating these businesses and identifying consumer risks than conventional state financial regulators.71 Notably, Florida’s legislation avoids this potential problem by keeping sandbox oversight with a traditional regulator, the Office of Financial Regulation.72
Arizona has taken steps to improve consumer protections, updating its sandbox law to include several safeguards, such as disclosure requirements and a directive that companies identify risks to consumers and implement necessary safeguards.73 The state has also partnered with the CFPB on ACFIN. To date, Arizona has eight firms participating in its sandbox, including lenders, payments companies, and other financial providers.74 These companies often reach their customers via websites, and some have mobile apps. Five focus on products for lower-income or unbanked customers, such as auto-title loans and loans offered at the point of sale, which have the potential to either benefit these customers or—if consumer protections are not maintained and enforced—imperil them.
Pew’s research suggests that at a minimum, regulators should ensure that consumers using sandbox payment products are aware of the risks, have access to dispute resolution processes, and are shielded financially should the company fail.75
The U.K.’s Financial Technology Sandbox Model
The FCA’s sandbox, Project Innovate, established in 2014, helps firms navigate regulations and apply for business licenses. The agency has minimized risk for customers testing products in its sandbox by requiring participating companies to select from four consumer protection regimes: mandating that consumers provide “informed consent,” similar to a clinical trial in medical research; having FCA decide on disclosure requirements depending on the business and product; giving consumers in the sandbox the same rights to lodge formal complaints and gain compensation as in the mainstream marketplace; or obliging the business both to demonstrate that it can reimburse customers for any losses that result from the trial and to provide such compensation in the event of a problem.76
As of April 2019, 686 firms had received assistance from Project Innovate, and in the aggregate, they were able to bring their products to market 40% faster than other similar businesses.77 The FCA concluded that the sandbox program is “improving outcomes for consumers” by fostering increased competition among companies, which in turn, the agency believes, has driven sandbox participants and traditional financial firms to deliver safer and more useful products.78
When strong competition increases access to safe, affordable options, positive outcomes for consumers can result. However, competition does not protect against all consumer harms, such as high hidden fees or challenges with dispute resolution, that are generally unaffected by increased industry participation.79
As faster payments, sandboxes, and other initiatives become more widespread, mobile devices will continue to be a primary way that novel financial products reach consumers. And as innovations reach the marketplace, policymakers, regulators, and industry must recognize that the fragility of consumers’ trust in the safety and reliability of mobile payments remains a barrier to greater adoption and financial inclusion. Although most Americans enjoy fairly consistent and strong protections against fraud and theft when transacting via mobile as well as traditional payment methods, key regulatory gaps persist, and new technologies could slip through those cracks and expose consumers to increased risk.
Faster payments and regulatory sandboxes have the potential to support positive change in financial services and provide consumers with new and better options. But without thoughtful oversight, these strategies could also undermine the regulatory cohesion that has been achieved in recent years and widen the remaining gaps in financial protections, introducing more risk, eroding trust, causing consumers to revert to the familiar payment methods that they deem most protected, and ultimately harming the very innovations they were intended to foster.
Appendix A: Mobile payments demographics
Smartphone Ownership and Mobile Payments Use by Demographic
||Percent of consumers who own a smartphone
||Percent of consumers who use mobile payments
||Percent of smartphone owners who use mobile payments
|All payment users
|Widowed, separated, or divorced
|Retired, disabled, other
|Income less than $35,000
|$35,000 to $59,999
|$60,000 to $99,999
|African American (non-Hispanic)
|Millennials and younger (born 1981-2000)
|Generation X (born 1965-80)
|Baby Boomers or older (born before 1965)
|Less than high school
|Bachelor’s degree or higher
* Statistically signficant difference at the 95% confidence interval
Notes: “This is a survey to learn more about which forms of payments people use, whether or not they’ve encountered
payment fraud or errors, and if so, how they’ve disputed those transactions. Do you have a cellphone?” “and “Is your cellphone
a smartphone, meaning that it has internet access?” and “Do you currently have a checking or savings account?” and “Have
you used any of the following payment types to make purchases in the past month?” and “Have you used any of these
payment types to make purchases within the past 12 months?” “Earlier you indicated that you have a smartphone, so the
next few questions will refer to the use of ‘mobile payments apps.’ These allow consumers to pay for things, and/or send and
receive money, by using a smartphone. These payments may or may not be tied to your bank account. Examples include Uber,
Venmo, Apple Pay, or Starbucks, but does not include using the bank’s mobile app itself. Below is a list of some things that
people might do with smartphones. Select ‘yes’ for each item where you have used your smartphone in the past 12 months.
Have you made an online or in-app purchase on your smartphone in the past 12 months? Have you paid bills through a mobile
web browser or app (not your bank’s mobile app) on your smartphone in the past 12 months? Have you paid for a product or
service (in person) on your smartphone in the past 12 months? Have you sent money to another person through an app (not
your bank’s mobile app) on your smartphone in the past 12 months? Have you received money from another person through
an app (not your bank’s mobile app) on your smartphone in the past 12 months? Have you paid for parking or transportation
such as a car, bus, train, or flight on your smartphone in the past 12 months? Have you paid for lodging or housing on your
smartphone in the past 12 months?” and “Some mobile payment apps pull money from your bank, prepaid, or credit card or
account at the time of the transaction while others allow you to store money directly on the app itself. Thinking about that
payment app you use most often, where does the money typically come from EACH TIME you make a payment?”
Source: Pew’s mobile payment survey, 2018
© 2020 The Pew Charitable Trusts
Appendix B: Consumer protections across payment types
For a given mobile transaction, the underlying payment method—credit card, debit card, etc.—dictates which regulatory regime governs and therefore what protections the consumer has against loss of funds. Federal Regulation E covers debit cards, and with the addition of the Prepaid Rule, most prepaid accounts, including mobile wallets and apps that allow P2P transfers. The rule closed a gap in Regulation E that emerged with the advent of GPR prepaid cards and mobile apps in which customers using these accounts were liable for losses from theft or fraud unless the payment company chose to assume the risk, a policy that was common among GPR prepaid card firms but less so for mobile stored value providers. Another federal regime, Regulation Z, covers credit cards and other loans and lines of credit, whether initiated at a point of sale, on a mobile device, or online.
Both regulations protect consumers in the event of unauthorized transactions or electronic funds transfer errors, such as when a thief uses a stolen card or a transaction is billed twice. However, only Regulation Z also protects consumers from merchant disputes by providing them with an avenue to seek redress if a purchased item is not received or they are defrauded. This means that consumers using debit or GPR prepaid cards, mobile wallets, or P2P accounts, which fall under Regulation E, have little recourse after they authorize a transaction. (See Table B.1.)
Financial Regulatory Protections at Near-Parity Across Most
Electronic Payment Types
Regulations that protect consumers from loss of funds
|Limits consumer liability against…
||Regulation E (debit and GPR prepaid
cards, mobile wallets, P2P app accounts)
||Regulation Z (credit
cards and most
|Merchant disputes (electronic funds
|Merchant disputes (goods and services)
Sources: “83 Fed. Reg. 6364, Rules Concerning Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and
the Truth in Lending Act (Regulation Z)” (2019), https://www.federalregister.gov/documents/2018/02/13/2018-01305/
rules-concerning-prepaid-accounts-under-the-electronic-fund-transfer-act-regulation-e-and-the-truth; Board of Governors
of the Federal Reserve System, “Regulation E: Electronic Fund Transfers: 12 CFR 205” (2017), https://www.federalreserve.
gov/supervisionreg/regecg.htm; Consumer Financial Protection Bureau, “Prepaid Accounts Under the Electronic Fund
Transfer Act (Regulation E) and the Truth in Lending Act (Regulation Z)” (2019), https://www.consumerfinance.gov/policycompliance/rulemaking/final-rules/prepaid-accounts-under-electronic-fund-transfer-act-regulation-e-and-truth-lending-actregulation-z/
© 2020 The Pew Charitable Trusts