FTC Releases Report on Mobile Payments; Guidance on Addressing Issues in Mobile Carrier Billing, Privacy and Data Security
Earlier this month, the FTC released a Report highlighting some of the key issues in the mobile payments space, with particular focus on mobile carrier billing, privacy and data security, and international payments. The Report is based on various workshops held by the FTC on mobile technologies, and provides summary guidance on what issues companies should consider when offering mobile payment services.
Recognizing that mobile payment systems engage many entities, including hardware manufacturers, operating system developers, application developers, data brokers, coupon and loyalty program administrators, payment card networks, advertising companies, and retailers and other merchants, the FTC was quick to reiterate that it has jurisdiction over all these entities. Moreover, the FTC emphasized that its jurisdiction also extends to telecommunication carriers with respect to offering payment services, including mobile carrier billing.
Some of the highlights from the Report include:
Legal Landscape
The Report notes that most consumers are not aware that various payment methods – credit cards, debit cards, prepaid, mobile carrier billing – offer varying degrees of consumer protections, which can make it difficult to resolve disputes. In many cases, a consumer’s recourse can only be found in restrictive contractual terms and conditions between the user and the service provider. The Report notes that the CFPB has proposed to extend Regulation E to general purpose reloadable cards to address the growing use of GPRs in mobile commerce (see our analysis of the proposed rules here).
Mobile Carrier Billing
Given the close integration of mobile payment systems and mobile networks, it is not surprising that mobile carrier billing has increasingly become a popular alternative payment method for mobile commerce. However, mobile carrier billing raises its own unique set of issues, in particular, potential “cramming” concerns (i.e., the placing of third-party charges on mobile bills, as we explained in detail here). As the FTC noted in its comment in the FCC’s Truth-In-Billing proceeding, consumers should be able to block all third-party charges, carriers should clearly and prominently disclose the potential for third-party charges, and carriers should establish clear and consistent processes to dispute charges. The FTC also urged carriers to impose consumer protection obligations on aggregators and other third parties in service contracts, and conduct meaningful vetting for legitimate merchants that may place charges on a customer’s mobile carrier bill.
Privacy and Data Security
Given the large number of participants in a mobile payment system, the FTC is concerned with data sharing and consumer privacy. The Report recommends that mobile payment providers increase data security as sensitive financial information moves through the payment channel, encourages adoption of strong security measures by all companies in the mobile payments chain (including the mobile device manufacturer – think HTC’s settlement with FTC for security flaws in HTC’s mobile devices), and adopt three basic privacy practices – privacy by design, simplified privacy choices for businesses and consumers, and increased transparency (as detailed in the FTC’s privacy report released in 2012, which we analyzed in detail in here).
The Report is also a good resource for finding other FTC reports, workshops and transcripts on mobile commerce issues. Some of the reports and workshops cited in the Report include:
- 2002 staff report on emerging mobile technologies;
- 2006 report on early mobile technology issues;
- 2008 workshop on contactless payment systems (video and transcript available);
- 2012 workshop on mobile advertising and privacy (video and transcript available).
- 2012 report on privacy framework governing mobile ecosystem
- 2012 reports on mobile apps for kids and related privacy issues
- 2012 guide on marketing mobile apps (which should be read in conjunction with the FTC’s 2000 Dot Com Disclosure guide for online notice and disclosure standards, which the FTC recently revisited at a 2012 workshop on mobile disclosures, as well as the FTC’s recent press release warning six mobile app developers on potential FCRA violations).
- 2013 report on improving mobile privacy disclosures
The FTC has a comprehensive collection of other FTC mobile technology matters, available here.