Digital Transactions Authoritative, insightful and timely information for payments professionals
The Federal Trade Commission is becoming concerned that consumers who use the many emerging mobile-payments services won’t always be protected from fraud and privacy violations. In a staff report released this week entitled “Paper, Plastic or Mobile? An FTC Workshop on Mobile Payments,” the FTC lists a series of recommendations to technology providers that deal with data security and consumer protection in mobile payments. The recommendations are based on information provided during an FTC-sponsored workshop last year.
The report focuses on three main issues: resolving disputes that arise from a fraudulent or unauthorized charge, securing data throughout the payment process, and protecting consumer privacy.
Of the three, the FTC seems most heavily focused on concerns about fraudulent payments, especially a practice called “cramming.” Cramming occurs when third parties place unauthorized charges onto consumers’ mobile-phone bills.
To counter such fraud, the report recommends that mobile telecommunications carriers give consumers the ability to block all third-party charges on their accounts, including ones that could be used by minors. Additionally, the report says consumers should be informed that such charges could be placed on their accounts and that a “clear and consistent” process be established for them to dispute suspicious charges.
Patricia Poss, chief of the mobile technology unit in the Financial Practices Division of the FTC’s Bureau of Consumer Protection, says the FTC plans to look at more closely at cramming. “We’ve gotten a lot of input in other areas, but this is one area where we felt a need to explore further,” she tells Digital Transactions News. The FTC will sponsor a roundtable dealing with mobile cramming May 8.
In another matter related to resolving transaction disputes, the FTC report points out that while mobile payments secured by bank-issued credit and debit cards have consumer liability caps, other funding mechanisms often do not offer the same protections. Those mechanisms include pre-funded accounts or prepaid cards. Only three of seven companies that allow funding from stored-value cards limit customer liability on unauthorized charges, according to the report.
The FTC wants carriers to develop “clear policies” on such protections and convey them to consumers. The report also notes that policymakers need to “consider the benefits of providing consistent protections” across payment products.
In looking at data protection, the reports says most mobile-payment technologies provide end-to-end data encryption, but it recommends greater use of dynamic data authentication, where a unique set of payment information is generated for each transaction.
Regarding privacy, the FTC report raises concerns that new partners in payments programs beyond banks, merchants and processors could have access to consumer financial data. The FTC recommends companies adopt privacy practices while allowing customers to be able to restrict disclosure of information, and that the provider disclose clearly to consumers how payment data are used.
Poss says all the suggestions in the report are “recommendations or takeaways” and not official guidelines or regulations. As to whether regulations would be implemented should the industry fail to heed the recommendations, Poss only says: “We’re not there yet. We’re still analyzing the potential for problems with mobile payments and the issues associated with these programs.”
Since mobile payments are still in their infancy, the FTC has not seen much evidence yet of actual problems associated with the issues it raises in the report, but it is looking at the potential for problems as programs pick up steam, she says.
