Privacy & Information Security Law Blog

On March 8, 2013, the Federal Trade Commission issued a staff report entitled Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments (the “Report”). The Report is based on a workshop held by the FTC in April 2012 and highlights key consumer and privacy issues resulting from the increasingly widespread use of mobile payments.

Although the FTC recognizes the benefits of mobile payments, such as ease and convenience for consumers and potentially lower transaction costs for merchants, the Report notes three areas of concern with the mobile payments system: (1) dispute resolution, (2) data security and (3) privacy.

Dispute Resolution

The Report recommends that companies develop clear policies on how consumers can resolve disputes arising from unauthorized or fraudulent transactions. The FTC notes that mobile payments have different funding sources conferring different levels of protection. For example, mobile credit and debit card transactions are protected by federal statute; mobile gift card transactions or payments charged directly to a mobile phone bill, however, do not enjoy federal statutory protections. The FTC recommends that companies develop and communicate clear policies regarding fraudulent and unauthorized charges. Furthermore, the Report expresses concern with “cramming,” or third parties placing fraudulent charges on consumers’ mobile carrier bills. This practice threatens to undermine consumer confidence in mobile carrier billing. The FTC recommends that companies (1) give consumers the ability to block charges, (2) inform consumers that charges may be placed and explain how to block them and (3) develop clear and consistent procedures for disputing suspicious charges.

Data Security

The Report recognizes consumers’ concern that their sensitive financial information may be vulnerable when mobile payments are made. In response to this concern, the FTC notes that technological advances provide increased protection. The Report describes technologies that can encrypt the entire payment chain or generate unique payment information for each transaction. The FTC recommends that mobile payment providers adopt these technologies to enhance data security.

Privacy

The Report notes that mobile payments implicate many privacy concerns because of the amount of data collected and the number of companies involved. For example, a mobile payment could involve operating system manufacturers, mobile phone carriers, application developers, and coupon and loyalty program administrators, in addition to banks and merchants. Referring back to the FTC’s March 2012 report Protecting Consumer Privacy in an Era of Rapid Change, the Report recommends that companies adopt “privacy by design” by considering and implementing privacy at every stage of product development. The FTC notes that privacy by design is particularly important in the mobile payments context because mobile phones have the ability to store and transmit geolocation information and facilitate data collection.

The Report is a further example of the FTC’s focus on mobile technology issues. In February 2013, the FTC made recommendations for participants in the mobile ecosystem in Mobile Privacy Disclosures: Building Trust Through Transparency. In December 2012, the FTC expressed concern with mobile applications’ privacy disclosures in Mobile Apps for Kids: Disclosures Still Not Making the Grade.