The Federal Trade Commission recently issued its report on privacy and data security issues pertaining Mobile Payments. The Report underscores key consumer and privacy issues resulting from the increasingly widespread use of mobile payments. Three areas of concern were highlighted by the FTC with the mobile payments system: (1) dispute resolution, (2) data security and (3) privacy. The main points raised by the FTC are discussed immediately below.
With respect to dispute resolution, the Report recommends that companies develop clear policies on how consumers can resolve disputes arising from unauthorized or fraudulent transactions. The FTC notes that mobile payments have different funding sources conferring different levels of protection. For example, mobile credit and debit card transactions are protected by federal statute; mobile gift card transactions or payments charged directly to a mobile phone bill, however, do not enjoy federal statutory protections. The FTC recommends that companies develop and communicate clear policies regarding fraudulent and unauthorized charges. Furthermore, the Report expresses concern with “cramming,” or third parties placing fraudulent charges on consumers’ mobile carrier bills. This practice threatens to undermine consumer confidence in mobile carrier billing. The FTC recommends that companies (1) give consumers the ability to block charges, (2) inform consumers that charges may be placed and explain how to block them and (3) develop clear and consistent procedures for disputing suspicious charges.
With respect to privacy concerns as they related to mobile payment systems, the Report highlights that mobile payments implicate many privacy concerns because of the amount of data collected and the number of players involved. For instance, a mobile payment could involve operating system manufacturers, mobile phone carriers, application developers, and coupon and loyalty program administrators, in addition to banks and merchants.The Report recommends that companies adopt the Ontario Privacy Commissioner’s concept of “privacy by design” by implementing privacy at every stage of product development. The FTC notes that privacy by design is particularly important in the mobile payments context because mobile phones have the ability to store and transmit geolocation information and facilitate data collection.
Finally, with respect to data security and mobile payment systems, the Report recognizes consumers’ financial information may be vulnerable when mobile payments are made. In response, the FTC notes that technological solutions should provide increased protection. In particular, the report describes technologies that can encrypt the entire payment chain or generate unique payment information for each transaction. The FTC recommends that mobile payment providers adopt these technologies to enhance data security.
