Regulatory Uncertainty Casts Doubts On Legal Status of Mobile Payment Services

The Telecommunications Law Resource Center is the most comprehensive reference and news platform for communications law, covering broadcasting, cable, broadband, telephony and wireless;...

By Paul Barbagallo

The emergence of new technology that enables consumers to pay for things with their smartphones has exposed shortcomings in the laws governing financial transactions.

As it stands now, no one law or government authority oversees the burgeoning field of mobile commerce. At the same time, regulators have yet to explain what, how, and to whom existing laws may apply.

The federal Gramm-Leach-Bliley Act of 1999, for instance, governs the use of personal information maintained by financial institutions. The Fair Credit Reporting Act of 1970, along with its 2003 amended version, the Fair and Accurate Credit Transactions Act, establishes rules for access to, and dissemination of, consumer reports. Regulation E, first issued by the Federal Reserve Board in 1979 under the authority of the Electronic Funds Transfer Act, provides protection for electronic fund transfers to and from a consumer's bank account.

One thorny issue is whether the laws and rules that apply to banks, credit card issuers, and payment networks should apply to mobile phone carriers and tech companies. Section 5 of the Federal Trade Commission Act prohibits “unfair or deceptive acts or practices in or affecting commerce,” including banking. The Truth in Lending Act and Regulation Z, also promulgated by the Fed, govern credit card transactions, while the Uniform Commercial Code's Article 4A regulates business-to-business wire transfers and automated clearinghouse payments.

As for the regulator, any number or combination of federal agencies could theoretically assert jurisdiction over mobile payments, including the Federal Deposit Insurance Corporation, the Federal Reserve Board, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Financial Crisis Inquiry Commission, the Federal Communications Commission, Federal Trade Commission, the Treasury's Federal Crimes Enforcement Network, and the Consumer Financial Protection Bureau created in July 2010 as part of the Dodd-Frank financial reform legislation.

State Laws Also Have Bearing.

Further complicating matters are a jumble of state laws that apply to non-depository money services providers, such as “money transmitters,” check cashers, and currency dealers.

“What we're seeing now is something similar to what we saw years ago with the introduction of internet payments, where everyone was very unsettled about how to apply the laws governing traditional financial products and services,” said Jessica Sklute, a special counsel at Schulte Roth & Zabel LLP in New York, who advises clients on banking regulation, payment systems, and financial services law.

At that point in time, the industry worked closely with state and federal regulators to navigate the complexities of existing laws and regulations in an effort to, as Sklute said, “fit a square peg in a round hole.”

Erring on the side of caution, companies used “common sense,” and frequently applied the existing laws and regulations governing financial transactions to online transactions, she said.

To some degree, the industry is now taking the same precautions.

But one of the thorniest issues that has emerged is whether the laws and rules that apply to banks, credit card issuers, and payment networks should also apply to mobile phone carriers and technology companies, which are all vying to dominate the nascent but growing market, according to lawyers surveyed recently by BNA.

Mobile Phone Just Another ‘Access Device.’

Most lawyers and legal observers believe that mobile phones could be, and should be, considered “access devices” under Regulation E of the Electronic Funds Transfer Act. The question regulators must answer is whether an iPhone or Blackberry is in actuality serving as a means for consumers to “access” a personal bank account to transfer funds electronically. If so, the smartphone would become just another access device, and the protections under Regulation E would apply.

Under the law, an access device is any “card, code, or other means of access to a consumer's account” to initiate electronic funds transfers, which include ATM transfers, debit card transactions, direct deposits and withdrawals, telephone-initiated transfers and online bill payments.

“Using a mobile phone to conduct point-of-sale transactions does not automatically mean that consumers are no longer protected by federal consumer protection laws,” said Roberta Torian, an attorney with Reed Smith in Philadelphia specializing in bank regulatory and consumer compliance. “The way the regulation is written, electronic funds transfer already includes transfers made using a telephone.”

But as of now, Regulation E applies only to banks, savings associations, credit unions, or “any other person that directly or indirectly holds an account belonging to a consumer, or that issues an access device and agrees with a consumer to provide electronic funds transfers, or EFTs, services.”

The rules require financial institutions to make certain disclosures about the terms and conditions of EFTs and, according to experts, will likely apply even when consumers wave their smartphones at retail terminals. To whom the regulation will apply, however, is still uncertain.

Should Regulation E Apply to Wireless Carriers?

Timothy McTaggart, a partner in the Washington office of Pepper Hamilton LLP, said the issue presents an interesting question to federal regulators.

The Fed has yet to make clear whether wireless carriers are subject to Regulation E as EFT “service providers.” If so, Verizon Wireless or AT&T Inc., for example, would be required to make most of the same disclosures currently required of financial institutions under Regulation E.

The rules, as promulgated, define EFT service providers as institutions that issue an access device to, and provide EFT services for, consumers, but that do not hold consumers' bank accounts.

For the Fed to extend Regulation E to wireless carriers, regulators would have to first define mobile phones as access devices and then view the “data” transmitted over their networks as “EFT services,” McTaggart said.

“In mobile commerce, there has been this interesting convergence of the telecom and the banking financial services sectors; they are each in their own separate spheres of regulatory processes and enforcement,” noted McTaggart, who focuses his practice on bank and financial services regulatory matters. “Those are not really harmonized. The question becomes: What conduct should be reviewed and evaluated and who does it?”

Even existing mobile payment services providers, like PayPal, have fallen into a Regulation E gray area. And the Fed has never clarified whether such providers are subject to Regulation E.

In the absence of guidance, however, PayPal has operated under the assumption that its service is, and will be, subject to Regulation E.

According to PayPal's User Agreement, the company provides “advance disclosure” of changes to its service, follows “specified error resolution” procedures, and reimburses consumers for losses above $50 from “transactions not authorized by the consumer.”

Mobile Carriers as Creditors?

Although Regulation E may apply to transactions where the consumer swipes his smartphone on a retail terminal and the charge is immediately deducted from a “linked” checking account, other mobile transactions are more difficult to place within the current regulatory framework.

For example, when a consumer pays for a cashmere sweater with her mobile phone, which is linked to a credit card account, or any line of credit, several questions arise: Who resolves billing errors? Which entity should make the requisite Regulation Z disclosures? Who assumes the risk of unauthorized transactions?

Even more problematic for regulators are services that allow consumers to make purchases online by entering their mobile phone number.

A start-up called Boku offers such a service. The way it works is that the company sends a text message to the buyer asking for transaction authorization with a texted response. The charge then appears on the next mobile phone bill. Boku takes a percentage and the wireless carriers, with whom consumers have an established relationship, take a percentage.

Two other companies, Zong and PaymentOne, offer similar services.

In August, PaymentOne announced that it had officially processed $5 billion in “micropayment” transactions. The company and European mobile network operator Telefónica also recently entered into a deal that will allow Telefónica's Germany subscribers to charge products and services up to 30 euros (about $41) directly to their mobile phone bill.

Battle to Create ‘Sticky Customers.'

Brad Singer, executive vice president of PaymentOne, told BNA that while the service has been popular with consumers, most purchases have been nominal, for anything from movie tickets to digital music downloads to highway tolls.

“The wireless carriers' business has become very competitive,” Singer noted in a recent interview with BNA. “So the ability to keep a customer, if you're an AT&T or Verizon, and prevent customers from switching to another provider is critical. The retention value of allowing subscribers to pay for music or movies or a New York Times subscription creates a ‘sticky customer.’ The value-add creates that stickiness.”

Some critics have suggested that the wireless carriers and micropayment services providers, by circumventing the payment networks of Visa and MasterCard, are in effect extending credit and should be subject to the Truth in Lending Act and Regulation Z.

In absence of a clarification from the Fed, such services offered by Boku, Zong, and PaymentOne, among others, will continue to raise questions about whether consumers will be protected, according to Michele Jun, senior attorney for Consumers Union.

No Credit Card-Like Protections in Service Contracts.

“With a credit card, as a consumer, you have the ability to make disputes and withhold payment,” Jun said. “But with charges that appear on your wireless bill, you don't. You're stuck with the terms and conditions outlined by wireless carrier in the [service] contract.”

“If a charge was for the wrong amount or if your phone is stolen and there is fraud, you only have the protections in the contract,” she added. “There are no statutory protections. It would be up to the micropayments services provider or wireless carrier to conduct an investigation.”

Jun said that she expects purchases to extend further into the “real world,” beyond just $1 or $2 games, graphics, or ring tones, which cost consumers.

When that happens, the Consumer Financial Protection Bureau and the Federal Trade Commission may pay closer attention.

“Crisis is what brings about the most significant changes most rapidly,” said Carol Van Cleef, an attorney at Patton Boggs representing financial services companies in federal and state regulatory, compliance, and enforcement matters. “Absent some sort of major event dealing with mobile payments, the laws will continue to evolve in fits and starts over the next three to five years.”

FCC May Have Role to Play.

Until then, state regulators and Federal Communications Commission may have a role to play. The FCC's Truth in Billing rules require telecommunications companies to separate local charges from long-distance charges on monthly billing statements; under a pending rulemaking, the same requirements would apply for non-“common carrier” services. These might include games, graphics, or ring tones, and even big-screen TVs and clothing, if more consumers decide to pile up purchases on their cellphone bills.

But much like with Regulation E, the Fed has not stated whether Regulation Z applies to mobile payments or to mobile phone carriers and high-tech companies.

As written, Regulation Z applies to “each individual or business that offers or extends credit” and will likely continue to apply to any mobile transactions in which a personal credit card is linked to a mobile phone. After all, a creditor is still issuing credit.

To some critics, by allowing consumers to charge purchases to their cellphone bills, wireless carriers are engaging in unlicensed “money transmission.”

Forty-eight states currently have statutes governing money transmission. At the federal level, “money services businesses,” those businesses offering “check cashing, money orders, travelers checks, money transfers, currency dealing or exchange, and pre-paid access products” are subject to the Bank Secrecy Act.

The first question regulators must ask then is whether a wireless carrier is “transmitting” money.

‘Money Service’ v. ‘Communications Service.’

“Providing money service is not communications,” Benjamin Geva, a law professor at Osgoode Hall Law School at York University in Toronto, told BNA. “The [mobile phone] carrier is facilitating the communication for the provision of the money service, but the money service itself is not communications. It's a completely separate thing.”

Geva said the advent of “mobile wallets” will necessitate regulations that account for the various roles of all the participants—the mobile phone carriers, credit card issuers, payment networks, and technology companies—and “allocate losses.”

Earlier this month, Canadian mobile network operator Rogers filed to become a bank under Canada's federal Bank Act, which will allow the company to offer more mobile payment services to customers.

Now, as an unambiguous “bank,” Rogers can freely to launch its own mobile wallet with financial services partners, Visa and TD Bank.

In the United States, Verizon, AT&T, and T-Mobile USA have partnered to form an initiative known as Isis, to offer customers the ability to digitize—and mobilize—their wallets.

The companies' original plan was to allow consumers to make purchases just with their phones, without any linked checking account or credit card, much like a Boku or Zong.

‘Mobile Wallets' Are Coming.

But according to sources familiar with the carriers' thinking, the group decided instead to push the mobile wallet concept, in which customers' debit and credit card information would be encrypted in their phones.

“The wireless carriers will do anything they possibly could to derive more revenue from their networks, right up to the point of being regulated, but they can't figure out where that line is now,” one source told BNA.

In the United States, however, the current laws are designed prevent a Verizon or AT&T from doing what Rogers did in Canada.

The Bank Holding Company Act, enacted in the 1950s, prohibits the mingling of banking and commerce and generally limits non-banking institutions from controlling banks.

If a company, like Verizon or AT&T, for instance, were to acquire a bank, all of its business activities would have to be banking activities or closely related to banking activities.

EU Template Eyed.

Terrence Maher, a partner at Baird Holm in Omaha, Neb., said one of the looming questions for policymakers is whether to create a regulatory regime at the federal level similar to that of Europe, where wireless carriers can become so-called “E-money” providers.

Telefónica O2 UK is planning to apply for an E-money license with the United Kingdom Financial Services Authority, which would enable the company to issue prepaid, stored-value, applications.

If approved, Telefónica would be able to offer consumers the option to pay merchants by tapping their smartphones at the physical point of sale, or to conduct person-to-person transfers over the mobile network.

Maher explained that E-money services providers are not “full-fledged” banks, but rather are licensed and regulated like banks.

“To be a member of any of the payment networks, you have to be a federally or state-chartered financial institution in the United States,” said Maher. “In Europe, where they have the E-Money directive, providers of E-Money services can also be members of Visa and MasterCard and can participate in issuing E-Money products that operate on Visa and MasterCard networks. In the United States, that's currently not possible. All the payment networks—both credit card networks and debit networks—require that members be financial institutions.”

As of now, there is no scheme in the United States for a non-financial institution, like a Verizon or AT&T, to accept “deposits,” which is essentially what Telefónica proposes to do in launching mobile wallet services.

“What will see is an evolution of regulation to meet these very quickly evolving business models,” Robert Pile, a partner at Sutherland Asbill & Brennan LLP, told BNA. “At the same time, it doesn't seem to be really standing in the way of [companies] bringing these products and services to market, and it's not like things that are being done are so radically different than what has happened in the past. A payment made or a money transfer via cellphone still would trip up a number of regulations that would have existed had it been a different form of transmission of that payment. Now we've put a cellphone in the middle of it.”