inbrief

The fast growing world of mobile payments - are you on the money?

Inside What are the latest initiatives? What commercial models are being adopted? What are the key legal and regulatory hurdles? Comment Inbrief

Introduction The mobile payments market is undergoing rapid These normally include the following parties: Your smartphone can already act and exciting growth that will continue to affect all • banks issuing credit cards/debit cards and as your portable office. Now it our lives, both as businesses or consumers. Some card associations; can replace your wallet too! The recent examples of UK mobile payment initiatives world of mobile payments is a fast include: • mobile operators; emerging market that is expected to • The launch of the Visa/Samsung “payWave” • retailers; contactless payment app which was used grow rapidly over the next few years, • device suppliers (including smartphone, at the London 2012 Olympics. This allows with some analysts estimating that point of sale device manufacturers and SIM consumers to make purchases with their the global value of transactions over suppliers); and Samsung mobile phones and have those mobile devices will exceed $600 billion purchases charged directly to their Visa • service integrators who can help deliver by 2016. accounts; mobile payment solutions.

’s imminent “Zapp” payment These are some of the models that can be solution that can be used by consumers adopted: through their application. This solution will not only allow consumers Bank Model to purchase items via their mobile phone This model has been adopted by banks issuing (using the banks’ “faster payments” credit cards/debit cards (and card associations) solution) but also displays the consumer’s who wish to build on their existing networks account balance to the consumer at the and deploy mobile payment solutions via bank checkout; partners. For example, Barclays’ successful “Pingit” solution allows consumers to make • The forthcoming launch of “Weve” by payments directly from their mobile phones. EE, O2 and Vodafone, which will offer NatWest and RBS have also developed the mobile both mobile wallet and mobile marketing solution “Get Cash” to allow customers to use solutions. The mobile wallet solution will their mobile phone to withdraw (emergency) enable consumers to transfer their card- money from an ATM. based data onto a mobile wallet; and

• The launch of Mastercard’s “MasterPass” Collaboration Model and Visa’s “V.me” both of which offer This model has been adopted by banks, card consumers the opportunity to register issuers and other credit associations who wish payment cards to a ‘’. Once a to collaborate with mobile operators and other consumer has downloaded the respective service providers to provide mobile payment app and their card numbers have been solutions to consumers. For example, “Google registered, the consumer is able to pay for Wallet”, a digital wallet solution built on NFC items simply by selecting the card to be technology (currently only available in the US), is a used and entering their e-mail address and collaboration between a bank (Citi), a card issuer password. (MasterCard), a mobile operator (Sprint) and a In this inbrief we look at some of the commercial payment processor (First Data). models being used by participants in the mobile The model has also been adopted by PayPal and payment market and the associated legal and Cardlesspay who have teamed up to develop regulatory hurdles that must be considered early “mWallet” in the US, which relies on QR codes to in a project lifecycle to ensure adoption of a enable consumers to make payments to certain successful strategy. merchants, by scanning the QR code. “mWallet” stores credit card and bank account details, as well as PayPal account information. Which model is best for you? The mobile payments market often combines a number of participants. inbrief

Closed Loop Model E-money is defined under the EMRs as monetary activities which carried out as a regular occupation This model has typically been adopted by retailers value represented by a claim on the issuer that is: or business activity: and stand alone merchants who wish to create • electronically stored; • the execution of payment transactions independent, closed-loop payment applications. where the payer’s consent (to execute • issued on receipt of funds; A good example of this in the UK is Starbucks, the transaction) is given via any which uses a smartphone app to generate a • used for the purpose of making payment telecommunication, digital or IT device and barcode to reload balances, pay for purchases, transactions; and the payment is made to the telco, IT system track spend and award loyalty points. Other or network operator acting only as an • accepted as payment by someone other than retailers such as Pizza Hut, McDonald’s and KFC intermediary between the payment service an issuer. have also launched similar apps in the UK. user and the supplier of goods/services; A person who issues monetary value which can • the operation of payment accounts; Mobile Operator Model only be accepted by that person is likely to fall This model has been adopted by mobile operators outside the scope of the EMRs. Such persons • the execution of payment transactions who wish to act independently, or in collaboration would include retailers who have store loyalty through a payment card or similar device; with other mobile operators, to deploy mobile programmes. • cash deposits on and withdrawal from a payment applications and value added services. The EMRs also set out a number of exemptions. payment account; and For example, EE, O2 and Vodafone’s “Weve” Two key ones are the “limited network” solution or Safaricom’s “M-PESA” which allows • card issuer, merchant acquiring and money exemption and the “download” exemption. users to carry out basic banking transactions via remittance. The “limited network” exemption applies where their mobile phone. The M-PESA solution has the value is used for purchases on premises of The PSRs, the FCA Approach Document and the been widely adopted in Kenya and other African the e-money issuer within a “limited network” FCA Perimeter Guidance Manual Chapter 15 countries, as well as Afghanistan and India, where of service providers or for a “limited range” of (Guidance on the scope of the PSRs) provide the a significant number of the population does not items. The “download exemption” provides an legal framework for the operation of a single have a local bank. exemption for telco, digital or IT providers who market in payment services in the UK and among allow goods and services to be paid for with what other things set out an authorisation/regulation would otherwise be e-money, delivered and/or regime governing the activities of “Payment What are the legal and regulatory used through their respective telecommunication, Services” providers. Non-compliance with the hurdles in the UK? digital or IT device but who provide services that PSRs can result in criminal sanctions (as with the Currently, there is no specific set of regulations add value beyond the e-money payment services. EMRs). that governs mobile payments in the UK. Instead, This means, for example, that if a telco, digital or Similar to the EMRs, credit institutions, credit there are various laws and regulations which IT provider accepted funds for an item purchased unions and municipal banks are exempt from market players need to take into account when via the device and then transferred those funds to the PSRs. Other exemptions also apply. Notably, planning their commercial offering. the supplier, the transaction may be caught by the the PSRs also contain “limited purpose” and EMRs. However, if the provider provides a value “download” exemptions similar to those under Electronic Money Regulations added service, such as allowing the consumer the EMRs. There is also a “technical service The Electronic Money Regulations 2011 (EMRs), to enjoy the product on their device, it is likely provider” exemption, which applies to service the Financial Conduct Authority (“FCA”) that the transaction would not be considered an providers who support the provision of a payment Approach Document and the FCA Perimeter e-money transaction for the purpose of the EMRs. service without acquiring possession of funds, Guidance Manual Chapter 3A (Guidance on For example, if a consumer purchases a cinema which may include service providers who store and the scope of the EMRs) set out a relatively strict ticket using pre-paid credit on a phone and the process data, provide security services or provide authorisation/regulation regime that applies to ticket is then uploaded to the phone, the purchase the communication network. issuers of e-money in the UK. Non-compliance is likely to fall outside the scope of the EMRs as with the EMRs can result in criminal sanctions. the ticket can only be accessed via the phone. Consumer Protection Credit institutions, credit unions and municipal Businesses involved in mobile payments may Payment Services Regulations banks are exempt from the authorisation and also need to consider compliance with consumer registration provisions under the EMRs as they are Although issuing e-money is not a payment legislation, including the: already subject to authorisation and compliance service itself, a payment service may be required • Consumer Credit Act 1974; obligations under other financial services laws. for the issue of e-money. Payment services are However, they are still subject to various conduct broadly defined under the Payment Services 2009 • Unfair Term in Consumer Contracts of business requirements in the EMRs. Regulations (PSRs) and include the following Regulations 1999; inbrief

• E-Commerce Regulations 2002; Anti Money Laundering Businesses who are considering a collaborative venture should be prepared to deal with the • Financial Services (Distance Marketing) Mobile payment providers also need to consider contractual and commercial issues that will need Regulations 2004; whether they need to comply, and how they will comply, with the Money Laundering Regulations to be agreed. These include: • Consumer Protection from Unfair Trading 2007. Mobile payment providers will need to ensure • identifying the contractual framework; Regulations 2008; and that their offerings are not at risk of being used to • branding and ownership of the customer • Consumer Rights Bill (likely to come into facilitate money laundering or terrorist financing. facing relationship; force in 2014). • use of data generated in connection with Data Protection Comment provision of the mobile payment solution;

Privacy issues will be key, as will “ownership” of The mobile payment market is rapidly evolving • understanding the ownership and use customers and customer data. and has enormous potential. At present, there is of intellectual property rights involved in no common industry standard or leading solution Many existing solutions allow data to be shared creation and provision of the solution; and so it will be very interesting to see which among participants involved in providing the offerings consumers prefer to adopt. The direction • apportionment of risk and liability; solution – whether that is necessary and the of expansion will undoubtedly be impacted by the purposes for which that data can be used needs • operation of payment flows and indentifying regulatory landscape within which these solutions careful consideration. One single device may who bears insolvency/bad debt risks; and must be offered. know a consumer’s geographic history, social • exit principles, including use of customer media connections and financial behaviours. This The legal and regulatory framework and lists, other data, and intellectual property means that consumers may inevitably be more requirements are not straightforward, and so it is assets (such as software). open to identity theft and invasive data collection. absolutely vital for businesses to consider these It seems likely that as the popularity of mobile aspects early in the project lifecycle to ensure that payments grows, companies’ privacy practices are the most appropriate model is adopted, especially For further information likely to face increasing scrutiny from the ICO and as some of the relevant laws (such as the Payment on this subject please contact: other regulators. Services Directive) are under review and are likely to change. Businesses involved in mobile payments will James Gill therefore need to consider their obligations Some businesses may be able to structure their Partner under privacy legislation, including the Data mobile payment solutions so as to avoid the onerous T + 44 (0) 20 7074 8217 Protection Act 1998 and the Privacy and Electronic requirements of the EMRs and PSRs. The scope of [email protected] Communications Regulations 2003. the exemptions (especially those in the PSRs) are likely to be revised due to the fact that they have Owen Watkins Competition and anti-trust laws typically been construed too widely in the past, Barrister Participants who form collaborations should also which may present a risk for those businesses that T + 44 (0) 20 7074 8222 have regard to the competition law and anti- do not factor this risk into account. [email protected] trust implications of their proposed model and Other businesses, such as mobile operators, Bryony Long offering. For example, the EE, O2 and Vodafone may seek to avoid the financial implications of Senior Associate joint venture sought advance approval from the the regulations by partnering up with financial T + 44 (0) 20 7074 8435 European Commission under the EU Merger institutions. This approach can be a cost efficient [email protected] Regulation in respect of their “Weve” mobile way into the market and also help to generate payment solution. additional consumer confidence in the mobile payment offering.

This publication provides general guidance only: expert advice should be sought in relation to particular circumstances. Please let us know by 5 Chancery Lane – Clifford’s Inn email ([email protected]) if you would prefer London EC4A 1BL not to receive this type of information or wish DX 182 Chancery Lane to alter the contact details we hold for you. T +44 (0)20 7074 8000 | F +44 (0)20 7864 1200 www.lewissilkin.com © October 2013 Lewis Silkin LLP