What the Future Holds for Regulating Mobile Payments

Marianne Crowe, VP, Payment Strategies, Federal Reserve Bank of Boston John Muller, Vice President, Global Payments Policy at eBay Inc Jackie McCarthy, Director, Wireless Internet Development, CTIA Lauren Saunders, Associate Director, National Consumer Law Center

Moderator: Bill Sullivan, Senior Director & Group Manager, Government & Industry Relations, NACHA - The Electronic Payments Association

© 2014 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. Content from sources other than NACHA is used with permission and requires the separate consent of those sources for use by others. This material is not intended to provide any warranties or legal advice, and is intended for educational purposes only. What the Future Holds for Regulating Mobile Payments

Overview of Mobile Payment Landscape

Marianne Crowe Federal Reserve Bank of Boston July 17, 2014

© 2014 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. Content from sources other than NACHA is used with permission and requires the separate consent of those sources for use by others. This material is not intended to provide any warranties or legal advice, and is intended for educational purposes only. The views expressed in this presentation are those of the presenters and do not necessarily reflect the views of the Federal Reserve Bank of Boston or Federal Reserve System. 3 Agenda

• Overview of Mobile Payments Landscape • Challenges • Mobile Payments Industry Workgroup • Key Takeaways

3 4 Mobile Definitions • Mobile Payment: Mobile device used to make proximity (point of sale/POS) or remote purchases, transit, digital content, P2P money transfer, online goods and services. Funded via credit or debit card, prepaid account, bank account, charge to mobile phone bill. • Near Field Communication (NFC): Standards-based wireless radio communication to exchange data between devices a few centimeters apart (e.g., mobile phone and merchant POS terminal). • Secure element (SE): tamper-resistant, encrypted smart chip in mobile phone to store and manage access to customer account credentials for NFC/contactless payments. • Host Card Emulation (HCE): Software representing smartcard. Eliminates need for secure element. Routes NFC communications through mobile phone’s host processor and stores and transmits payment card credentials via cloud. • Cloud: Remote server where mobile payment credentials are stored. Payments may be initiated from a mobile app, QR code, or NFC/HCE.

4 5 Drivers of U.S. Mobile Payments 5 Landscape

Rapid growth in smartphones and Convergence of mobile apps online, mobile & POS channels Multiple Dynamic, technologies: QR, Incentives – Rapidly NFC, Cloud, HCE, coupons, BLE rewards, loyalty Evolving Mobile Prepaid accounts Increasing role Payments of nonbanks & Landscape Impact of EMV merchants migration

e-Commerce Mobile/digital growth via Wallets mobile

5 Mobile Payment Developments 6

2006-2008 2009-2010 2011 2012 2013-2014

Remote Payments - Mobile Browser QR Codes mPOS Merchant Apps SMS & Internet PayPal Here PayPal Text to Buy NFC Mobile Wallet Text Buy It First Mobile Card NFC + Host Card Acceptance/ Emulation (HCE) mPOS NFC + SE Mobile App Stores Mobile Wallet Cloud Digital Wallet

Apple Beacon BLE Apple Passbook

Android Proliferation of Prepaid Contactless cards mobile Apps NFC iPhone case AmEx Prepaid Account AmEx Bluebird

Mobile Bank Account Other? Direct Carrier Billing Green Dot

6 Consumer Adoption of Mobile Payments 7 Slowly Increasing

Percentage of Mobile Payment Users • Ubiquity of mobile phone is changing how consumers access and pay 17% – 2/3rds of mobile payment users Mobile Payment Users paid a bill online 15% – 17% of smartphone users made POS mobile payment – 39% QR code – 14% NFC tap at terminal 24% Mobile Payment • Unclear value and security Users (Smartphones) concerns limit adoption 24% – 63% do not make mobile payments due to security concerns 2013, n=2341 2012, n=2291 – 61% see no benefit from mobile Source: Federal Reserve Board, “Consumers and Mobile Financial Services,” payments March 2014

7 Nonbanks Strongly Influencing Mobile 8 Payments Ecosystem

• Diverse businesses and industries – MNOs, start-ups and technology solution providers – Merchants and online payment providers • Easy market entry for start-ups • Creating new relationships/partnerships with banks and other businesses • Raising concerns related to security, consumer protection, data privacy, knowledge of payment regulations • Need for enhanced vendor risk management programs

8 9 9

Diversity Creating a Fragmented U.S. Mobile Payments Market

9 10 Much Focus on Wallets Wallet Provider Features • Host Card Emulation (HCE) replaces secure element • NFC to tap & pay at point of sale • Load any credit/debit account • Credentials stored in cloud • Joint venture between AT&T, Verizon and T-Mobile • NFC with secure element in ‘Isis-ready’ SIM card that stores payment credentials • Includes AmEx Serve prepaid account • Mobile phone number & PIN at POS to access PayPal account to pay • Payment credentials stored in cloud • Cloud-based for mobile and online purchases; not POS • Customer can link Visa & other card accounts • Top U.S. merchants; mobile app with QR code to pay at participating retail/grocery stores, restaurants, gas stations

10 Other Mobile Solution Disruptors 11

• Closed-loop prepaid account with reload capability & rewards • 10M+ mobile app users, 5M mobile trans/week • 14% of in-store U.S. transactions from mobile • Small merchant white label mobile network • Link credit/debit to mobile app to get unique QR code • 1M+ users; 5K+ merchants • No interchange. Merchant pays based on incentives, new customer & rewards fees • iTunes digital wallet (575M active accounts, 775k+ mobile apps) has potential to expand to payments • Passbook - cloud-based digital wallet that aggregates merchant QR codes, loyalty, gift cards, movie tickets, boarding passes. NO payments. • Small merchant model with Mobile app & plug-in device to accept credit/debit cards, replace cash and check • As merchant acquirer assumes liability, charge-backs • Customer model – restaurant pre-order, pre-pay

11 12 What Consumers Want in a Wallet

• Mobile P2P transfers 26%

• Make small purchases with mobile QR code 27%

• Set up prepaid account for small purchases, 22% automatically reload from debit or credit card • Pay for purchase with debit, credit or prepaid 25% card account linked to mobile/digital wallet • Store merchant loyalty/rewards cards in mobile 28% wallet

• Pay using loyalty points 30% Source: TSYS Survey, October 2013

12 Prepaid Mobile Banking Solutions Gaining 13 Traction • GPR prepaid account with card • Mobile features: New account open, direct deposit, alerts, bill pay, P2P, mRDC, ATM access, cash reload at Walmart; savings

• GPR prepaid account card • Mobile features: Alerts, mobile RDC, direct deposit, cash reloads/withdrawals at Chase ATMs and branches

• Branchless mobile bank account: Open new account, alerts, mRDC, P2P, bill pay, direct deposit, ATM network, cash deposits at some retail/convenience stores Green Dot Bank • All FDIC-insured. COMMON • Bluebird and Chase Liquid have mobile apps FEATURES • No minimum balances or overdraft fees • Bluebird and GoBank offer aspirational savings tools • GoBank has PFM tool

13 14 Drivers can also challenge U.S. Mobile Payment Adoption

Competing technologies Data security and impact merchant privacy decisions EMV migration distraction Lack of Nonbanks cause interoperability disintermediation Low and standards merchant Fragmented acceptance Complex market confuses regulatory consumers structure

14 Multiple Points of Risk Create Security 15 Challenge

• Progress requires trust, CUSTOMER transparency & AUTHENTI- CATION cooperation CLOUD & POS • Convergence of mobile MOBILE APPS platforms and multiple parties blurs lines of responsibility and liability MOBILE END • Complexity creates new DEVICE USER opportunities for compromise – Data breach – Data monetization vs. WIRELESS WALLET NETWORK privacy – Use of location-based services NFC, PAYMENT SECURE – Malicious mobile apps TRANSACTION ELEMENT & HCE

15 16 EMV Migration Will Help Reduce Card- Present Fraud But Impacts Mobile Strategy

Liability shifts to EMV at non-EMV merchant acquirers Gas Pumps

April October October October 2013 2014 2015 2016 2017

Acquirers & Processors Liability Shifts 100% EMV for ATM transactions

16 17 Challenge of a Complex U.S. Regulatory System No one authority or law regulates Federal FDIC payments or Reserve governs m- FTC commerce FCC U.S. Mobile Payments Ecosystem CFPB NCUA

CSBS FinCen OCC

17 18 Mobile Payments Industry Workgroup

Represents major U.S. mobile payment stakeholders—traditional and emerging payment providers

. Financial institutions . U.S. Treasury . Merchants and card networks . Mobile Network Operators . Clearing/settlement . Handset/OS manufacturers organizations . Chip makers . Payment processors . Mobile solution providers . Online payment providers . Mobile carrier trade association . Payment trade associations

• Builds consensus on mutual points of value and challenges • Works collaboratively to reach critical mass for secure, efficient retail mobile payment adoption • Helps Fed understand industry role in mobile payments ecosystem

18 Mobile Payment Principles for 19 Successful Adoption

Interoperability between mobile/digital platforms

Open/ubiquitous mobile/digital wallet solutions

Existing clearing/settlement channels, open to new rails

Security for NFC/card-based and cloud solutions

Globally interoperable, technology-agnostic U.S. standards Understanding roles/risks of non-banks

Understanding of regulatory requirements

19 20 MPIW Activity 2014-2015

• Monitor mobile industry trends to assess impacts of EMV, HCE, tokenization, nonbank solutions • MPIW Security workgroup – Analysis of mobile payment use cases – Analysis of authentication/tokenization industry initiatives • Identify gaps and potential need for broad mobile payment industry standards (informed through Fed ISO/X9 participation) • Keep abreast of regulatory developments

20 Key Takeaways 21 • Much work to be done to address fragmentation & reach critical mass. Consumer adoption contingent on multiple factors. – FIs still trusted but need to know their market – consumer demographics, banked and unbanked, SME and commercial customer needs • Security issues and technology standards are being addressed and will evolve. – FIs should get actively involved in related industry workgroups • Regulatory and other mandates burdens may be impeding mobile progress. • No one industry will dominate but nonbanks will continue to play strong and disruptive roles. – FIs should focus on partnerships and collaboration, including regional solutions and transit

21 22

THANK YOU.

[email protected] http://www.bostonfed.org/bankinfo/payment- strategies/index.htm

22 Mobile Payments and Commerce

John Muller July 2014

Fast Low Cost Secure - Secure against data breaches - Secure against unauthorized transactions - Secure against not getting what I paid for (consumer protection) International

And more recently: Great User Experience • Integration with Loyalty, Coupons, Offers • Integration into Mobile Apps – Pay with “Card on File” Programmable • Ease of use for Developers

1. Proximity Payments Near Field Communications/Hosted Card Emulation (Isis, Google Wallet) QR Code/Bar Code (Starbucks, LevelUp, MCX?) “Check‐in” using mobile device geolocation (Square, PayPal) Data on device vs. Data in the cloud Mobile‐only wallet vs. Digital Wallet 2. Online Payments through Mobile Device Payments through Merchant’s App (Starbucks, McDonalds) Payments through Payment Company’s App Payments through Mobile Browser Proliferation of wallets –Visa V.me, MasterCard MasterPass, Google Wallet, Square, LevelUp, Dwolla, PayPal 3. Carrier Billing ‐ Usually for games and other “digital goods” ‐ Bango, Boku, Zong, AmDocs, Fortumo, Bill2Phone

4. Mobile Merchant Acceptance ‐ Square, Intuit, PayPal, Groupon, Bank of America, Chase, Capital One etc. ‐ More than just a Card Reader ‐ Mag stripe only vs. EMV/Chip‐compliance

5. Mobile Money Transfer/Person‐to‐Person payments Bank services (clearXchange, POP Money) Venmo International remittances (Western Union, Moneygram, Xoom) 6. Mobile Money Storage –Cash Substitution Mpesa (Kenya) Gcash (Philippines) Bitcoin and other virtual currencies? Prepaid card apps (AmEx Serve, Green Dot, Netspend, U.S. Bank)

Mobile Financial Services: Payments, Banking and Commerce

July 17, 2014

Jackie McCarthy Director, Wireless Internet Development [email protected] 31 Mobile Financial Services as a Multi- Platform Ecosystem

Source: First Data Corporation 32

Growth of Mobile Banking

– 86% of mobile banking providers offer dedicated Smartphone applications, the vast majority of which are available on both phone and Android mobile devices.

– 35% of banks that have dedicated applications for mobile banking offer more than one type of application (e.g. PNC, Charles Schwab, American Express) for different forms of interaction (one for mobile banking, another for brokerage, insurance, etc.).

Source: First Annapolis Consulting, 2012 Mobile Payments and Banking Study 33 Adoption of Mobile Payments

• Dozens of choices; No clear leader • Isis (AT&T, T-Mobile, Verizon Wireless) o Compatible with several major payment cards (Barclay’s, Capital One) • Google Wallet (Sprint) o Accepted by 28 retailers (and counting) • Host Card Emulation released by Google for Android OS • But the majority of mobile payments innovation is apps-based, “over the top” o Card-based (Visa’s Pay Wave in wide usage at 2012 London Olympics) o Square o Sage (card reader for the Girl Scouts of America) o Level Up (QR code-based, popular with small retailers) o Individual retailer-based (Starbucks, Dunkin Donuts)

• Transaction fee models vary o Some run a transaction through the retailers’ existing processors. oOthers bill the retailer directly for the transaction. 34 Expansion of Direct Carrier Billing

• Traditionally, third-party services appearing on wireless consumers’ bills were confined to premium SMS, ringtones, etc. • We’ve seen a rise in the use of the SMS platform for charitable and political contributions (and related regulatory questions – FEC, state elections boards). • There’s an increase in Direct Carrier Billing for “other” goods/services – Bill2Mobile –Boku – Implicates a host of credit, financial protection, and retailer regulations to mobile network operators (formerly the “dumb pipe” for most mobile transactions”). 35 Mobile Commerce

• Apps help to optimize the “shopper experience,” and allow retailers large and small to integrate loyalty/coupon programs.

• Among the top 100 retailers, over 80% have developed a mobile commerce app.

• The use of Bluetooth low-energy, beacons and other location-based technologies further personalizes shopping and point-of-sale, but raises privacy issues. 36 Important Legal/ Regulatory issues in Mobile Banking and Payments • CFPB Request for Information (low-income/unbanked consumers). CFPB interested in comments on how mobile platforms increase access to financial services, and encourage financially-responsible consumer actions like savings and dept management.

• FTC Actions/Investigations re: Online/Mobile Commerce Providers.

• Resources to Prevent Device Thefts (and “Lock” Stolen Devices) Same issues, but they take on new urgency when the device becomes the wallet. 37 Mobile Finance- Specific Published Work by CTIA Member Group

Mobile Financial Services (MFS) Best Practices and Guidelines http://www.ctia.org/business_resources/index.cfm/AID/11507

This was a voluntary and joint effort by CTIA member companies. Legal representatives participated. Presented to and accepted by CTIA Board of Directors, January, 2009.

Meant to be a guideline that assists Application Providers background from which to base their development and customer practices.

Important step because the members foresaw meteoric growth in this area. 38 MFS – The Guidelines • Even defining who is a provider of MFS comes into scrutiny: Examples of MFS Providers: 1) A financial institution that provides its banking, brokerage or other financial services (e.g., account balance inquiry, bill payment) via the mobile channel is an MFS Provider. 2) A software developer or platform provider that develops and/or supports mobile banking or mobile payment services on behalf of financial institutions is an MFS Provider. 3) A provider of an online payment service (e.g., online commerce, bill payment, person-to-person transfer) that provides such services via the mobile channel is an MFS Provider. 4) A payment card issuer or payment network that provides credit cards, debit cards, stored value cards, or transit fare intended to be provisioned to mobile handsets is an MFS Provider. 39 Mobile Finance- Voluntary Guidelines

• Ensure that Liability Rests with Mobile Financial Service Providers • Clear & Conspicuous Disclosures to Users • Extra Layer of Security for Financial Data • Fraud Prevention • Compatibility Standards: Networks & Handsets • Collection, Use and Control of Data • Customer Service/Complaints

Guidelines group Mobile Banking and Mobile Payments together and has unique provisions for Mobile Commerce. 40 MFS – Guideline Areas

A. Guidelines Specific to Mobile Banking and Mobile Payments – 1.Authentication and Authorization – 2.Banking and Payment Alerts; Transaction Records – 3.Limiting Liability for Unauthorized Transactions

B. Guidelines Specific to Mobile Commerce – 1.Disclosure of Material Terms of Purchase – 2.Obtaining User Authorization – 3.Receipts, Order Status and Account Information – 4.Mobile Coupons, Rebates, Loyalty Programs, etc. – 5.Minors 41 MFS- Guideline Areas (can't)

C. General Guidelines –1. Disclosure of Terms; Disclaimers – 2. Consent to Enrollment in MFS – 3. Compliance with Laws and Regulations – 4. Security of Data Transmissions – 5. Security on the Mobile Device or in Storage – 6. Access Controls and Security of Sensitive Information – 7. Fraud and Identity Theft Protection – 8. Collection, Use, and Disclosure of Information – 9. Dispute Resolution Processes and Customer Service 42 Cross Industry Communication

• Federal Reserve Banks of Boston & Atlanta (Mobile Payments Industry Working Group) • NACHA –Payments Innovation Alliance • Financial Services Roundtable • The Smart Card Alliance • NFC Forum • Electronic Transactions Association • Merchant Advisory Group 43 Where do we go from here?

• Business and technology models are fragmented.

• Consumer adoption is growing, but still tentative.

• Need for updated industry guidelines to reflect evolving ecosystem. Principles for Safe and Fair Mobile Payment Systems

Lauren Saunders National Consumer Law Center July 2014

• Consumer can easily choose which payment to use. • With mobile wallets, dominant players or exclusive relationships should not steer consumers away from choosing the card/payment system they prefer. • Parents can control kids’ ability to make a purchase. 46 2. Promote Understanding

• Beyond disclosure, ensure consumers actually see and understand costs, terms; not fine print. • Consumers need to be able to access, save terms for future reference. • Simplify: few fees so consumers can understand the overall cost. 47 3. Protect Safety of Funds

• Mobile accounts may be held on company’s books, or in uninsured account, vulnerable to insolvency. • NCLC: Require deposit insurance on bank account substitutes (reloadable, over $500). • Deposit insurance also ensures bank regulator oversight, level playing field. 48 4. Safeguard Data

• Keep data safe from hackers, loss theft of device.

• Sensitive personal or financial information should not be sold to highest bidder. 49 5. Offer Effective Dispute Rights (Reg E) • Liability limits for unauthorized charges, not just voluntary policies. • Legal rights, procedures to challenge errors. • Clear rules on which entity is responsible. • Danger zone: Take Reg E payment and strip of Reg E protections; bill-to-carrier unless de minimis. 50 6. Permit Chargeback Rights for Merchant Disputes (i.e., Reg Z)

• The form of payment shouldn’t deprive consumers of rights if they don’t get what they paid for.

• Consumers can’t keep track of differences between credit, debit cards.

• Network Zero Liability policies help, but clear, uniform legal rules are better. 51 7. Use Consumer Data Fairly

• Comply with the FCRA for any data that might be used for credit, insurance, employment or other FCRA purposes: – Use only if have a permissible purpose. – Ensure accuracy. – Give consumers access to “reports” and effective means to correct errors. 52 8. Avoid Discrimination

• Comply with ECOA when extending credit.

• Look out for disparate impacts when making product offers, discounts, differential pricing. 53 9. Protect Privacy

• Let consumers’ choose when they want info shared (and what type of info), when they don’t. • Explain why information may be shared. • Protect personal financial information • Build privacy into the design of products. • Don’t sell consumer information to predators. 54 10. Ensure Access to Funds

• Provisions for access if mobile device lost.

• Holds on check deposits consistent with bank account rules.

• Prompt crediting/delivery of payments.

• No arbitrary account freezes. 55 11. Provide Free, Convenient Access to Account Information • No fees for balances, account info, occasional written transaction history.

• For bank account substitutes, right to opt in to paper statements for $1/mo.

• Free customer service w/o long holds. 56 12. Eliminate Unfair Fees, Tricks

• Avoid penalty fees. Creates incentives to encourage mistakes. • Avoid information fees. • Negative options, unclear add-on products. • No fees charged on empty, inactive account. • Ensure that the product works, costs what the consumer expects. • Disclosure does not insulate you from unfair, deceptive or abusive charges. 57 13. Keep Credit, Deposit Accounts Separate • Don’t use payment product to induce consumer to incur overdraft fees or debt.

• Credit features should be offered as credit, based on ability to pay. 58 Underserved: Opportunities • Internet access, ability to shop and compare. • Convenient bill payments. • Fast, convenient, cheaper check cashing/deposits. • Entry point to financial services. • Easy access to account information. • Financial literacy tools. • Discounts. 59 Underserved: Concerns • Cost of data. • Lack of access if prepaid plan runs out, can’t pay mobile bill. • Incomplete/deceptive info on 3” screen. • Long check deposit holds. • Inability to print, retain T&C, other info. • Coercion to agree to E-Sign when want paper bills, statements. • Differential, more expensive pricing. • Predatory lending/marketing. • Language access. 60 For more information

• NCLC mobile payment comments to FTC: http://www.nclc.org/images/pdf/banking_and_payment _systems/mobile-comments-by-nclc-to-ftc-28-aug- 2012.pdf

• NCLC prepaid card comments to CFPB: http://www.nclc.org/images/pdf/rulemaking/ cm-prepaid-card-july2012.pdf 61 For more information • NCLC website (Issues/Banking&Payment Systems/Prepaid Debit Cards or Electronic Banking)

• NCLC comments, legal treatises and reports 62 Thank you!

Lauren Saunders [email protected] (202) 595-7845 63 Questions?

Type your question in the bottom of the Q&A Pod on your screen. To submit your question, click Send to the right of the text box, or press return.