On September 10, 2014, the Federal Trade Commission (FTC) posted a comment in response to the Consumer Financial Protection Bureau’s (CFPB) request for information regarding the use of mobile banking services and products specifically utilized by economically vulnerable or underserved consumers. After briefly articulating some of the benefits of mobile banking, the FTC highlighted five concerns it had for economically vulnerable or underserved communities: (1) the risks posed by prepaid or stored value products given the lack of federal protection and ease of unauthorized access; (2) the ways mobile carrier bills are charged to consumer automatically without consent; (3) privacy of consumers’ personal and financial data; (4) security of consumers’ personal and financial data; and (5) the risks presented by data brokers and other third parties to consumers. Credit card companies, banks, data brokers, and other third parties who are utilizing mobile banking services should note that the FTC has expressed interest in protecting consumers from the risks discussed in its comment and already has brought multiple enforcement actions and begun investigations into a number of financial institutions.
Prepaid or Stored Value Products
According to the FTC, many underbanked and economically vulnerable communities use prepaid or stored value cards to make payments on their mobile devices but may not understand that, unlike mobile payments from a typical debit or credit card, mobile payments from a prepaid or stored value card are not protected from unauthorized charges by the federal government. As a result, any unauthorized charges could fall directly on the consumer, leaving him or her with no recourse unless it is specifically provided by the prepaid card or mobile app provider. As we explained recently, these application providers are, more often than not, failing to provide any protection from unauthorized charges on these types of cards and accounts. And, more importantly, these companies are failing to inform consumers as to this lack of protection from liability. Because the FTC continues to advocate for more robust disclosures to consumers regarding these products, companies can get ahead of the curve by revising their liability disclosures to clearly set forth liability limits.
Mobile Carrier Bills
“Mobile Carrier Billing” allows consumers to charge goods or services directly to their phone bills. For example, Verizon Wireless has partnered with Google to permit consumers to charge up to $25 for virtual goods and services per billing cycle per mobile number. Essentially, anyone with a non-prepaid Verizon account can use their Gmail account to pay for goods and services without the need for a bank or credit card. But not all companies have limits on the amount that can be charged, and the FTC is paying attention due to a serious problem with fraud and unauthorized third-party charges on mobile phone bills. The fraudulent practice of adding charges to consumer bills without consent, known as mobile cramming, has been blamed for costing consumers millions of dollars in unauthorized charges. The FTC has already filed and served six enforcement actions for fraudulent practices related to mobile carrier billing and obtained consent judgments from three defendants for a total of more than $160 million. The FTC wants to eliminate mobile cramming and make mobile carrier billing safer for consumers. To that end, it has provided five tips for companies to avoid an enforcement action by the FTC and companies should review those tips and and ensure that consumers signing up for mobile carrier billing are the authorized users on the account.
Privacy of Consumer Data
The FTC is also concerned about consumer privacy on mobile devices and is encouraging companies to take a more proactive stance on disclosure and choice for consumers regarding what companies do with their information.
Security of Consumer Data
The FTC discussed both the potential pitfalls and benefits of using mobile devices for financial transactions. On the one hand, technology exists to provide consumers with additional encryption of their financial information above that provided by brick and mortar retailers (and mobile payment technology is constantly evolving, as evidenced by Apple’s upcoming foray into the space). But, if financial institutions and industry players do not take advantage privacy related technology, then the potential for consumers’ private information to be breached is much higher. The FTC already has brought enforcement actions against Fandango and Credit Karma for failing to appropriately secure consumers’ financial information (the companies disabled the SSL certificate validation on their apps, which allowed companies using invalid certificates to access information sent between the companies and their customers via the apps), and warns that more action will be necessary.
Selling Consumer Information to Data Brokers
Finally, the FTC voiced concern that data brokers and other companies are purchasing consumer data without ever having to interact with those consumers. The FTC has used the Fair Credit Reporting Act (FCRA) to go after companies it claims are violating consumers rights by providing data for credit, employment, insurance and other criteria outside the limits of the FCRA. The FTC has taken action against a growing number of companies who are not applying the FCRA to mobile applications. Companies should become familiar with the actions the FTC has already taken under FCRA against mobile company apps, and use such information to understand how to avoid non-compliance with FCRA on this new medium. As it relates to low-income consumers and underserved communities, the FTC is particularly interested in data brokers who are using applications to primarily identify consumers of a particular ethnicity or income bracket and using that information to market products.
The FTC’s comments highlight a number of areas it will continue to focus on, and it brings those concerns to the CFPB’s attention as well. Financial institutions watching what the CFPB will do in regulating mobile banking will find some clues here.