FTC Workshop Security and Privacy Concerns with Mobile Payment Systems, Both Perceived and Real (Part 2 of 2)

The Federal Trade Commission (FTC) recently conducted two half-day sessions on mobile payment systems (technology that enables consumers to make payments using their mobile phones; e.g., pay for parking meters) -- Paper, Plastic… or Mobile?. The second session featured panels on data security and consumer privacy issues surrounding this emerging capability. We previously summarized the morning session. Because, as the panel discussions made clear, both concerns can be addressed by technology, the real problem for mobile payment systems is likely consumer perception. Providers face the challenges of both convincing consumers of the technology's security and earning consumers' trust that providers and merchants will not violate their privacy.

Creating consumer confidence in security protections is a significant hurdle to mobile payment systems' acceptance. According to a recent Federal Reserve survey, 42% of mobile phone users who have the opportunity to use mobile payments but choose not to cite fear of fraud as the reason for their hesitance. Although the mobile payment space currently lacks uniform security standards, providers have strong incentives to make the payment systems as secure as possible.

In fact, according to the industry, mobile payment systems may be more secure than traditional credit or debit cards. For example, in the event that a user's phone is stolen or lost, the victim may make a single phone call to shut down all the cards stored in his or her mobile wallet, as opposed to a phone call for each individual card in a misplaced leather wallet. Mobile payment systems can also incorporate other security technologies, such as dynamic authentication (which renders stolen payment credentials useless for making future purchases), that may make mobile systems more secure than traditional payment methods. As mobile payment systems evolve, one of the regulators' goals will be to educate consumers to be able to distinguish between mobile payment platforms that utilize more secure technologies from those that do not.

Mobile payment system providers may have more difficulty earning consumer trust about privacy. As one might expect, the panel discussion highlighted a sharp contrast in perspectives between industry representatives, on the one hand, and consumer advocates, on the other.

Industry representatives emphasized that in any attempts to protect privacy, regulators should avoid discouraging innovation. It is often data collection that allows smartphones (and other technologies) to provide immediately and conveniently the information, such as location data, that their users desire. Further, if regulators place significant limits on secondary data usage, currently free services such as Google and Facebook, for example, may begin charging subscription fees.

Consumer advocates desire that consumers be afforded a choice about participation in data collection and sharing. We have previously blogged on this issue, citing a recent FTC consumer privacy report. Unlike security, where companies and users may have an aligned goal (i.e., to maximize security), with respect to privacy, merchants have incentives to collect as much data as possible. As with traditional payment systems, mobile payment providers and merchants want to use and share this data to implement more targeted marketing strategies. Potential for abuse is heightened in the mobile space because of the increased amount of data mobile payment systems can collect, including transaction locations and aggregated purchases over time. Consumer advocates worry that data collection practices in the mobile payment space could lead to a bombardment of advertisements that will only be limited by a legal regime analogous to the National Do Not Call Registry, which was designed to prevent telemarketing abuses.

Regardless of what regulatory scheme is implemented to protect privacy, whether consumers trust that their information is not being used inappropriately could, to a large extent, determine mobile payment systems' acceptance.

© Arnold & Porter Kaye Scholer LLP 2012 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.