EcommerceBytes-NewsFlash, Number 3019 - March 12, 2013     1 of 4

FTC Warns of Mobile Payment Fraud

By Kenneth Corbin

Email This Story to a Friend

Mobile payments may be one of the most buzzed-about issues in the ecommerce world, but consumer-protection authorities warn that the nascent, fast-moving market needs to improve policies to help consumers dispute fraudulent charges and bolster security and privacy protections.

For their report, entitled "Paper, Plastic ... or Mobile?", staffers at the Federal Trade Commission drew on the input they received from industry stakeholders and others at a workshop that the agency convened in April 2012.

The FTC's report enumerates several concerns both for consumers and retailers - both online and off - that are rolling out mobile-payment options as the technology moves into the mainstream.

"For years, there has been growing anticipation about the use of mobile payments as a regular way for consumers to pay for goods and services. Recently, this anticipation has reached a fever pitch," the report notes, citing a 2011 KPMG International survey in which 83 percent of respondents projected broad consumer adoption of mobile-payment services by 2015.

"While mobile payments offer many potential benefits to consumers, they also raise consumer protection concerns," the authors add.

Of particular concern are the mechanisms available to consumers to dispute fraudulent charges. The FTC notes that the various methods for funding mobile payments, such as debit and credit cards and direct billing to a user's mobile account, are each regulated differently and entail different dispute-resolution processes with varying levels of consumer protection, creating a "potentially confusing landscape for consumers trying to decide which mobile payment system to use and how to fund these payments."

As a general matter, credit cards offer the strongest consumer fraud protections, with cardholder liability for unauthorized transfers typically capped at $50, according to the report. If the fraudulent activity is reported promptly, debit cards carry similar protections, though liability often increases over time if consumers don't act quickly to flag unauthorized transactions. Murkier still are mobile payments that draw on pre-funded accounts, which don't have the statutory protections that govern credit and debit cards.

The FTC's report acknowledges the efforts of some mobile-payment providers to "fill in the gaps in statutory protections" with contractual terms to protect users from liability for fraud, though it warns that those safeguards are unevenly implemented among providers, and some companies don't offer any liability shields for stored-value cards. "Because the protections are voluntary, such protections are not consistent, and companies that provide them could withdraw or modify them at their discretion," the report notes.

Further, FTC staffers say that no federal statute governs mobile-payment services through which consumers are billed directly on their monthly statements.

"The mobile carrier billing platform raises a unique challenge with regard to third parties placing fraudulent charges onto consumers' mobile carrier bills," the authors write in their report. That practice, dubbed "cramming," is to be the subject of an upcoming roundtable that the FTC has scheduled in May.

In addition to the concerns the FTC raises about billing issues, the report also identifies a patchwork quilt of security practices in effect across the industry, calling for mobile-payment providers to implement end-to-end encryption that would run the gamut from data authentication to secure storage of sensitive financial information on mobile devices.

The report cites a 2012 study issued by the Federal Reserve System's board of directors that found that while consumer interest in mobile payments and banking is strong, security is the most common reason cited for not adopting the technology.

The FTC is also calling on payment providers to incorporate "privacy by design" in their mobile applications, arguing that stronger and more consistent privacy protections will foster trust and speed adoption of mobile-payment applications.

In its report, the FTC asserts regulatory jurisdiction over the broad constellation of players in the mobile-payments ecosystem, including wireless carriers, retailers and the administrators of coupon and loyalty programs.

A trade group representing mobile payment providers, the Electronic Transactions Association (ETA), emphasized the commitment of its members to incorporate strong consumer protections into their payment services, while suggesting that the FTC's report might not reflect the latest developments in the industry.

"In the nearly one year since the FTC staff held the workshop on which this report is based, much has been accomplished," ETA CEO Jason Oxman said in a statement. "Our industry today provides merchants and consumers access to a wide variety of safe and reliable mobile payments products and services."

About the author:

Kenneth Corbin is a freelance writer based in Washington, D.C. He has written on politics, technology and other subjects since 2007, most recently as the Washington correspondent for, covering Congress, the White House, the FCC and other regulatory affairs. He can be found on LinkedIn here.

You may quote up to 50 words of any article on the condition that you attribute the article to and either link to the original article or to
All other use is prohibited.