Mobilizing payments: behind the screen of the latest payment trend.

• Author: Reed, Brianna L.

1. INTRODUCTION

   The mobile phone has evolved from a modest 2.2 pound device designed solely for telephonic communication (1) to a five ounce "smartphone" capable of web browsing, utilizing GPS services, taking pictures, streaming video and music media files, text messaging, running complex software applications, and more. (2) On a separate but similar trajectory, payment systems have evolved from simple specie-based and paper currency, to note transfers, deposit-account transfers, and now electronic payment systems. (3) The technologies of mobile telephones and payment systems are still evolving but also merging, creating the phenomenon known as "mobile payments," or "mpayments." (4) Mobile payments enable consumers to make purchases via text message or through any number of downloaded applications designed specifically for a mobile phone. (5) The technology of mobile payments will eventually allow consumers to leave behind their traditional leather wallets, enabling a full spectrum of purchases to be made with credit card accounts, bank accounts, gift certificates, and * pre-paid stored value accounts--all accessed through the mobile phone device. (6)

   The creation of the digital wallet through the emergence of mobile payment systems is slated to fundamentally change the way American consumers make daily purchases because of the convenience and efficiency of these systems. (7) An estimated 87% of the United States population owns a mobile phone and this population usually carries their mobile phone in their possession, so the ability to pay through a mobile phone would greatly simplify the life of the average American by eliminating the need to carry a wallet. (8) Mobile payment systems will also create changes for financial institutions, merchants, wireless service providers, and mobile software developers, who will all be working behind the screen to protect their own institutions and their customers against unauthorized payments, fraudulent transactions, mistakes, privacy leaks, and programming bugs and glitches. (9)

   Mobile payments, or "m-payments," have been successfully implemented in Asia, but have yet to infiltrate the U.S. economy in a real, prevalent way. (10) This Note will examine which current regulations might apply to mobile payment systems, where gaps in the law remain even if these regulations do apply, and what protections mobile payment systems might offer to consumers and financial institutions under the current state of the law. (11) This Note will contend that before m-payment systems achieve proliferation in the United States, legislators need to act to create a regulatory scheme that specifically addresses mobile payment systems because the existing regulatory scheme will be unable to successfully govern the industry. (12) Part Two examines the development of various types of mobile payment systems, as well as the development of the regulations that govern existing payment systems. (13) Part Three discusses the most promising forms of mobile payment systems likely to be adopted in the U.S. and the current regulations that would appear to apply to these systems if adopted by consumers. (14) Part Four argues that the regulatory framework currently in place is insufficient to properly regulate mobile payments in a manner that protects as well as incentivizes consumers and financial institutions to undertake its adoption, and proposes steps that would adequately address the unique concerns for financial institutions and consumers that are raised by mobile payment systems. (15)

2. HISTORY

   1. Models of Mobile Payment Systems

      There are two primary models for mobile payment systems. (16) One model is the "remote m-payments" model, in which a cellular phone's text messaging capability (SMS, or "short messaging service") is used to send credit or debit card information to the merchant. (17) Under this model, the consumer first creates an account with a mobile payment service provider (MPSP), and links a financial account to the MPSP account. (18) Then, through a series of text messages back and forth between the consumer and the MPSP, the specified dollar amount is transferred to the receiver's account. (19) Examples of remote m-payment models include systems such as PayPal, Facebook (for purchasing Zynga virtual goods), ringtone purchases made from wireless carriers, and donations made to the American Red Cross for the Haiti earthquake relief by charging an amount to a wireless carrier bill. (20)

      The second mobile payment model, named the "proximity m-payment" model, is the format most attractive for consumers. (21) This model enables contactless payments for goods and services; the consumer waves the device near a "reader" and account information is wirelessly transmitted to the merchant or receiver. (22) The proximity m-payment model utilizes near field communication (NFC) technology, which involves an NFC chip installed in the mobile phone that communicates with a point of sale terminal to authorize account transfers from consumer to receiver when the chip is waved in front of the point of sale terminal. (23) Examples of proximity m-payment models include systems such as the recently launched Google Wallet service as well as Bling Nation. (24)

      The main differences between the remote m-payment model and the proximity m-payment model center on the technologies required for their use, and the conveniences and risks each model poses to the consumer and financial institution. (25) The choice of which mobile payment system to use may hinge on the types of technology a consumer has access to; remote m-payment models require no more than a SMS capable phone and a cellular signal (which nearly all mobile phones currently in circulation have), while proximity m-payment models require a point of sale terminal as well as an NFC equipped mobile phone. (26) Remote m-payment system security risks include lack of encryption checks (information is sent in plain text) and lack of authentication protocols, leaving a consumer vulnerable to imposters and hackers. (27) Proximity m-payment system security risks include a heightened vulnerability to identity theft, as stealing a person's physical phone would now be equivalent to stealing their entire wallet, because there would be no additional authentication procedures other than entering the mobile phone's own password if the owner has even established one, and the risk of hackers stealing in formation "out of the air" while account information is transferring. (28)

   2. Regulations that Apply to Existing Payment Systems

      A variety of laws and regulations designed to protect consumer privacy apply to the traditional existing payment systems in the United States, such as payment by check, credit card, debit card, and online payments. (29) This Note specifically examines the regulations that may have a possible connection to mobile payments. The Federal Reserve Board of Governors regulates the commercial banking system of the United States. (30) The Federal Reserve Board is authorized, implicitly and explicitly, to develop rules that give specificity to federal statutes. (31) Therefore, the Federal Reserve Board serves as a primary authority in determining the regulation of payment systems, and through decisions and comments the Federal Reserve Board has the power to link and apply specific federal statutes to mobile payment systems. (32)

      Regulations are in place to properly protect consumers who are transferring very sensitive financial information through currently existing payment systems. (33) The Electronic Funds Transfer Act (34) and Regulation E (35) govern fund transfers executed electronically from (and to) a consumer's financial institution account. (36) Consumer liability for unauthorized transfers is limited by Regulation E: if the unauthorized transaction is reported within two days, the consumer can only be held liable for up to $50, and if reported within sixty days, maximum consumer liability is $5 00. (37) Additionally, the financial institution that holds the consumer's account is required to disclose the terms and conditions for financial charges. (38) Financial institutions that are required to comply with Regulation E include "bank[s], savings associations], credit union[s], or any other person[s] that directly or indirectly [hold] an account belonging to a consumer, or that [issue] an access device ... to provide EFT services." (39) A device that triggers protection by Regulation E can be any "card, code, or other means of access to a consumer's account ... that may be used by the consumer to initiate electronic fund transfers." (40) In comment 20a-1 to Regulation E, the Federal Reserve Board chose to explicitly apply one section of Regulation E to any "device with a chip or other embedded mechanism that links the device to stored funds, such as a mobile phone." (41) While this action shows an inclination by the Federal Reserve Board to allow mobile payments to trigger Regulation E protection, the Board has since made no other explicit applications of Regulation E requirements to mobile payments. (42) However, PayPal Mobile voluntarily assumed all of the responsibilities of Regulation E, independent of any specific governmental application of the requirements to the service. (43) This could indicate a willingness of the mobile payment industry to self-identify, but this self-imposed regulation lacks any real consumer enforcement power. (44)

      The credit card is now a staple in the field of modern payment systems and fully embraced by consumers as a traditional form of payment. (45) Credit card systems are regulated by the Truth-in-Lending Act (46) and Regulation Z. (47) Credit card companies are required to make initial and continuous disclosures to their customers regarding charges, fees, and terms. (48) Regulation Z's provisions also govern billing errors and consumer liability for unauthorized transactions. (49) Regulation Z...