The Legal Framework of Mobile Payments: Gaps, Ambiguities, and Overlap

In a September 22, 2016, post on this blog, available here, Professor Wulf Kaal asked in the title to his piece, “What Happens When Technology Is Faster Than the Law?”  He noted that while “innovation driven by science and technology is accelerating, …Federal and state agencies’ regulatory processes have slowed down.”

My report for The Pew Charitable Trusts asks that question in regard to mobile payments. The answer: When technological developments occur more quickly than changes in the law, the result is gaps, ambiguities, and overlap in laws related to mobile payments.

As the popularity of mobile payments grows, it becomes increasingly important to understand the legal framework in which these transactions take place. Consumers need to know their rights and responsibilities. They need to be alert to the financial risks they are exposed to and the legal remedies available when transactions go awry. Financial institutions and other companies that facilitate mobile payments need clear rules describing their obligations, rights, and liability as they develop new mobile payment products and contract with consumers for mobile payment services. Finally, policymakers need to understand the impact of applicable statutes and regulations on consumers and mobile payment providers so they can evaluate whether they are adequate, and if not, what new provisions are needed.

My report describes and analyzes the legal framework of mobile payments. That framework consists of a wide variety of state and federal statutes, regulations, agency “guidance,” and court decisions. Determining which laws apply to mobile payments is complicated by several factors. For example, many federal agencies have regulatory, supervisory, or enforcement authority over various aspects of mobile payments services when offered by financial institutions under their jurisdiction. These include the “prudential regulators,” the Office of the Comptroller of the Currency, the Federal Reserve, the Federal Deposit Insurance Corporation, and the National Credit Union Administration. Companies not within the legal definition of financial institutions, such as PayPal and other non-banks, are subject to the authority of the Consumer Financial Protection Bureau and the Federal Trade Commission. Telecommunications companies are regulated by the Federal Communications Commission. State agencies, such as bank commissioners and attorneys general, enforce their laws applicable to mobile payments.

A final factor making it difficult to determine which laws apply is the flood of new products and services that the industry offers, as well as the different types of situations in which consumers make mobile payments. For example, most consumers charge their mobile payments for goods and services to credit cards, debit cards linked to a checking account, or prepaid card accounts. Others agree to charges being placed on their wireless carrier’s monthly bills along with the communications charges for using their cellphones. Entirely different laws apply depending on which type of account the consumer uses. Issues that arise vary significantly, from the circumstances under which online contract provisions are enforceable to a company’s liability for data security breaches and privacy invasions. Applicable laws range from centuries-old contract law and tort theories to new federal and state statutes. In some instances, no law at all applies.

What emerges is a patchwork of laws that is characterized to a large extent by three features: gaps (situations in which no law applies); ambiguities (where it is not clear whether or how a law applies); and overlap (where two or more laws apply to the same situation or more than one agency has legal authority over the same type of conduct).

The Consumer Financial Protection Bureau and other agencies are attempting to ameliorate what Kaal refers to as the “pacing problem,” in which the law lags behind the new products and services developed as a result of “the unprecedented exponential nature of (technological) innovation in this decade.” For example, several months after Pew issued my report, the CFPB published final regulations that apply to prepaid cards. This directly affects mobile payments since the regulation applies to digital wallets loaded with funds from prepaid card accounts. Consequently, the portion of my report describing the CFPB’s proposed rule on prepaid cards was rendered moot. A similar fate may await other parts of the report as legal gaps are filled and ambiguities clarified. For instance, looking into the future, the CFPB stated that it continues to analyze products and services tied to virtual currencies.

This report describes the legal framework of mobile payments as it applies to three stages of mobile payment transactions. Stage 1 considers the law that applies when consumers use mobile devices to enter into online contracts for mobile payment services. Stage 2 describes the law that relates to consumers who use mobile devices to make payments. Stage 3 focuses on problems consumers may confront once they make mobile payments.

After discussion of each of the stages, the report identifies those gaps and ambiguities that are likely to have the greatest impact on consumers who make mobile payments because they result in mobile payment transactions being less transparent and safe.

The final section of the report examines various policy options available to lawmakers in light of the gaps, ambiguities, and overlap identified in the article. Each alternative has its benefits and drawbacks. The article does not advocate any position but instead provides information that may aid policymakers in making a decision on future action.

This post comes to us from Mark E. Budnitz, Professor of Law Emeritus, Georgia State College of Law. It summarizes his report for The Pew Charitable Trusts that is available here and updated here.