Protecting Your Intellectual Property and your Brand
Preparing the Legal Framework for Mobile and Other Emerging Payments
1. PREPARING THE LEGAL FRAMEWORK FOR
MOBILE AND OTHER EMERGING
PAYMENTS
Presented by Marc Lemieux
Marc.lemieux@fmc-law.com
+1 514 878 8806
November 19, 2012
2. OVERVIEW
1. Regulatory oversight of mobile and other emerging
payments and related market participants
2. Protection of consumers using mobile and other emerging
payments
3. Misuse of mobile and other emerging payments to launder
proceeds of crime or finance terrorist activities
4. Protection of personal information stored in or transmitted
by mobile and other emerging payments
2
4. CANADIAN PAYMENTS ACT
• Establishment of the Canadian Payment Association
– Membership limited to banks and other FIs
– Mandate to establish and operate payment systems (not oversee the
operations of payment systems established by others)
– Payment card networks other than Interac clear their transactions
outside the scope of the Canadian Payment Association
– Canadian Payment Association was not designed to oversee the
operations of participants in mobile and other emerging payments
• Oversight of designated payment systems
– Section 37 CPA grants the Minister of Finance a discretionary power to
designate payment systems which are national in scope or play a major
role in supporting transactions, «if it is in the public interest to do so»
– A satisfactory basis for oversight of the mobile and emerging payment
industries?
4
5. PCSA
• The Payment, Clearing and Settlement Act (PCSA) is concerned
with systemic risk
• Retail systems do not give rise to systemic risk as currently
defined and understood
5
6. PCNA AND THE CODE OF CONDUCT
• The Payment Card Network Act (PCNA) currently defines a
«payment card» as «a credit or debit card - or any other
prescribed device - used to access a credit or debit account on
terms specified by the issuer» (excluding «closed loop» credit
cards issued for use only with the merchants identified on the
card)
• The Code of Conduct currently applies to credit and debit card
networks and their participants and covers the use of cards at
the point-of-sale, on the internet and over the telephone
• The Code of Conduct does not however explicitly address
mobile payment transactions
6
7. ADDENDUM TO CODE OF CONDUCT
• Addendum announced in September 2012 applies to credit
and debit card networks, and their participants, that offer
mobile payments at the point-of-sale
• «Payment card» networks interpreted to include «credit and
debit payment applications» (apps - anything that stores,
processes or transmits credit or debit card data electronically)
• Comments invited as to whether Addendum should apply to
other mobile payment participants (MNOs, TSMs, etc.)
7
8. CERTAIN POLICY ELEMENTS MAINTAINED
• Element 1: Transparency and disclosure
• Element 2: Fee increases and introduction of new fees subject
to a 90-day (or a 180-day if a structural change) prior notice
• Element 3: Right of merchants to cancel without penalty
following notification of a fee increase or a new fee
• Element 5: Right of merchants to provide discounts for
different methods of payment
• Element 9: Premium payment cards only given upon
application by consumers of a well-defined and targeted class
of cardholders based on spending or income
8
9. OTHER POLICY ELEMENTS ADAPTED
• Element 4: No obligation of merchants to accept all products
available in the card network’s mobile wallet
• Element 6: Competing domestic apps can be stored on the
same mobile device provided they are represented as separate
• Element 7: Equal branding applies to payment apps and
consumers establish default preferences for payment options
• Element 8: Credit and debit payment functions can reside on
the same mobile device (but not the same app)
• Element 10: Comments invited as to whether merchant
consent is required for mobile where fees remain unchanged
9
10. FINPAY
• «Now that the Task Force has reported, what can you expect
from the Government?»
• The Government established the «Finance Canada Payments
Consultative Committee (FinPay)» to stay abreast of market
developments and contribute to policy development (June
2012)
• «Our view of the Government’s role is to set overarching
principles and a healthy regulatory environment for payments
so that competition and innovation can take place»
• Principles include leaving interchange fees unregulated and
continuing to preserve Interac (June 2012)
10
12. BANK ACT CONSUMER PROTECTION
• Bank Act regulates «payment, credit or charge cards» issued
by banks to «holders» but «payment, credit or charge cards»
are not defined
• References in the Cost of Borrowing (Banks) Regulation and
the Business Credit Practices to «credit cards» are not defined
• Prepaid Payment Products Regulation (draft released October
2012) defines a «prepaid payment product» as a «a payment
card, whether physical or electronic that is – or can be – used
by the card holder to make withdrawals or purchase goods or
services»
12
13. DEBIT CARD SERVICES
• Canadian Code of Practice for Debit Card Services defines a
«debit card» to mean «a card with electronically readable
data» that is used to authorize transactions at point-of-sale
terminals
13
14. TELCO CONSUMER PROTECTION
• Telecom Decision CRTC 2012-556 (October 2012)
– Competition in the mobile wireless market continues to be sufficient
to protect the interests of users with respect to rates and choice of
competitive service providers
– Canadian consumers may not however have all the information they
need to effectively navigate the mobile wireless market and mobile
wireless services are a significant source of consumer complaints
– While certain provinces have introduced consumer protection
legislation these protections are not available to all Canadians across
the country
– Mobile wireless service providers will abide by a code addressing the
clarity and content of service contracts and related issues and the
CRTC has issued a proceeding to establish such a code
14
15. QUEBEC CONSUMER PROTECTION
• Credit cards regulated but not defined
• Debit cards proposed to be regulated and defined as
«electronic payment cards or any other electronic payment
instruments, validated by a personal identification number or
by any other means used to confirm the consumer’s identity,
which allows the consumer’s account to be accessed for the
purpose of transferring funds»
• Prepaid cards regulated and defined as «certificates, cards or
other mediums of exchange that are paid in advance and allow
the consumer to acquire goods or services from one or more
merchants»
15
16. POLICY CONSIDERATIONS
• Which consumer protection policy elements in respect of
credit, debit and prepaid cards should be applied «as-is» to
mobile payment credit, debit and prepaid applications:
– Disclosure of cost of borrowing and other charges in application forms,
contracts and advertising
– Periodic disclosure and minimum grace periods
– Other elements considered by the existing framework
• Are adaptations required?
– Definitions of «cards» to be extended to «apps»
– Limitation of the consumer’s liability in case of loss, theft or other
unauthorized use of the payment apps on a mobile device
16
17. 3- MONEY LAUNDERING AND FINANCING
OF TERRORIST ACTIVITIES
18. COVERED ENTITIES
• Banks and other «financial entities»
• «Entities engaged in the business of remitting or transmitting
funds by any means or through any person, entity or electronic
transfer network» (money services business or MSBs also
covered by provincial MSB legislation)
• Are other participants in mobile and other emerging payments
required to be deputized in the fight against financial crime?
18
19. DUTIES TO REPORT
• Suspicious transactions
• Transactions with listed persons
• Receipt of $10,000 or more in «cash»
• The sending out of Canada, or receiving from outside of
Canada, an electronic funds transfer of $10,000 or more
• The importation or exportation of «currency» or «money
instruments»
19
20. CURRENT REFORM
• Consultation Paper launched in December 2011
• Should prepaid cards and mobile devices constitue «monetary
instruments» for the purpose of importation and exportation
reporting?
• Should the $10,000 threshold that applies to cash receipts and
international electronic fund transfers be reduced?
• Should customer due diligence requirement be extended to
prepaid access devices?
• What non-face-to-face identification measures should be used
by credit card companies to assess account applications?
20
21. U.S. REFORM (JULY 2011)
• Targeted approach to regulating sellers of prepaid access
products:
– Focuses on cases where inherent features of products or high dollar
amount pose a heightened risk
– Excludes prepaid products of $1,000 and less and certain payroll
products
– Excludes closed loop prepaid access products that provide access to
less than $2,000 per day
– Excludes government funded health and dependant care prepaid
access programs
• Where mobile devices give access to bank accounts, services
that provide connectivity between a customer and its bank are
not separately covered by AMLATF compliance
21
22. 4- PRIVACY AND THE PROTECTION OF
PAYMENT INFORMATION
24. RISKS OF INFORMATION THEFT
• Phishing and malware: theft of information while the
mobile device is in the hands of the consumer
• Interception of payment data at the point-of-sale
• Data breaches while information is stored in the
hands of the merchant, the acquirer or third-party
service suppliers
24
25. LIABILITIES IN CASE OF DATA BREACH
• The personal payment information of consumers of mobile
and other emerging payments is protected by PIPEDA
• But which participants in the payment system are liable in case
of a data breach?
– Recent U.S. cases: Patco and Experi-Metals (customers’ systems
breached) and Sections 202 and 204 of Article 4A of the Uniform
Commercial Code in the U.S.
– Other recent cases: Hannaford and Wyndham (merchants’ systems
breached)
• Should we regulate contractual practices between banks and
their customers regarding unauthorized payments made
through mobile devices or stolen information?
25
26. The preceding presentation contains examples of the kinds
of issues companies looking at Alternative Dispute
Resolution could face. If you are faced with one of these
issues, please retain professional assistance as each
situation is unique.