The FTC released a report outlining concerns about mobile payments, focusing on dispute resolution, data security, and privacy. Regarding dispute resolution, protections vary based on payment method and additional protections may be needed. Mobile carrier billing is a particular concern, and carriers should enable blocking of third-party charges and establish dispute processes. For data security, strong security measures are needed but not all companies are using available technology. Regarding privacy, the growing number of companies involved raises concerns, and companies should implement privacy by design, simplified choices, and transparency.

1. MARCH 12, 2013 TECHCOMM/FINANCIAL SERVICES CLIENT ALERT
This Alert provides only general
information and should not be
relied upon as legal advice. This
FTC RELEASES REPORT OUTLINING
Alert may be considered attorney
advertising under court and bar MOBILE PAYMENT CONCERNS
rules in certain jurisdictions.
On March 8, 2013, the Federal Trade Commission (FTC) released a staff report,
entitled “Paper, Plastic…or Mobile? An FTC Workshop on Mobile Payments,”
For more information, contact your addressing its consumer protection concerns in the mobile payments area. The
Patton Boggs LLP attorney or the FTC’s preliminary review is a follow-up to the Board of Governors of the Federal
authors listed below. Reserve System report, entitled “Consumers and Mobile Financial Services,” that
focused on the growth of mobile payments and banking.
Paul C. Besozzi
pbesozzi@pattonboggs.com
The FTC staff report, available here, examines mobile payments as a proven new
Deborah M. Lodge technology which consumers are expected to adopt widely in the next few years.
dlodge@pattonboggs.com Thus, the FTC emphasized “its mandate to protect consumers in the commercial
marketplace” and “broad jurisdiction over many of the companies that participate
Michael Drobac
in the mobile payments ecosystem.” These include hardware manufacturers,
mdrobac@pattonboggs.com
operating system and application developers, data brokers, coupon and loyalty
Carol R. Van Cleef program administrators, payment card networks, advertising companies, retailers
cvancleef@pattonboggs.com and other merchants and in certain cases telecommunications carriers.
Monica S. Desai
The report’s analysis includes technologies and products to facilitate mobile
mdesai@pattonboggs.com
payments using various funding sources (e.g., credit card, debit card, bank and
mobile phone accounts), such as Near Field Communications (NFC), mobile
apps, online checkout wallets and mobile carrier billing
ABU DHABI
The report underscores the FTC’s ongoing interest in the mobile payments area.
ANCHORAGE
While the agency shares enforcement powers with the Federal Communications
DALLAS
DENVER Commission and Consumer Financial Protection Bureau (CFPB) over some
DOHA mobile payment methods, the FTC clearly intends to ensure that consumers have
NEW JERSEY adequate protections and information they need to make informed choices
NEW YORK regarding mobile payments. As a result, the report commits the agency to
RIYADH continued evaluation of the mobile payment marketplace as new services and
WASHINGTON DC products are developed.
PattonBoggs.com Client Alert 1

2. CONSUMER PROTECTION CONCERNS
The FTC staff identifies three primary areas of focus relating to mobile payments: (a) dispute resolution, particularly
with mobile carrier billing, (b) data security, and (c) privacy. The report addresses each, provides suggestions and
outlines the FTC’s primary concerns in each area.
DISPUTE RESOLUTION IN THE MOBILE PAYMENTS CONTEXT: EXTENDED PROTECTIONS
A most significant concern is the resolution of disputes in the case of fraudulent or unauthorized charges. The FTC
staff notes that mobile payment users may not recognize that protections against such charges can vary based on the
underlying funding source. For example, transactions involving credit and debit cards are afforded statutory liability
protections (e.g., credit card cap liability for unauthorized use at $50) that do not apply to other payment methods
(e.g., general purpose reloadable card (GPR), also known as a prepaid debit card).
The general protections of the FTC Act do apply; and some companies have filled the gap with contractual
protections in the event of payment disputes involving GPRs. The report cites the FTC’s support for the CFPB
possibly extending legal protections to GPRs to (a) limit liability, (b) require disclosure for fees and expiration dates,
(c) establish error resolution procedures, and (d) set authorization standards for recurrent payments (the CFPB issued
an advanced notice of proposed rulemaking last year to extend Regulation E to GPRs in 2012 although final action is
not expected until at least 2014).
The report’s message is clear: Companies should “develop clear policies regarding fraudulent and unauthorized
charges and clearly convey these policies to consumers” so that consumers can understand their rights and protections
when deciding whether to pay with a particular mobile device and particular funding mechanism.
MOBILE CARRIER BILLING: A PARTICULAR CONCERN
The FTC staff expresses a special concern about mobile carrier billing (i.e., charging payments directly to a mobile
phone bill). As a result, the report calls for carriers to:
(a) enable consumers to block all third party charges on their mobile accounts;
(b) “clearly and prominently” inform customers about possible third-party charges and how to block them; and
(c) establish a clear and consistent process for consumers who wish to dispute such charges and obtain
reimbursements.
The report outlines other potential approaches, including standardizing and highlighting third-party billing
descriptions, providing notifications to consumers, imposing contractual obligations regarding maintenance and
access to customer authorization records, implementing standard dispute policies and allowing consumers to delay
PattonBoggs.com Client Alert 2

3. payment in good faith dispute situations, without penalty. In the staff’s view, additional protections, such as those
already mandated for credit cards, are needed to protect consumers in the mobile payments field.
Interestingly, the report does not address state money transmitter licensing issues that may be raised by mobile carrier
billing. However, the FTC staff is organizing a separate roundtable on mobile carrier billing issues for May, 2013.
CONSUMER DATA SECURITY IN MOBILE PAYMENTS
The report finds that a key concern for consumers when making mobile payments is the security of their sensitive
financial information. The FTC staff concludes that although the technology to provide enhanced security in the
mobile payments market is available (e.g., end-to-end encryption, dynamic data authentication), “it is not clear that all
companies are employing it.”
The report recommends that mobile payment providers should “increase data security” and “encourage adoption of
strong security measures by all companies in the mobile payments chain.” The FTC staff notes that many federal and
state laws also impose data security requirements on businesses that collect and use financial information and other
sensitive data. Finally, the report outlines practical steps that consumers themselves can take to secure their sensitive
data in the mobile payments marketplace (e.g., password protections, particularly for any payment apps).
PRIVACY
The FTC staff finds that mobile payments raise significant privacy concerns, due to the growing number of
companies involved in the transactions and their access to detailed consumer data. The report expresses concern
about “multiple players within the mobile payments ecosystem” who gather, consolidate and purchase data in a way
not possible under traditional payments regimes.
As a result the FTC staff encourages companies in the mobile payments marketplace to implement the three basic
principles put forth in the agency’s March 2012 report on “Protecting Privacy in an Era of Rapid Change,” available
here:
(a) Privacy by design: companies should consider and address privacy at every stage of product development;
(b) Simplified choices: consumers should be given specific, clear choices about data collection and use in the
mobile payments arena; and
(c) Transparency: Companies in the mobile payments field should be transparent about their data collection and
use, to increase consumer trust in this growing marketplace. This topic was a key focus of an earlier FTC staff
report, released in February, on mobile privacy disclosures, available here.
PattonBoggs.com Client Alert 3

4. The world is “going mobile” – a movement that includes making payments through mobile devices and apps. The
focus of the Commerce Department’s National Telecommunications and Information Administration on mobile
privacy in its multi-stakeholder approach to mobile privacy is likely to include mobile payment companies as they
draft principles for industry to adopt. This effort, combined with the Worldwide Web Consortium’s (W3C) Tracking
Protection Working Group, and the Digital Advertising Alliance signal a broad focus on data security, privacy and
new legal and self-regulatory regimes to address advancements in technology and exciting new innovations, including
mobile payments.
The rapid adoption of such new innovations, notably in the mobile payments industry, will lead to ease in commerce
but will undoubtedly raise additional questions about whether the government or third party groups must create
mechanisms to protect consumers. This latest FTC staff report is further evidence that the agency will continue to be
vigilant in protecting consumers using mobile payment methods.
PattonBoggs.com Client Alert 4