An FTC staff report on mobile payments warns of a...

is based on an April 2012 agency workshop on mobile payments. Among credit card, prepaid card and mobile carrier billing, “consumers may or may not have statutory protections regarding unauthorized charges” through mobile payment, the report said (http://1.usa.gov/14DrBXp). Credit cards generally have the strongest level of protection, with a $50.25 liability cap for unauthorized use; debit cards require reporting a problem within 2 business days to get a $50 cap, a $500 cap after 2 days and “unlimited” liability if consumers don’t report within 60 days after their “periodic statement” is mailed; and there’s no federal statute other than the FTC Act protecting consumers if their mobile mechanism is linked to a pre-funded account or stored-value card like a gift card, the report said. FTC staff filed a comment to the Consumer Financial Protection Bureau, supporting proposed protections for buyers of general purpose reloadable cards, whose main use is by students and “the underbanked,” the report said. Voluntary liability caps by mobile payment providers are good but “such protections are not consistent, and companies that provide them could withdraw or modify them at their discretion.” Policymakers should consider “the benefits of providing consistent protections across mobile payments, and weigh these benefits against the costs of implementation,” the report said. Mobile carrier billing “raises a unique challenge with regard to third parties” and has already been identified in connection with landline “cramming,” the report said. The FTC told the FCC in a recent comment on mobile cramming that consumers should have the ability to block “all third-party charges,” including “on individual accounts operated by minors in the household,” and that carriers should be required to “clearly and prominently inform” customers how to block third-party charges at account creation and renewal, the report said: Carriers should also set up a clear process for charge dispute, require “aggregators” and others to maintain “sufficient and accessible records” of authorizations, and standardize dispute policies “to more closely align” with statutory protections. The report said FTC staff is organizing a roundtable in May to discuss potential approaches to fraudulent mobile charges. There should be industrywide adoption of strong security measures that cover the whole mobile payment process, especially via end-to-end encryption for sensitive financial information, the report said; encryption possibilities include data authentication during the transaction and secure storage on a mobile device. Companies also need to practice “privacy by design” in mobile payments, give consumers choice and build in transparency “from the outset,” it said. The report also warns that unlike merchants processing credit card transactions, mobile payment providers may have access to “a larger cache of personal information stored on the consumer’s mobile device.” The commission vote to issue the report was 4-0-1, with former Chairman Jon Leibowitz not participating. CTIA General Counsel Mike Altschul said the group welcomes the report: “CTIA and its members remain dedicated to working with retailers, third-party service providers, regulators and law enforcement to ensure consumer privacy and security in transactions involving mobile devices, and to remove fraud from the mobile consumer experience."