The Federal Trade Commission is recommending mobile phone carriers let consumers block the ability to charge payments directly to their phone bills and take other measures to provide more transparency in mobile carrier bill transactions.
The suggestions were among a number of transparency- and privacy-related concerns raised in an FTC report about the proliferation of mobile payments technology. The report, issued last week by the FTC's Division of Financial Practices, takes particular aim at mobile carrier billing, where along with authentic transactions, the practice of "cramming" is on the rise. In cramming schemes, fraudulent charges are added to consumers' mobile phone bill, which the FTC says threatens to undermine mobile carrier billing as a legitimate and trusted payment option.
"However, there are no federal statutory protections governing consumer disputes about fraudulent or unauthorized charges placed on mobile carrier bills," the report says.
The report recommends that consumers should have the ability to block all third-party charges on their mobile account, including individual phones used by minors. Carriers should also provide consumers with more information about how third-party charges can be applied to accounts and how to block the feature, the report says. The FTC advocates wireless industry-led efforts to provide billing statements with standardized presentation of third-party charges, as well as creating statutory regulations to ensure that consumers have baseline protections.
"[A]n effective strategy requires participation by all entities involved in third-party billing — including mobile carriers, billing aggregators, and payment processors, which generally receive a portion of the third-party charges billed to a mobile account."
The mobile pay method has become a popular method to pay for things like mobile apps on the Google Play store, third-party ringtones and text message-based donation services, one of many popular technologies that charities are using, but that have also been targeted by would-be fraudsters.
The potential for consumers to get hit with fraudulent charges, or otherwise make inadvertent third-party purchases on their phones, mirrors issues that were raised about in-app purchases on some popular smartphone apps. After parent groups complained about children racking up large bills buying upgrades in smartphone games, Apple implemented an additional password authentication for the transactions and developers like Capcom added warnings in games like Smurfs' Village, one of the early targets of critics' ire.
The wireless industry trade group CTIA declined a PaymentsSource interview request about the FTC report, but provided a written statement.
"We welcome the FTC's report and its efforts to protect consumers as the growth in mobile payment usage continues to increase," CTIA senior vice president and general counsel Michael Altschul said in the emailed statement. "CTIA and its members remain dedicated to working with retailers, third-party service providers, regulators and law enforcement to ensure consumer privacy and security in transactions involving mobile devices, and to remove fraud from the mobile consumer experience."
In addition to consumers' adopting common sense measures like password-protected locks on their smartphones, the FTC report also encourages the development of enhanced security controls and data encryption that make mobile payments a more secure method over traditional card schemes.
"[U]nder the traditional payment system, financial data is often transmitted or stored in an unencrypted form at some point during the payment process," the report says. "By contrast, mobile payment technology allows for encryption throughout the entire payment chain, which is often referred to as 'end-to-end encryption.'"
Mobile payments can also enable dynamic data authentication, which provides single-use data transmissions between merchants and banks. The report says this method, which is also used in contactless cards, is an advantage over traditional card transactions, where the same financial information stored on a magnetic stripe is used each time a consumer makes a payment.
"Given that a major impediment to consumers' adoption of mobile payment technologies is the perceived lack of security, the incentives for industry to get security right should be strong," the report says. "Nevertheless, although the technology to provide enhanced security in the mobile payments market is available, it is not clear that all companies in this market are employing it."
"Mobile payment providers should increase data security as sensitive financial information moves through the payment channel, and encourage adoption of strong security measures by all companies in the mobile payments chain," the report adds later.
The report also highlights potential privacy issues with mobile-pay schemes, noting a counterbalance in traditional point of sale card transactions, where merchants can access data about what consumers purchase, but have limited access to individuals' contact information and financial institutions know more about consumers' identities and less about their specific purchases. But mobile payments allow multiple players to gather and consolidate personal and purchase data in a way that was not possible under the traditional payments regime.
"Such consolidation may provide benefits to consumers, such as helping merchants offer products or services that a consumer is more likely to want," the report says. "This collection of data may also help reduce the incidence of fraud. However, these data practices also raise significant privacy issues."
The report follows up on an April 2012 workshop that the FTC held to bring stakeholders together to discuss security and consumer protection issues in mobile payments. At the event, the FTC presented research on 19 U.S. mobile payment services, noting that 15 of the mobile pay options it reviewed allow consumers to fund mobile payments with credit and debit cards—which provide consumers with the greatest statutory protection against fraudulent charges—while fewer than half offered funding by bank account debit or mobile carrier billing, which offer fewer protections.
"Mobile payment users may not recognize that their protections against fraudulent or unauthorized transactions can vary greatly depending on the underlying funding source…For example, there are no federal statutes besides the FTC Act that protect consumers from unauthorized charges if their mobile payment mechanism is linked to a pre-funded account or stored-value card such as a gift card or general purpose reloadable card, also known as a pre-paid debit card," the report says.