The lack of a standard technology model for mobile point of sale payments is not only holding back consumer adoption, it's also affecting regulatory compliance, says Mphasis' Kumail Tyebjee.
"The compliance strategies for mobile payments are still all over the map," says Tyebjee, vice president and business leader for mobility for Mphasis, a business process outsourcing company.
Mphasis is including compliance as part of the consulting and services it offers through its mobility unit. The company helps financial institutions and other payment companies form strategies around device management, application development, settlement and security. The company is also developing a process to help institutions deploy and secure new mobile payment technology faster in response to changing market conditions. It also helps companies handle changes in security and compliance.
Mobile payment systems can be built around Near Field Communication chips, the display of QR codes, the use of cloud-based systems or other technology. "Most of the banks we are working with haven't embraced one form of mobile pay over another," Tyebjee says.
The uncertainty over both technology and compliance requires companies to build strategies without knowing what the standards will be in the future. There are rules, but they lack specifics, Tyebjee says.
"[Standards groups] are telling everyone to make sure they are addressing data protection for mobile payments, but there is still no standard on how data is being dealt with in payments," Tyebjee says, adding the company's experience in the healthcare payments industry—helping develop compliance strategies for HIPAA—will be helpful in managing compliance for mobile payments.
"In the healthcare industry there is a lot more data that has to be secured than in payments. In some ways the healthcare industry is even more complex," Tyebjee says.
There should be a lot of work for compliance consultants, given the confusion over mobile wallet governance as the market matures, according to industry experts.
A large portion of the payments industry is governed under the Consumer Financial Protection Bureau, as well as other portions of the Dodd-Frank law. There are dozens of rules that go into effect in the coming years, covering issues such as mobile payment, person to person transfers and remittances.
"Mobile wallet compliance is very complicated," says Randy Vanderhoof, executive director of the Smart Card Alliance, which offers information on NFC and mobile payments.
There are few clear details on the government's regulatory stance on mobile wallets that use cloud hosting to deliver the underlying technology, Vanderhoof says. As these details emerge in the coming years, compliance will be a moving target for merchants, issuers and other mobile wallet players.
"There is no precedent and no standard compliance roadmap," Vanderhoof says. "A lot of these mobile wallet solutions are coming out in the marketplace. As they get more popular and scale up, they're going to have to pass another regulatory hurdle. Not all of the solutions will make the cut, even if consumers adopt them."
There are also other agencies that regulate the different industries building mobile wallets. The FTC regulates consumer products, while the FCC regulates the telecom industry, for example.
"With some rules such as Regulation E (an FDIC consumer protection law) and Regulation Z (which governs financial disclosure to consumers), it seems pretty clear they will move over to mobile. But there are definitely a lot of places where the mobile market is moving faster than the regulations," says Mary Monahan, a research director for Javelin Strategy & Research, adding most of the other companies besides Mphasis that offer mobile wallet compliance services are law firms.
The compliance confusion is also being driven by the source of technology development, Monahan says. "Third parties can innovate because they are not covered as closely" as banks and other financial services companies, she says.