Earlier this month, the Federal Trade Commission released a staff report outlining key issues facing consumers and companies as they adopt mobile payment services, entitled “Paper, Plastic . . . or Mobile? An FTC Workshop on Mobile Payments.” The report is based on a workshop held by the FTC in 2012 to examine the mobile payment industry.
Consumer use of mobile payment services continues to grow quickly. Mobile payment systems have the potential to be beneficial for both companies and consumers. However, many issues regarding fraud, privacy and security arise, and the FTC is looking to the industry to take the lead on establishing sound policies.
The FTC encourages companies that use mobile payment systems to develop clear policies on the resolution of disputes regarding unauthorized or fraudulent charges. Consumers fund their mobile purchases from a variety of sources (e.g., credit cards, bank account, mobile phone bills) and under current regulations each different method of funding has a different process for consumers to dispute an unauthorized or fraudulent charge. The FTC wants to create a clearer and streamlined process for consumers if an issue were to arise regarding a disputed charge. The FTC is planning to hold a separate roundtable on this issue in May.
The report highlights the problems associated with “cramming,” which involves placing unauthorized charges on a consumer’s phone bill. The FTC suggests that mobile carriers should perform some due diligence on companies from which they accept charges.
The report also discusses the idea of “privacy by design,” which involves strong privacy policies and transparency for consumers from inception of a company’s offerings. Consumers understand that they will need to provide some information to access a company’s services, but consumers may want to control how that information is stored and shared. The FTC and the industry realize that mobile payment systems can be an efficient, favored payment method. However, companies offering mobile payments need to be clear to consumers about how their data is being collected, maintained and used. Privacy issues are of paramount concern when using mobile payment systems because of the enormous amount of data available on smartphones.
The report also notes the potential privacy issues that can occur in the mobile payment process. Since mobile payment providers have access to both the financial information and contact information of the payer, they are in a position to create a serious privacy breach. The report suggests that companies consider privacy throughout the process of development, be transparent regarding data practices, and allow consumers options on how they want their information to be collected.
The report also encourages the industry to adopt measures to ensure that the entire mobile payment process is secure since financial information could potentially be disclosed. The FTC notes that there is technology available to make the protection of payment information more secure and suggests that financial information should be encrypted at all points in the transaction.
Companies should take note of the FTC’s report and adjust their practices. The FTC has put companies on notice about its expectations in mobile payments. It would not surprise us to see enforcement actions in the future in the area. Companies should, in particular, make clear their policy for explaining charges, and how they can be authorized. The more support a company has in showing that a charge is justified, the easier it will be to defend. This kind of specificity may also help influence authorities from even bringing charges. When offering mobile payment services, opt-in screens requiring a click or a password to make a charge and making sure the network is secure are best practices that may save an organization from being on the receiving end of an enforcement action.
According to a recent NBC News report, Equifax, one of the three largest American credit reporting agencies, has assembled an enormous database containing employment and salary information for more than 190 million U.S. adults. Very few people knew of the existence of the database, but the information in it allegedly is being sold to third parties without consumers’ consent.
According to the report, an Equifax-owned company, The Work Number obtains substantial information– through the assistance of human resources departments and other sources around the country including government agencies and Fortune 500 companies. The Work Number then sells this information. According to The Work Number’s website, payroll information comes from over 2,000 employers. Reports have stated that the database is so detailed that for many individuals it has weekly pay information, as well as other sensitive information such as the identity of the individual’s health care provider and whether the individual has ever filed a claim for unemployment benefits.
Seven members of Congress recently wrote a letter to Equifax asking for more information on the legality of The Work Number. “What is most concerning to us is that this massive database appears to generate revenue using consumers’ sensitive personal information for profit,” the letter states.
Companies state that they agree to sign up for The Work Number because it gives them a simple way to outsource employment verification of former employees. Companies provide their human resources information to The Work Number and The Work Number automates the process. There is no longer a need for companies to spend the time to verify a former employee’s work history.
In 2009, according to the NBCNews.om report, Equifax said that the data The Work Number had amassed covered 30 percent of the working U.S. population, and the database is now adding 12 million records annually according to NBCNews.com.
It is not entirely clear what Equifax is doing with the data, where it is selling it, and what can be sold without consent. In a statement after NBCNews.com broke the story Equifax said, “The Work Number does not provide debt collectors with salary/pay rate/income information. They can request only employment verification data which The Work Number will provide if there is permissible purpose as detailed by the Fair Credit Reporting Act.” Equifax also denied reports that the salary information is sold to debt collectors.
Equifax did confirm that “pay rate” information is shared with third parties including mortgage, automobile, and other financial services companies — as authorized under the Fair Credit Reporting Act.
Since the data is considered a credit report, consumers are entitled to one free report every year, which shows the data contained in the reports and what entities have requested the data.
Companies that collect and share data will continue to face scrutiny from state and federal government agencies that have shown a consistent effort focused on protecting consumers’ privacy rights. Consumer protection laws continue to evolve and provide individuals with specific rights as well as restrictions on companies regarding information that can be shared. All companies that deal with consumer information need to take a proactive approach to make sure that they are in compliance with all governing laws. The FTC, in particular, has shown a willingness and focus to utilize laws such as the Fair Credit Reporting Act to take enforcement action against companies offering employment and credit data.
As part of its aggressive program to protect consumers in financial matters, the Consumer Protection Financial Bureau (CFPB) has announced that it is prepared to adopt a controversial “disparate impact” theory of liability against lenders. A case that the U.S. Supreme Court may accept would have a major impact on whether the CFPB is actually going to be able to do that.
The “disparate impact” theory was first articulated by the Supreme Court and further addressed by the Civil Rights Act of 1991 in the employment discrimination context. In a 1971 decision, Griggs v. Duke Power Co., the Court held that Title VII “proscribes not only overt discrimination but also practices that are fair in form, but discriminatory in operation.”
In the employment context, under Griggs, even though an employer may not intend to discriminate against a protected group, it may still be found liable under anti-discrimination laws for practices that disproportionately disadvantage such a group.
The theory was administratively adopted for federal fair lending laws in the 1990s, as laid out in a 1994 Interagency Policy Statement on Fair Lending. This statement from the Department of Justice and other federal agencies says that lenders may be liable for fair lending law violations if their policies or practices are shown to have a disparate impact on protected groups – even if there was no intent to discriminate. The statement, however, does not have the force of law.
In addition, the federal government, in practice, had not aggressively pursued fair lending cases in the absence of intentional discrimination against a protected group — until the Obama Administration’s CFPB announced its intention to use the “disparate impact” theory.
That is where the pending Supreme Court case, Mount Holly v. Mount Holly Gardens Citizens in Action, Inc. comes in. In that case, the Township of Mount Holly, N.J., made plans to redevelop a blighted residential area that was primarily inhabited by low- and moderate-income minority residents. Under the plan, the neighborhood would be demolished, and significantly more-expensive housing would be built. Many of the residents objected to the redevelopment, saying that their neighborhood would be destroyed and that they would not be able to afford to live in the new neighborhood. They sued under the Fair Housing Act, alleging that although the plan was not specifically targeted against minorities, it would have a disparate impact on them. The U.S. Court of Appeals for the Third Circuit allowed the case to proceed, and the Supreme Court is now considering it.
The issue is whether “disparate impact” is cognizable under the Fair Housing Act, as it is in the employment context. If the Court holds that impact as well as intent leads to a cause of action under the Fair Housing Act, the CFPB will go ahead and act under the theory. It will bring cases, for example, against banks that make loans only in areas that happen to be inhabited by high-income people and decline to make loans in areas where low-income people (many of whom are minorities) live. It will use geography as a proxy for racial or ethnic discrimination: Where were loans made, and where were they denied?
The Supreme Court has not yet decided whether it will hear the Mount Holly case. The most recent activity was the Court’s request, at the end of October, that the U.S. solicitor general formally express the views of the U.S. government on the issue. The solicitor general has not yet filed, and it will probably be a few weeks until he does file and the justices consider the SG’s arguments and decide whether to grant certiorari.
Consumer advocacy groups have actively pushed the disparate impact theory. The National Fair Housing Alliance has filed administrative complaints against Bank of America, Wells Fargo, and U.S. Bancorp, alleging that bank practices in maintaining foreclosed properties discriminate against people in predominantly black and Hispanic neighborhoods. Bank of America, Wells Fargo and SunTrust have recently paid some $500 million to settle claims: Since the banks opted to settle these cases, there was no formal legal ruling on the theory of liability.
Thus, “disparate impact” has been slowly taking hold in the lending context – without any real statutory basis or judicial clarification. The theory is still being used only by extension or analogy to the employment context. A high court ruling would clarify this very important area of law. Lenders, developers, and borrowers are waiting for clarification.
The Commodity Futures Trading Commission (CFTC) is apparently going to appeal a U.S. district judge’s ruling that had overturned its decision to impose limits on the number of contracts that commodity traders can hold.
The CFTC had found that under the recently passed Dodd-Frank law, which amended the Commodity Exchange Act of 1936, it now need not make a finding of “necessity” before it puts forth a rule to impose these position limits. It had ruled, in fact, that it was mandated by Congress to set limits and that it had no discretion to choose not to impose such limits.
The swaps and derivatives industries, however, challenged the CFTC’s interpretation in U.S. District Court for the District of Columbia. The industries contended that even under the Dodd-Frank amendments, the agency must find that it is “necessary and appropriate” to set position limits. In other words, for each given commodity, it would need to show that there was a risk of dangerous speculation.
On September 28, U.S. District Judge Robert Wilkins rejected the CFTC’s position. He sent the rule back to the CFTC for further consideration, just two weeks before the limits were set to take effect. He said that Dodd-Frank did not give the agency a “clear and unambiguous mandate” to set position limits without showing they were necessary in each instance.
The law, wrote Judge Wilkins, requires “that the Court remand the rule to the agency so that it can fill in the gaps and resolve the ambiguities.”
One would think that the agency would accept this direction from the judge and come up with an interpretation of the Dodd-Frank law that would indeed fill in gaps and resolve ambiguities. That is what an agency is supposed to do.
Now, however, according to Reuters and other reports in early November, there appears to be a CFTC majority – three of the five commissioners — in favor of appealing Judge Wilkins’ decision to the U.S. Court of Appeals for the D.C. Circuit.
It seems odd to us, at the very least, that the agency is insisting on an interpretation of the Dodd-Frank law that strips it of all discretion and requires it to set position limits for dozens of commodities without a finding that the limits are going to be helpful to police the markets and limit excessive speculation. Especially now that a judge has ruled that Congress didn’t unambiguously decide to tie the agency’s hands, why pursue this appeal?
There may be a legal hurdle or two for the Consumer Financial Protection Board to jump after the recess appointment of agency director Richard Cordray (the House Judiciary Committee held a hearing on the matter on February 15). But the consumer protection agency created under the Dodd-Frank Wall Street Reform Act of 2010 is pressing forward with its initiatives. Not too surprisingly, several recently proposed initiatives from the agency would stretch the agency’s authority into areas that extend beyond the industries targeted in the Dodd-Frank Act.
The day after the House Judiciary Committee debated the constitutionality of Cordray’s appointment (it doesn’t appear that the hearing was much more than some Republican caterwauling for the record), the CFPB released news of its first major regulatory proposal: to bring consumer credit reporting agencies and debt collection services under its scrutiny.
Those who are vaguely familiar with Dodd-Frank may be aware that the legislation gives the CFPB oversight of specific nonbank markets for (1) nonbank mortgage companies, (2) payday lenders, and (3) private student lenders. These are popular and understandable targets for probes of predatory lending practices. Headlining these industries as needing increased oversight is part of what made the legislation popular and easier for Congress to pass. So where do credit reporting agencies and debt collectors fit under the regulatory scheme? Quite simply, the Dodd-Frank Act also provides for CFPB oversight of other nonbank financial companies that are “larger participants of a market for other consumer financial products or services.”
Oversight of “larger participants”? What on earth does that mean? Congress doesn’t appear to have given clear guidance on what it meant by “larger participants,” leaving the term to the agency to define. As certain as the law of gravity is the law of bureaucratic power: What is not confined (by legislative delineation) necessarily will expand.
Don’t assume that the Dodd-Frank Act’s vagueness concerning what the CFPB would oversee was … well, an oversight. Congress often provides a broad policy concept and then delegates to administrative agencies the power to run with their interpretation and execution of that concept. Hence the impossibly cumbersome Code of Federal Regulations. Even so, however, the breadth of the power delegated to the new consumer protection agency is a bit much.
To the CFPB’s immense credit, it has published at least two requests for public comment to help it define “larger participants” and included an article on the agency’s blog regarding the matter. Indeed, the CFPB seems to be doing a pretty good job of explaining its steps and initiatives and of providing a user-friendly forum to keep the public apprised of their actions. And it is not entirely the agency’s fault that it is obeying the laws of bureaucratic power reach – it would be unnatural for the agency to try to constrict its authority.
What we should glean from the CFPB’s latest proposal, though, is that the CFPB will be running with its power and companies that provide any kind of consumer finance product must be aware of the possibility of government scrutiny.