The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.
Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.
The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.
It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.
Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.
Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.
The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.
Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.