PREPARING THE LEGAL FRAMEWORK FOR MOBILE AND OTHER EMERGING

PAYMENTS

Presented by Marc Lemieux Marc.lemieux@fmc-law.com +1 514 878 8806 November 19, 2012

2

OVERVIEW

1. Regulatory oversight of mobile and other emerging payments and related market participants

2. Protection of consumers using mobile and other emerging payments

3. Misuse of mobile and other emerging payments to launder proceeds of crime or finance terrorist activities

4. Protection of personal information stored in or transmitted by mobile and other emerging payments

1- REGULATORY OVERSIGHT

4

CANADIAN PAYMENTS ACT

• Establishment of the Canadian Payment Association – Membership limited to banks and other FIs – Mandate to establish and operate payment systems (not oversee the

operations of payment systems established by others) – Payment card networks other than Interac clear their transactions

outside the scope of the Canadian Payment Association – Canadian Payment Association was not designed to oversee the

operations of participants in mobile and other emerging payments

• Oversight of designated payment systems – Section 37 CPA grants the Minister of Finance a discretionary power to

designate payment systems which are national in scope or play a major role in supporting transactions, «if it is in the public interest to do so»

– A satisfactory basis for oversight of the mobile and emerging payment industries?

5

PCSA

• The Payment, Clearing and Settlement Act (PCSA) is concerned with systemic risk

• Retail systems do not give rise to systemic risk as currently defined and understood

6

PCNA AND THE CODE OF CONDUCT

• The Payment Card Network Act (PCNA) currently defines a «payment card» as «a credit or debit card - or any other prescribed device - used to access a credit or debit account on terms specified by the issuer» (excluding «closed loop» credit cards issued for use only with the merchants identified on the card)

• The Code of Conduct currently applies to credit and debit card networks and their participants and covers the use of cards at the point-of-sale, on the internet and over the telephone

• The Code of Conduct does not however explicitly address mobile payment transactions

7

ADDENDUM TO CODE OF CONDUCT

• Addendum announced in September 2012 applies to credit and debit card networks, and their participants, that offer mobile payments at the point-of-sale

• «Payment card» networks interpreted to include «credit and debit payment applications» (apps - anything that stores, processes or transmits credit or debit card data electronically)

• Comments invited as to whether Addendum should apply to other mobile payment participants (MNOs, TSMs, etc.)

8

CERTAIN POLICY ELEMENTS MAINTAINED

• Element 1: Transparency and disclosure

• Element 2: Fee increases and introduction of new fees subject to a 90-day (or a 180-day if a structural change) prior notice

• Element 3: Right of merchants to cancel without penalty following notification of a fee increase or a new fee

• Element 5: Right of merchants to provide discounts for different methods of payment

• Element 9: Premium payment cards only given upon application by consumers of a well-defined and targeted class of cardholders based on spending or income

9

OTHER POLICY ELEMENTS ADAPTED

• Element 4: No obligation of merchants to accept all products available in the card network’s mobile wallet

• Element 6: Competing domestic apps can be stored on the same mobile device provided they are represented as separate

• Element 7: Equal branding applies to payment apps and consumers establish default preferences for payment options

• Element 8: Credit and debit payment functions can reside on the same mobile device (but not the same app)

• Element 10: Comments invited as to whether merchant consent is required for mobile where fees remain unchanged

10

FINPAY

• «Now that the Task Force has reported, what can you expect from the Government?»

• The Government established the «Finance Canada Payments Consultative Committee (FinPay)» to stay abreast of market developments and contribute to policy development (June 2012)

• «Our view of the Government’s role is to set overarching principles and a healthy regulatory environment for payments so that competition and innovation can take place»

• Principles include leaving interchange fees unregulated and continuing to preserve Interac (June 2012)

2- CONSUMER PROTECTION

12

BANK ACT CONSUMER PROTECTION

• Bank Act regulates «payment, credit or charge cards» issued by banks to «holders» but «payment, credit or charge cards» are not defined

• References in the Cost of Borrowing (Banks) Regulation and the Business Credit Practices to «credit cards» are not defined

• Prepaid Payment Products Regulation (draft released October 2012) defines a «prepaid payment product» as a «a payment card, whether physical or electronic that is – or can be – used by the card holder to make withdrawals or purchase goods or services»

13

DEBIT CARD SERVICES

• Canadian Code of Practice for Debit Card Services defines a «debit card» to mean «a card with electronically readable data» that is used to authorize transactions at point-of-sale terminals

14

TELCO CONSUMER PROTECTION

• Telecom Decision CRTC 2012-556 (October 2012) – Competition in the mobile wireless market continues to be sufficient

to protect the interests of users with respect to rates and choice of competitive service providers

– Canadian consumers may not however have all the information they need to effectively navigate the mobile wireless market and mobile wireless services are a significant source of consumer complaints

– While certain provinces have introduced consumer protection legislation these protections are not available to all Canadians across the country

– Mobile wireless service providers will abide by a code addressing the clarity and content of service contracts and related issues and the CRTC has issued a proceeding to establish such a code

15

QUEBEC CONSUMER PROTECTION

• Credit cards regulated but not defined

• Debit cards proposed to be regulated and defined as «electronic payment cards or any other electronic payment instruments, validated by a personal identification number or by any other means used to confirm the consumer’s identity, which allows the consumer’s account to be accessed for the purpose of transferring funds»

• Prepaid cards regulated and defined as «certificates, cards or other mediums of exchange that are paid in advance and allow the consumer to acquire goods or services from one or more merchants»

16

POLICY CONSIDERATIONS

• Which consumer protection policy elements in respect of credit, debit and prepaid cards should be applied «as-is» to mobile payment credit, debit and prepaid applications: – Disclosure of cost of borrowing and other charges in application forms,

contracts and advertising

– Periodic disclosure and minimum grace periods

– Other elements considered by the existing framework

• Are adaptations required? – Definitions of «cards» to be extended to «apps»

– Limitation of the consumer’s liability in case of loss, theft or other unauthorized use of the payment apps on a mobile device

3- MONEY LAUNDERING AND FINANCING OF TERRORIST ACTIVITIES

18

COVERED ENTITIES

• Banks and other «financial entities»

• «Entities engaged in the business of remitting or transmitting funds by any means or through any person, entity or electronic transfer network» (money services business or MSBs also covered by provincial MSB legislation)

• Are other participants in mobile and other emerging payments required to be deputized in the fight against financial crime?

19

DUTIES TO REPORT

• Suspicious transactions

• Transactions with listed persons

• Receipt of $10,000 or more in «cash»

• The sending out of Canada, or receiving from outside of Canada, an electronic funds transfer of $10,000 or more

• The importation or exportation of «currency» or «money instruments»

20

CURRENT REFORM

• Consultation Paper launched in December 2011

• Should prepaid cards and mobile devices constitue «monetary instruments» for the purpose of importation and exportation reporting?

• Should the $10,000 threshold that applies to cash receipts and international electronic fund transfers be reduced?

• Should customer due diligence requirement be extended to prepaid access devices?

• What non-face-to-face identification measures should be used by credit card companies to assess account applications?

21

U.S. REFORM (JULY 2011)

• Targeted approach to regulating sellers of prepaid access products: – Focuses on cases where inherent features of products or high dollar

amount pose a heightened risk – Excludes prepaid products of $1,000 and less and certain payroll

products – Excludes closed loop prepaid access products that provide access to

less than $2,000 per day – Excludes government funded health and dependant care prepaid

access programs

• Where mobile devices give access to bank accounts, services that provide connectivity between a customer and its bank are not separately covered by AMLATF compliance

4- PRIVACY AND THE PROTECTION OF PAYMENT INFORMATION

23

24

RISKS OF INFORMATION THEFT

• Phishing and malware: theft of information while the mobile device is in the hands of the consumer

• Interception of payment data at the point-of-sale

• Data breaches while information is stored in the hands of the merchant, the acquirer or third-party service suppliers

25

LIABILITIES IN CASE OF DATA BREACH

• The personal payment information of consumers of mobile and other emerging payments is protected by PIPEDA

• But which participants in the payment system are liable in case of a data breach? – Recent U.S. cases: Patco and Experi-Metals (customers’ systems

breached) and Sections 202 and 204 of Article 4A of the Uniform Commercial Code in the U.S.

– Other recent cases: Hannaford and Wyndham (merchants’ systems breached)

• Should we regulate contractual practices between banks and their customers regarding unauthorized payments made through mobile devices or stolen information?

The preceding presentation contains examples of the kinds of issues companies looking at Alternative Dispute Resolution could face. If you are faced with one of these issues, please retain professional assistance as each situation is unique.

Thank you! Marc.lemieux@fmc-law.com

+1 514 878 8806

LinkedIn