Given the importance of payment infrastructure to the global economy, and the lucrative prospects of owning or running such infrastructure, it will come as little surprise that many entrepreneurs are racing to develop new payment solutions and large payment companies have been on acquisition sprees as they seek to update and build out their existing networks.
This focus on developing new payment systems and enhancing existing payment systems has caught the attention of the Consumer Financial Protection Bureau (“CFPB”). For the benefit of those working to develop and improve their payment systems, the CFPB has issued nine consumer protection principles to keep in mind in connection with such development:
1. Consumer Control Over Payments. Consumers should have control over payments, including their authorizations, the length of time for which such authorization is valid, and the ability to revoke an authorization.
2. Data and Privacy. Consumers should be kept informed as to how their data is used, who has access to their data, and potential risks associated with transfer of their data. Data collected should only be used to benefit consumers, and consumers should be able to specify what data is accessible by third parties.
3. Fraud and Error Resolutions Protections. The system should incorporate protections against mistaken, fraudulent, unauthorized, and erroneous transactions. The system should also create adequate records for post-transaction evaluation, allow the reversal of erroneous and unauthorized transactions, and comply with all regulatory requirements.
4. Transparency. Consumers should have real-time access to information about each transaction, such as payment confirmations and receipt of funds, as well as timely disclosure of costs, risks, fund availability, and security.
5. Cost. Fees charged to consumers should be disclosed in a way which allows consumers to compare the costs of using different payment options and should not obscure the full cost of making or receiving a payment.
6. Access. The system should be broadly accessible to consumers, widely accepted by businesses and other consumers, and permit access to such system through qualified intermediaries.
7. Funds Availability. The system should provide fast guaranteed access to funds.
8. Security and Payment Credential Value. The system should have built in protection to detect and limit errors, unauthorized transactions, and fraud. These protections should safeguard against and respond to data breaches. The System should enable gateway institutions to offer enhanced security protections and limit the value of consumer payment credentials.
9. Accountability Mechanisms. The system should align the incentive of system operators, participants, and end users. Commercial participants should be accountable for the risks, harm, and costs they introduce into the system and should be incentivized to prevent and correct fraudulent, unauthorized, or erroneous transactions. The system should also have automated monitoring capabilities, incentives for participants to report misuse, and transparent enforcement procedures.
The release from the CFPB is available here: http://files.consumerfinance.gov/f/201507_cfpb_consumer-protection-principles.pdf.
We recommend that those companies running or developing any type of payment system accommodate the above principles in their development process. As this is a rapidly changing area of the law, we also recommend staying up to date with the latest requirements and recommendations of the CFPB and other applicable regulatory agencies.
– James Kramer, Attorney, Jaffe Raitt Heuer & Weiss, P.C.