InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Payment Network Providers Seek Collaboration On Digital Payment Standard
On October 1, three payment network providers proposed that industry stakeholders collaborate on a token-based global security standard for online and mobile commerce. To meet growing consumer demand for secure digital transactions, the providers propose replacing traditional account numbers with a digital payment “token” for online and mobile transactions. They argue that tokens provide an additional layer of security and eliminate the need for merchants, digital wallet operators or others to store account numbers. The proposed standard used to generate tokens would be based on existing industry standards and would be available to all payment networks and other payment participants. The providers identify the following as key elements of the proposed standard: (i) new data fields to provide richer information about the transaction, which can help improve fraud detection and expedite the approval process, (ii) consistent methods to identify and verify a consumer before replacing the traditional card account number with a token, and (iii) a common standard designed to simplify the process for merchants for contactless, online or other transactions. The proposed standard incorporates comments from card issuers and merchants, and the participants intend to seek further collaboration from standard-setting bodies and other stakeholders.
CFPB Credit Card Report Identifies Practices For Further Scrutiny
On October 2, the CFPB released its first review of the consumer credit card market. The Credit Card Accountability Responsibility and Disclosure Act of 2009 (the CARD Act) requires the CFPB to prepare a report every two years to examine developments in the consumer credit card marketplace, including (i) the terms of credit card agreements and the practices of issuers, (ii) the effectiveness of disclosures, and (iii) the adequacy of UDAP protections. The CFPB also must review the impact of the CARD Act on (i) the cost and availability of credit, (ii) the safety and soundness of issuers, (iii) the use of risk-based pricing, and (iv) product innovation. In connection with this initial report, the CFPB hosted a credit card field hearing in Chicago, IL, at which Director Cordray reviewed the report’s findings and industry representatives and consumer advocates discussed the current state of the credit card market.
In its review of the post-CARD Act market, the CFPB found that the CARD Act largely accomplished its intended goals. The CFPB reports that: (i) the total cost of credit declined by two percentage points between 2008 and 2012; (ii) overlimit fees and repricing actions have been effectively eliminated; (iii) the size of late fees has decreased; (iv) there is sufficient available credit, notwithstanding the impacts of the financial crisis, but less than in 2007; and (iv) the CARD Act’s ability-to-repay provisions have protected young consumers.
However, the CFPB identifies numerous concerns it has about the credit card market, including “practices that may pose risks to consumers and may warrant further scrutiny by the Bureau.” Those concerns include:
- Add-on products: The CFPB remains concerned about the ways these products are marketed and will continue to pursue allegedly deceptive practices. All of the CFPB’s major enforcement actions to date have involved add-on products, most of which related to credit cards.
- “Fee harvester” cards: The CFPB recognizes that some upfront fees that exceed 25% of the initial credit limit have been held not to be covered by the CARD Act because a portion of the fees are paid prior to account opening. Still, the CFPB plans to monitor the use of application fees in connection with account openings to determine if it should take action under its available authorities.
- Deferred interest products: The CFPB intends to study the risks and benefits of private label cards that finance purchases without interest for a period of time but then assess interest retroactively if the balance is not paid in full by a given date.
- Online disclosures: The CFPB intends to assess the methods by which card issuers provide consumers with disclosures when they access their accounts online.
- Rewards products disclosures: The CFPB will review whether disclosures for “highly complex” rewards products are being made in a clear and transparent manner and whether “additional action” is warranted.
- Grace period disclosures: The CFPB believes it may need to take action to ensure that disclosures sufficiently inform consumers that once they carry a credit card balance into a new billing cycle, they no longer enjoy the grace period on new purchases.
Congressional Democrats Seek Information on Student Debit Cards; CFPB Plans "Banking on Campus" Event
On September 26, several Democratic Members of Congress, including Assistant Senate Majority Leader Dick Durbin (D-IL), House Financial Services Ranking Member Maxine Waters (D-CA), House Education Committee Ranking Member George Miller (D-CA), and Senate Banking Committee members Sherrod Brown (D-OH) and Elizabeth Warren (D-MA), sent letters to the CEOs of numerous financial institutions asking that the institutions explain their student debit card deals with colleges and universities. The letters ask each financial institution for: (i) a list of colleges/universities where the institution has an agreement to enroll students in any deposit account or prepaid debit account and where the marketing, materials or financial instruments used to access such accounts are co-branded with a college or university logo, symbol, mascot or name; (ii) the number of accounts opened through agreements at each institution of higher education listed from the previous question, and the total fees collected from such accounts over the last three academic years; (iii) the total value of monetary and non-monetary remuneration provided to such institutions of higher education for the marketing of these products over each of the last three academic years; and (iv) whether any of the institution’s employees or agents have ever provided any monetary or non-monetary gift to an employee or agent of an institution of higher education, including meals, entertainment, gift cards, or compensation for an advisory committee above a $10 value as part of the institution’s marketing strategy over the past three academic years.
Earlier this year the CFPB initiated a review of campus affinity relationships, and on Monday, September 30, the CFPB is hosting an event regarding financial products offered at colleges.
FDIC Promises Guidance on Bank Payment Processing
On September 17, FDIC Chairman Martin Gruenberg responded to a letter sent recently by Republican members of the House of Representatives, in which the members objected to the agency’s approach toward online lending and the banks that process payments on behalf of online lenders. In his response letter, Chairman Gruenberg explains the FDIC’s approach to the issue, describes the challenges for banks who do business with online lenders and third party payment processors, and promises “ a Financial Institution Letter . . . to make it clear that the FDIC's focus is the proper management of the banks' relationships with their customers, particularly those engaged in higher risk activities, and not underlying activities that are permissible under state and federal law.”
FTC Announces Settlement of First Text Message Debt Collection Action
On September 25, the FTC announced the settlement of its first case against a debt collector for using text messaging to attempt to collect debts in an allegedly unlawful manner. The complaint, filed on August 23, alleged that an individual and the two debt collection companies he controlled violated the FDCPA and FTC Act when the companies failed to disclose in English- and Spanish-language text messages and phone calls that the companies were debt collectors and that they falsely portrayed themselves as law firms. The FTC also alleged that the defendants illegally revealed debts to the consumers’ family members, friends, and co-workers. To resolve the FTC’s claims, the companies agreed to pay a $1 million civil penalty, agreed not to send text messages omitting the disclosures required by law and agreed to obtain a consumer’s express consent before contacting them by text message. The defendants are also barred from falsely claiming to be law firms and from falsely threatening to sue or take any action – such as seizure of property or garnishment – that they do not actually intend to take.
Federal District Court Holds Work-Issued Computer Not A "Facility" Under Stored Communications Act
On September 18, the U.S. District Court for the Western District of Washington held that an employee’s computer, issued by the employer, is not a “facility” subject to protections of the Stored Communications Act. Roadlink Workforce Solutions, L.L.C. v. Malpass, No. 13-5459, 2013 WL 5274812 (W.D. Wash. Sept. 18, 2013). In this case, an employer sued a former employee for allegedly copying and then deleting certain information from an employer-issued computer before leaving to work for a competitor. The employer claimed a private right of action under the Stored Communications Act based on its allegation that the former employee intentionally exceeded his authorization to access a “facility through which an electronic communication service” it provided, and obtained and altered an electronic communication while it was in electronic storage. The court held that the employer-issued computer was not a facility through which an electronic communication service is provided, citing to previous decisions holding that including personal computing devices within the definition of “facility” would render other parts of the SCA illogical. The court reasoned that the plaintiff’s definition of facility would mean that any web site accessed on the computer would be a “user” of the communication service provided by the computer, and exempt from the SCA because of the exception for communications “of or intended for” that website. The court also held that the employer failed to demonstrate that the files accessed were in electronic storage because emails that have been opened but not deleted to not fit the SCA’s definition of “storage.” The court dismissed the employer’s SCA claim and a claim under the Computer Fraud and Abuse Act, but retained jurisdiction over certain state claims.
Next CFPB Field Hearing to Focus on Credit Cards
On September 16, the CFPB announced a field hearing on credit cards to be held on October 2, in Chicago, IL. The event, which is open to members of the public who RSVP, will feature remarks from CFPB Director Richard Cordray, as well as testimony from consumer groups and industry representatives.
In the past, the CFPB has made policy announcements in connection with field hearings. In this case, the hearing could be related to the CFPB’s study of credit card issues, as required by the 2009 Credit CARD Act. Section 502 of that act requires the CFPB to prepare a study every two years on: (i) the terms of credit card agreements and the practices of credit card issuers; (ii) the effectiveness of disclosure of terms, fees, and other expenses of credit card plans; (iii) the adequacy of protections against unfair or deceptive acts or practices relating to credit card plans; and (iv) whether or not, and to what extent, the implementation of the act has affected cost and availability of credit, the safety and soundness of credit card issuers, the use of risk-based pricing, or credit card product innovation.
The hearing also could relate to the CFPB’s ongoing arbitration agreement study. Director Cordray testified last week that, in connection with that study, the CFPB “very recently” exercised its authority under Dodd-Frank Act Sec. 1022 to order “a number of companies” to provide template consumer credit agreements.
Federal Reserve Banks Seek Public Input on Threats to Payment System
On September 10, the Federal Reserve Banks issued a public consultation paper that identifies “key gaps and opportunities” in the U.S. payment system. They include: (i) payment recipients prefer other forms of payments than checks but exercise little control over the sender to request a preferred form of payment, (ii) the system lacks a “near-real-time” payment capability, (iii) innovations have not gained significant market penetration while legacy systems tend to be more ubiquitous, (iv) legacy systems lack certain desired features, including, for example, assurance that a payment will not be returned or reversed, (v) cross-border payments are slow and costly, and lack fee and timing transparency, (vi) some digital wallet applications reduce the visibility and choice of payment instrument at the point of sale, (vii) businesses’ legacy payment and accounting systems make straight-through processing difficult, but are costly to change, and (viii) data security fears inhibit adoption of electronic payments. The paper outlines certain desired outcomes and seeks input on strategies and tactics to address the perceived gaps and shape the future of the domestic payment system. Interested stakeholders can submit comments until December 13, 2013.
FTC Advisory Opinion Supports Money Transmitters' Proposed Information Exchange
On September 4, the FTC’s Bureau of Competition issued an advisory opinion responding to a national money transmitters’ trade association inquiry about its planned information exchange regarding terminated U.S. money transmitter agents. According to the opinion, (i) the database will contain information regarding former U.S. sending and receiving agents whose contractual relationships were terminated due to failure to comply with federal and/or state law, or money transmitter contract terms or policies, (ii) exchange membership will be open to all licensed non-bank money transmitters, and (iii) participation in the information exchange will be voluntary, and each member of the information exchange will retain the right to decide unilaterally whether to appoint an agent that has been terminated by another exchange member. The FTC staff determined that the program (i) appears unlikely to harm competition, (ii) will contain several safeguards to lessen the risk of harm to competition and consumers, such as the appointment of a third-party vendor to maintain and secure the information exchange database, and (iii) is likely to improve the money transmitters’ ability to comply with federal and state laws designed to prevent money laundering, terrorist financing, and other criminal behavior, and enhance consumer welfare by preventing the appointment of fraudulent or criminal money transmitter agents.
Fifth Circuit Restores Negligence Claim in Data Breach Case
On September 2, the U.S. Court of Appeals for the Fifth Circuit restored a group of financial institutions’ negligence claim against a payment processor in Lone Star Nat. Bank v. Heartland Payment Systems, No. 12-20648, 2013 WL 4728445 (5th Cir. Sept. 3, 2013). The restored claim relates to a 2008 data breach of a payment processor’s systems that exposed 130 million credit card numbers to cyberthieves. As a result of the breach, the institutions incurred costs to replace consumers’ compromised credit cards and to refund fraudulent charges. The ruling reversed the district court, which held that New Jersey’s economic loss doctrine barred the institutions’ negligence claim and limited them to seeking contractual remedies from the payment processor. The Fifth Circuit ruled that negligence claims for such losses are permitted where, as here, there is a distinguishable class of plaintiffs who are owed a duty and the defendant is not exposed to boundless liability.