(Note: the below is a high level review of certain potential issues and is not to be relied upon in any definitive manner nor as legal and/or regulatory advice).
It is hard to escape the hype surrounding mobile payments. Whether you are attending a mobile payments session at the WMC, or reading a tweet or online article on the latest m-payment scheme – it’s all about mobile.
If anyone needs reminding of all the fuss, then the statistics speak for themselves. As reported in the European Commission Green Paper “Towards an integrated European market for card, internet and mobile payments” (January 2012): Juniper Research forecasts that between 2010 and 2012 the value of all m-payments worldwide will increase from USD 100 billion to USD 200 billion. Other studies suggest that the value of m-payments worldwide will surpass USD 1 trillion in 2014, totalling USD 350 billion in Europe alone.
These figures, while staggering, are no surprise given the consumer appetite for the take up and use of ever more increasingly sophisticated smart phones. But just how prepared is the EU legislative framework to capitalise on this market?
Classifying mobile payments
Before turning to the legal framework, it is useful to characterise what m-payments actually are. It gets confusing, mainly because the distinction between e-payments and m-payments is blurred, naturally so, when e-payments are carried out in whole or part via mobile phones. Using the above mentioned Green Paper as a guide, m-payments can be classified as both:
Remote m-payments: mostly take place through internet/WAP or through premium SMS services which are billed to the payer through the Mobile Network Operator (MNO).
Proximity payments: which generally take place directly at the point of sale. Using Near Field Communication (NFC), these payments require specifically equipped phones which can be recognised when put near a reader module at the point of sale (e.g. stores, public transport, parking spaces).
So, back to the regulations.
EU Mobile Payments – regulatory initiatives
To a large extent, there is a sound EU framework in place. Both the revised E-Money Directive (EMD) and Payment Services Directive (PSD) set out some of the key regulations applicable to most forms of e- and m-payments. However, the framework is not specifically targeted to m-payments and further progress can be made. Part of which is why two recent documents have been issued by each of the European Commission (the Green Paper mentioned above) and the European Payments Council, who have issued a White Paper on Mobile Payments (February 2012). Each body seeking stakeholder views and feedback on further developing m-payments.
I will leave aside the EPC’s White Paper. Mainly because the use cases it examines do not really grapple with current innovations and its priorities appear to reuse the infrastructure and business processes of current SEPA payment instruments. However, the Green Paper does go further and examines a variety of issues which are relevant to the e- and m-payment spaces. These range from potentially allowing e-money issuer/payment institutions access to designated settlement systems, requiring banks to share information on a customer’s availability of funds and greater transparency of fees which merchants charge their customers for payment services. All of these issues are indeed relevant and important to both achieve the objectives of a competitive internal market and balance the needs of the various participants in a payment transaction.
One area though which has not received any real focus relates to whether the customer protection rights relating to unauthorised payments enshrined in the PSD should be re-defined when it comes to m-payments. This will be of concern to those payment service providers (PSP) who implement proximity m-payments by way of NFC devices. One of the key advantages of NFC m-payments is the speed by which the customer can make payment. One factor which would limit this speed is the level or method of authentication required to provide comfort to the PSP that the payment is not unauthorised. The PSP requires this comfort as under the PSD, the payer only bears the loss of unauthorised payment amounts of up to 150 euros, and operationally, the PSP must ensure that the refunds to payers for unauthorised payments must typically be made immediately (Art 60(1)). Lack of a secure authorisation system could indeed leave a PSP exposed. One might say that the answer is simple, that is, just limit m-payments using NFC to 150 Euros (Art. 61(1)). There is nothing wrong with structuring a payment scheme in this manner, but I fear this threshold amount will become outdated (if not already) as the take up of NFC payments becomes more popular with customers and PSPs continue to economise on their own payment expenses by pushing customers to undertake larger transaction amounts. Perhaps a more appropriate liability structure would be for the customer to choose which level of liability they are comfortable (over and above the 150 euro example) based on their spending patterns, noting that they will not be liable after they have informed the PSP of the payment instrument being lost/stolen or used without consent. A customer may choose this higher level of liability in return for a lower fee structure in much the same way insurance companies offer different premiums depending on the excess level agreed with the customer.
In any event, the existing framework does require further examination to assist the growth of m-payments in Europe and the results of the EC’s consultation are eagerly anticipated.