[House Hearing, 112 Congress] [From the U.S. Government Publishing Office] THE FUTURE OF MONEY: HOW MOBILE PAYMENTS COULD CHANGE FINANCIAL SERVICES ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON FINANCIAL INSTITUTIONS AND CONSUMER CREDIT OF THE COMMITTEE ON FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES ONE HUNDRED TWELFTH CONGRESS SECOND SESSION __________ MARCH 22, 2012 __________ Printed for the use of the Committee on Financial Services Serial No. 112-110 U.S. GOVERNMENT PRINTING OFFICE 75-082 WASHINGTON : 2012 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office, http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected]. HOUSE COMMITTEE ON FINANCIAL SERVICES SPENCER BACHUS, Alabama, Chairman JEB HENSARLING, Texas, Vice BARNEY FRANK, Massachusetts, Chairman Ranking Member PETER T. KING, New York MAXINE WATERS, California EDWARD R. ROYCE, California CAROLYN B. MALONEY, New York FRANK D. LUCAS, Oklahoma LUIS V. GUTIERREZ, Illinois RON PAUL, Texas NYDIA M. VELAZQUEZ, New York DONALD A. MANZULLO, Illinois MELVIN L. WATT, North Carolina WALTER B. JONES, North Carolina GARY L. ACKERMAN, New York JUDY BIGGERT, Illinois BRAD SHERMAN, California GARY G. MILLER, California GREGORY W. MEEKS, New York SHELLEY MOORE CAPITO, West Virginia MICHAEL E. CAPUANO, Massachusetts SCOTT GARRETT, New Jersey RUBEN HINOJOSA, Texas RANDY NEUGEBAUER, Texas WM. LACY CLAY, Missouri PATRICK T. McHENRY, North Carolina CAROLYN McCARTHY, New York JOHN CAMPBELL, California JOE BACA, California MICHELE BACHMANN, Minnesota STEPHEN F. LYNCH, Massachusetts THADDEUS G. McCOTTER, Michigan BRAD MILLER, North Carolina KEVIN McCARTHY, California DAVID SCOTT, Georgia STEVAN PEARCE, New Mexico AL GREEN, Texas BILL POSEY, Florida EMANUEL CLEAVER, Missouri MICHAEL G. FITZPATRICK, GWEN MOORE, Wisconsin Pennsylvania KEITH ELLISON, Minnesota LYNN A. WESTMORELAND, Georgia ED PERLMUTTER, Colorado BLAINE LUETKEMEYER, Missouri JOE DONNELLY, Indiana BILL HUIZENGA, Michigan ANDRE CARSON, Indiana SEAN P. DUFFY, Wisconsin JAMES A. HIMES, Connecticut NAN A. S. HAYWORTH, New York GARY C. PETERS, Michigan JAMES B. RENACCI, Ohio JOHN C. CARNEY, Jr., Delaware ROBERT HURT, Virginia ROBERT J. DOLD, Illinois DAVID SCHWEIKERT, Arizona MICHAEL G. GRIMM, New York FRANCISCO ``QUICO'' CANSECO, Texas STEVE STIVERS, Ohio STEPHEN LEE FINCHER, Tennessee James H. Clinger, Staff Director and Chief Counsel Subcommittee on Financial Institutions and Consumer Credit SHELLEY MOORE CAPITO, West Virginia, Chairman JAMES B. RENACCI, Ohio, Vice CAROLYN B. MALONEY, New York, Chairman Ranking Member EDWARD R. ROYCE, California LUIS V. GUTIERREZ, Illinois DONALD A. MANZULLO, Illinois MELVIN L. WATT, North Carolina WALTER B. JONES, North Carolina GARY L. ACKERMAN, New York JEB HENSARLING, Texas RUBEN HINOJOSA, Texas PATRICK T. McHENRY, North Carolina CAROLYN McCARTHY, New York THADDEUS G. McCOTTER, Michigan JOE BACA, California KEVIN McCARTHY, California BRAD MILLER, North Carolina STEVAN PEARCE, New Mexico DAVID SCOTT, Georgia LYNN A. WESTMORELAND, Georgia NYDIA M. VELAZQUEZ, New York BLAINE LUETKEMEYER, Missouri GREGORY W. MEEKS, New York BILL HUIZENGA, Michigan STEPHEN F. LYNCH, Massachusetts SEAN P. DUFFY, Wisconsin JOHN C. CARNEY, Jr., Delaware FRANCISCO ``QUICO'' CANSECO, Texas MICHAEL G. GRIMM, New York STEPHEN LEE FINCHER, Tennessee C O N T E N T S ---------- Page Hearing held on: March 22, 2012............................................... 1 Appendix: March 22, 2012............................................... 29 WITNESSES Thursday, March 22, 2012 Leach, Troy, Chief Technology Officer, PCI Security Standards Council, LLC................................................... 6 Martindale, Suzanne, Staff Attorney, Consumers Union of U.S., Inc............................................................ 11 McLaughlin, Ed, Chief Emerging Payments Officer, MasterCard Worldwide...................................................... 7 Oliver, Richard R., Payments Consultant/Retired Executive Vice President, the Federal Reserve Bank of Atlanta, and co-author of ``Mobile Payments in the United States: Mapping Out the Road Ahead''........................................................ 4 Vanderhoof, Randy, Executive Director, Smart Card Alliance....... 9 APPENDIX Prepared statements: Leach, Troy.................................................. 30 Martindale, Suzanne.......................................... 39 McLaughlin, Ed............................................... 43 Oliver, Richard R............................................ 55 Vanderhoof, Randy............................................ 58 THE FUTURE OF MONEY: HOW MOBILE PAYMENTS COULD CHANGE FINANCIAL SERVICES ---------- Thursday, March 22, 2012 U.S. House of Representatives, Subcommittee on Financial Institutions and Consumer Credit, Committee on Financial Services, Washington, D.C. The subcommittee met, pursuant to notice, at 10:02 a.m., in room 2128, Rayburn House Office Building, Hon. Shelley Moore Capito [chairwoman of the subcommittee] presiding. Members present: Representatives Capito, Renacci, Luetkemeyer, Huizenga, Grimm; Maloney, McCarthy of New York, Scott, and Carney. Chairwoman Capito. This hearing will come to order. I appreciate the witnesses being here. We are expecting a series of votes as early as 11:30, and if we are unable to complete the hearing before the votes, we will return after votes are completed. But we meet today to begin what I think is an exciting and important task, which is making sure our financial system and its regulatory structure are prepared to enter the new world of mobile payments. You see a lot of press about mobile banking; certainly a lot of advertising on mobile banking. And without saying too much about my general age area, this is age-specific in some ways considering my mother has never used an ATM, but she does pump her own gas. I know what my children, who in their 20s, are going to be doing in terms of how they bank. And this is what I think is the relevance--why I am extremely interested in this as we move through this panel. While most people believe that making a mobile payment involves waving a smartphone at a cash register, and it may be, there are a lot more ways to exchange values. Contactless cards and short e-mail messages giving instructions to transfer value represent other form of mobile payments. The whole field offers the possibility of faster and cheaper transfers of value, oftentimes with the promise of enhanced security that surpasses what is possible today. We are, I think, on a precipice of some fundamental change in the way money is exchanged between consumers and businesses. And that is why I am interested and I wanted to have this hearing on the future of money. While some aspects of mobile payments have been with us for a while, and some business models are already developed, other aspects of mobile payments are in the beginning stages of pilot programs. Either way, there is a lot for Congress, banks, regulators, retailers, and customers to learn. Most importantly, we want to make sure these payments are safe and secure; at least as safe as using cash, checks or credit cards, and hopefully even more so. Bringing the strength of high-powered computers to bear on account safety could allow us to erect layers of security that help foil the hackers who lie in wait on the Internet today, stealing millions of identities--and we have looked into this in our subcommittee as well--and billions of dollars annually. After all, the smartphone that was essentially nonexistent less than 6 years ago, is said to be far more powerful than the large supercomputers of the 1980s, or certainly of those of us who went to college in the 1970s and took computer science and we had those stacks of cards that we had to feed into the computer and stay in the computer room all night to make sure they went through. Today's hearing is an introduction to mobile payments, the first I am aware of to be held by Congress. We have five expert witnesses who can discuss broadly the state of the mobile payment industry and where and how fast they see it developing. Among them is Richard Oliver. Until he retired last year, he was the Federal Reserve's top mobile payments expert and the principal author of the Fed's widely praised White Paper on the subject. We also have experts from the issuer side, from the standards sides of mobile payments, and a consumer specialist. So I look forward to hearing everybody's testimony and I would now like to recognize the ranking member from New York, Mrs. Maloney, for the purpose of making an opening statement. Mrs. Maloney. First of all, I would like to thank Chairwoman Capito for holding this hearing, one in a series on the future of mobile payments in our financial system. And thank you to all the panelists for joining us this morning. I believe this hearing will serve as a great first step and learning session on this rapidly evolving technology. I feel that this is another example of American exceptionalism, of coming up with an innovative idea, an efficient idea that keeps America moving forward and employing more people, becoming more efficient and making us an even stronger country. I am excited about this idea and I really look forward to hearing all of your testimony. Mobile payments in the United States are expected to generate $215 billion by the year 2015. Forty-three million adults in this country use alternative financial services as a form of banking. And as this technology continues to move forward, it creates innovative and exciting opportunities for everyday citizens at home and at work. The possibilities are truly endless. We are seeing what technology can do for consumers and businesses as mobile technology opens the door to an entirely new method of financial interaction. Mobile payments, payments made by electronic means, effectively replace cash, checks, and traditional credit cards. This evolving form of financial exchange can provide consumers with greater purchasing power; allow merchants to market their goods more efficiently; and help create a truly mobile, electronic, and innovative society. Mobile payments can involve text messages that transfer funds from one person to another or to a financial institution, as experienced in the successful program to funnel aid to earthquake victims in Haiti. I was truly stunned at how successful this program was. They had on every taxicab, ``Get on your mobile phone and text $5 to the earthquake victims.'' And that successful effort led to $5 million in $10 donations from Americans throughout our great country through their cellphone carriers. This happened--truly outstanding possibilities for this new form of payment. And mobile payment technology can allow consumers to wave their phones at checkouts and even direct those charges to prepaid phone deposits and phone bills. I love it. It just gets better and better. We wouldn't lose all our papers all the time if we had this. And as mobile phones become more prevalent, and as the number of methods of making payments increase, it is important to look at the hurdles facing its implementation. How much will the adoption of mobile payments cost merchants as they purchase and install readers for their technology? How protected are consumers? Can hackers steal their data out of the air? What is the level of disclosure that will be provided to our consumers--greater regulatory clarity for this market? Consumers want payments that are convenient and inexpensive. But we must make sure that security is not abandoned for the sake of this new technology. It may be years before this technology fully becomes a reality for the majority of people the way debit cards have. However, I am happy that we are discussing this important issue at the ground level. I congratulate the chairwoman for calling this important hearing. I look forward to your testimony and I welcome everybody. Chairwoman Capito. Thank you. Mr. Renacci, for 1 minute, for an opening statement. Mr. Renacci. Thank you Madam Chairwoman. This is an exciting time in the payments industry. Over the last several years, innovative companies have invested huge amounts of capital and manhours to lay the groundwork for many of the methods we are discussing here today. New innovations in smartphones and mobile payments are bringing consumers greater convenience and a better buying experience, while also increasing the security of payment transactions. While I am interested to learn about these new products and services here today, I also want to hear what we in Congress can do to make sure that these innovations progress in a safe and prosperous manner. We must encourage a free market where innovators can realize the benefits of their investments and consumers can benefit from lower costs and safer products. I look forward to hearing your testimony today. I yield back the remainder of my time. Chairwoman Capito. Thank you. I don't think Mr. Grimm wanted to make an opening statement, so we will go ahead and go directly to the testimony. I want to recognize the witnesses for the purpose of making a 5-minute statement, and then we will go to the question-and- answer period. As I mentioned in my opening statement, we are really lucky and pleased to have Mr. Richard Oliver here. He is the co- author of ``Mobile Payments in the United States: Mapping Out the Road Ahead,'' which was published by the Federal Reserve Bank of Atlanta. Welcome, Mr. Oliver. STATEMENT OF RICHARD R. OLIVER, PAYMENTS CONSULTANT/RETIRED EXECUTIVE VICE PRESIDENT, THE FEDERAL RESERVE BANK OF ATLANTA, AND CO-AUTHOR OF ``MOBILE PAYMENTS IN THE UNITED STATES: MAPPING OUT THE ROAD AHEAD'' Mr. Oliver. Thank you very much. And let me start by thanking the committee and the subcommittee for the opportunity to come and share information with you about the mobile payments environment while it is still very early in its evolution. In 2010 payments research teams from the Federal Reserve Banks of Atlanta and Boston collaborated to conduct an assessment of the state of and potential for deployment of mobile payment options in the United States. Our interests were to determine the impact of mobile payments on existing payments businesses and to isolate potential risks to consumers and businesses who might choose to use mobile payment options. To conduct the assessment, we invited most of the major players from the mobile payments industry to discuss with us on a voluntary basis the opportunities, barriers, and challenges associated with implementing a successful mobile payments environment in this country. The attendees included major card brands, wireless operators, financial institutions, industry trade groups, retailers, and many other participants. Please note that this effort was not directed at mobile banking, which is the use of your mobile phone to access online banking functions. It was directed at actually exchanging value at the point of sale utilizing your phone. Over the course of what turned out to be seven meetings during 2010 and 2011, we not only gained great insight into the evolution of mobile payments in the country, but the group helped us isolate a series of key factors that they collectively felt should be met to ensure a safe implementation of mobile payments in this country. And my purpose here today is to share those with you. The first was that the proposed environment should be best defined as an open wallet. That is, a wallet that would allow complete access by all persons using all credentials they might want to use as opposed to proprietary initiatives that might limit the amount of instruments available for use by a consumer. Second, the mobile infrastructure would likely be based on near-field communications technology, resident and mobile devices, and in retail point-of-sale terminals. This technology is now becoming common in other countries and would allow users to tap their phones and institute a purchase. Third, existing, well-protected clearing and settlement rails would likely be the way that value would be exchanged. That is through the debit card, credit card, and prepaid and automated clearinghouse networks to be used for clearing and settlement between parties. Fourth, some form of enhanced security such as dynamic data authorization should be used to deter counterfeiting and I.D. theft at the point of sale. This technology is already resident in chip and pin cards being used throughout the world. Fifth, common standards should be designed, developed, certified, and implemented throughout the industry to ensure interoperability, efficiency, and ease of use by consumers and businesses. Sixth, the regulatory oversight regimen for mobiles should be made clear early on and participants should be involved in these compliance activities. Bank and nonbank regulators such as the FCC, the FTC, and the new Consumer Financial Protection Bureau should collaborate early on to define the regulatory environment for all the participants. Seventh, entities such as a trusted service manager that exist in the card world today should oversee the provision of the interoperable and shared security elements in the phone. The group also recognized the possible need over time for some entity to serve as a coordinating party to keep the very diverse participants on track and working together and possibly to create a roadmap for the future to allow the participants to understand how to minimize their long-term investments in the technology that is necessary. However, the majority of the group at the time felt it was too early in the process to do this and the completion of early pilots and tests would better inform such work. All of this information and more was captured in the White Paper that you alluded to, which was authorized by the participants and cooperatively authored by the two Reserve Banks. It is available on Reserve Bank Web sites. It has been well-vetted at conferences and trade press over the past year, and was shared with all of the Federal regulators and law enforcement agencies at a session we held in the first half of last year, at which my colleague from Boston and I presented. As the work proceeded, most of the participants have decided to participate in a number of pilots and test situations going on that should better test the validity of these aforementioned principles and pave the way for more widespread deployment. In closing, the work group continues to meet on issues of common interest such as data security. But they have been outspoken recently about the need to educate and inform business, government and consumers about the mobile environment. We view this hearing as a great first step in this process and appreciate the opportunity to participate. Thank you. [The prepared statement of Mr. Oliver can be found on page 55 of the appendix.] Chairwoman Capito. Thank you very much. Our next witness is Mr. Troy Leach, chief technology officer, PCI Security Standards Council. Welcome. STATEMENT OF TROY LEACH, CHIEF TECHNOLOGY OFFICER, PCI SECURITY STANDARDS COUNCIL, LLC Mr. Leach. Chairwoman Capito, Ranking Member Maloney, and members of the subcommittee, thank you for the opportunity to testify on the important topic of mobile payment security. My name is Troy Leach. I am the chief technology officer for the Payment Card Industry Security Standards Council, also known as the PCI Council. Formed in 2006 by the major payment card brands, the Council guides the development of open industry standards to protect payment information. More than 600 companies worldwide participate in the Council's work for many different industries and backgrounds, including a number of the leading players in the mobile space, including a number of people who will be spoken about later today. So it is exciting for us to be here today representing these members, from restaurants to banks to airlines to technology vendors, who are eager to realize the benefit of mobile payment acceptance in the most secure way possible. The PCI standards are a strong industry framework for protecting payment data. And it is this framework that we are applying to mobile payment acceptance space. Mobile technology is exciting and dynamic with a potential to change the way we accept payments not only in the United States, but also around the world. The benefits could be significant. However, both consumers and merchants want to know that using mobile technology for payment is just as safe as using a traditional form of payment. From our perspective at the council, making it secure is our priority. For traditional payment card security, for the Council, we have focused on people, process and technology. The mobile payment environment is very complex, more so than the traditional payment card scenario. Our goal is to work with the industry to provide security across that spectrum. Let me also clarify the Council's focus. There are two aspects to mobile payments: initiation; and acceptance. The first is when a consumer is using a phone in place of a payment card to make a purchase. That is initiation. And the other is where a mobile device, perhaps even the same mobile phone, is being used by a merchant to accept payment cards. There are a number of groups, including some of my fellow panelists, working on the first aspect with the aim to protect consumer's payment data. The Council's security efforts have been focused on the second area of payment acceptance, specifically of securing the use of mobile devices as a point-of-sale acceptance tool. Our first step has been to make sure that merchants can use mobile technology to accept payments safely and to protect their customers' information. PCI standards already apply to mobile acceptance today, addressing the security of mobile devices, of mobile applications, and the environments in which they operate. Expanding on these standards, we have published security requirements that make it possible for merchants to use plug-in devices with mobile phones to swipe payment card data. We have also put out guidance on developing mobile payment acceptance applications to help merchants process these payments securely. And we will be releasing additional best practices later this year on securing mobile payment transactions. As payment security is a shared responsibility, all parties in the payment chain must work together in this effort. The Council is concerned with making sure that these parties are validated in the products and services that they provide. And moving forward, we will explore this area even further. Lastly, great work is being done through the advancement of technologies in payment. Technologies are emerging that have the ability to eliminate card data from potentially insecure mobile environments. The Council has already harnessed some of these technologies to address this dynamic environment and we will continue to assess and develop standards and guidance around them moving forward. In closing, mobile technology offers exciting potential to that payment space. To help realize this securely, the Council will work with its global stakeholders to develop industry standards and the resources necessary for the protection of cardholder data across all payment channels and the reduction of fraud for consumers and businesses globally. Thank you. I look forward to your questions. [The prepared statement of Mr. Leach can be found on page 30 of the appendix.] Chairwoman Capito. Thank you very much. Our next witness is Mr. Ed McLaughlin, chief emerging payments officer, MasterCard Worldwide. Welcome. STATEMENT OF ED MCLAUGHLIN, CHIEF EMERGING PAYMENTS OFFICER, MASTERCARD WORLDWIDE Mr. McLaughlin. Thank you, and good morning, Chairwoman Capito, Ranking Member Maloney, and members of the subcommittee. My name is Ed McLaughlin. I am the chief emerging payments officer at MasterCard Worldwide based in Purchase, New York. It is my pleasure to appear before you today and discuss developments in mobile payment. MasterCard is a leader in the transformation of mobile phones and to secure payment devices and a champion of global mobile payment standards. We appreciate the opportunity to be here today to share our perspective on how mobile payments are developing and benefiting consumers and businesses. As mobile payments continue to evolve, we need to constantly focus on two goals. First, we must strive to make paying for something as simple and as compelling as possible for every participant in the payments chain. Second, we must provide the highest level of security to consumers, to merchants, and to our financial institution customers. At MasterCard, we invest heavily in the technologies that make both of these goals possible. Now, as you might expect, mobile devices are bringing changes to the way people interact and also how they want to transact. For example, the acceptance of card-based payments through the use of handheld devices is opening up channels of transactions for entrepreneurs that were not possible just a few years ago. Smartphones also provide a platform for the delivery of new applications that are transforming the in-store shopping experience for consumers. For merchants, smartphones provide a convenient channel to engage consumers at multiple levels such as through an Internet storefront or social media account. Smartphones themselves are also becoming payment devices through the adoption of near field communication, or NFC, technology. MasterCard's PayPass, our Tap & Go product, is at the forefront of this space. And by 2016, it is anticipated that the majority of smartphones will support this technology. So why are the new uses for mobile phones so important? Because they provide convenience and promote financial inclusion in a very secure environment. Unlike the simple plastic card that has been around for decades, smartphones provide an intelligent device right in the consumer's hands that the consumer can use to interact with financial service providers and merchants in ways that were never before possible. Also, when you look at the 85 percent of transactions that are still being funded through cash and check, it is clear that smartphone technology provides an unprecedented opportunity to accelerate the transition to safe and secure electronic payments. By enhancing the ways that people connect to our network, we are able to deliver new services to benefit consumers and to reach a large number of consumers who are currently outside the financial mainstream. For example, payment card solutions like prepaid cards, coupled with mobile technology, can unlock the global commerce grid to consumers who do not currently have access to mainstream financial services. So at MasterCard, we have invested substantial financial resources and human capital in developing the technology necessary for our part in the mobile payments ecosystem. Each day, we strive to make payments simple for all participants in the payment chain while providing those highest levels of security. For example, this is why we applied MasterCard's zero liability protections for consumers to these new payment technologies, including mobile-based payments. In addition, we have recently announced a program to transition MasterCard-branded payment products in the United States to the EMV standard. The EMV standard is a global standard for debit and credit payments based on chip technology, the objective of which is to ensure interoperability globally and acceptance of payment cards on a worldwide basis. The adoption of EMV-compliant payments in the United States will help provide additional layers of protection for consumers at the points of interaction. MasterCard is extremely proud of the role we play in advancing commerce through new technologies. The mobile phone and many other smart handheld devices are transforming the way we conduct our everyday lives, and hold significant promise for providing new value to consumers and businesses, particularly in the delivery of financial services. Again, I appreciate the opportunity to appear before you today, and when we get to it, I will be glad to answer any questions you may have. Thank you. [The prepared statement of Mr. McLaughlin can be found on page 43 of the appendix.] Chairwoman Capito. Our next witness is Mr. Randy Vanderhoof, executive director, Smart Card Alliance. Welcome. STATEMENT OF RANDY VANDERHOOF, EXECUTIVE DIRECTOR, SMART CARD ALLIANCE Mr. Vanderhoof. Thank you. Chairwoman Capito, and members of the subcommittee, on behalf of the Smart Card Alliance and its members, I thank you for the opportunity to testify today. The Smart Card Alliance is a nonprofit organization that provides education and a collaborative open forum among leaders in various industries, including mobile payments. We applaud the subcommittee's interest in making mobile payments safe, flexible, and resilient with the appropriate legal, regulatory, and security frameworks. Mobile devices can be used to facilitate the payment process in many ways. I am going to focus my remarks on the use of a payment-application-enabled mobile phone that can be used to pay at a physical merchant location as an alternative to paying with a plastic credit or debit card. This hearing was convened to examine issues essential to making mobile payments safe and to ensure appropriate legislative oversight is in place. The good news is that the type of mobile payments that I am here to talk about today is built on already-established legal, regulatory, and security frameworks in both the payment and the wireless telecom industries. This mobile technology is referred to as NFC mobile contactless payment. NFC, or near field communication, is a form of short-range wireless communications inside a phone. NFC is a new technology that enables secure mobile payment at physical merchant locations. The NFC mobile contactless payment approach has two advantages very important to this subcommittee. First, underpinning the legal and regulatory framework is the simple fact that while NFC mobile payments use a phone instead of a card, the payment account remains a credit or debit card account, and as such is already covered by existing laws and regulations. Second, the security and reliability of this approach are grounded in global standards, established certification processes, and in industry best practices that are the culmination of nearly 20 years of work in applying smartcard chip technology to protect payment accounts and mobile phone subscribers. Multiple international standards have been developed for NFC mobile payment, and are supported by the mobile industry and endorsed by the payment industry. In addition, new and existing safeguards are used with mobile payment devices to add many layers of protection for consumer account information and transactions. For example, access to the payment application can be password-protected, and a lost or stolen phone can be turned off instantly with one call to the customer's mobile operator. The NFC-enabled phone is provisioned with a digital payment credential issued by a bank and stored in a new, specially designed, secure memory location in the phone. The credential is transmitted to a merchant's NFC-enabled payment terminal by short-range wireless communications. The authorization and settlement processes are the same for those used when the consumer pays with a traditional credit or debit card. Market development involving many of America's largest and most trusted companies is well under way. One example is Isis, a new mobile carrier joint venture between AT&T, Verizon Wireless, and T-Mobile using the NFC mobile contactless payment technology we are discussing today. Isis will license payments provided by American Express, Discover, MasterCard, and Visa for its NFC rollouts. Another example is Google Wallet. Google has already launched its NFC mobile contactless payments offering to consumers, partnering with MasterCard, Citi, First Data, and Sprint. More than two dozen large retailers including Macy's and American Eagle Outfitters have enabled their stores to accept Google Wallet mobile purchases and coupon offers. NFC payment-embedded and mobile phones won't be the only form of mobile payment. There are new mobile technologies being tested other than NFC that are promising yet still unproven. NFC offers value to both consumers and merchants. In addition to value, consumers' confidence is in the underlying infrastructure, and the credibility of industry offerings are critical to its adoption. Consumers will benefit from and trust in a mobile payments infrastructure that has a strong focus on security and uses the existing payments infrastructure for transactions. Mobile phones represent a fertile landscape for new ways consumers can transact with retailers, financial institutions, application stores, and each other. Mobile payments innovation is going to continue to evolve, as more people upgrade to smartphones and learn about the new services they hold in the palm of their hand. In summary, ``The Future of Money,'' as this hearing is entitled, is being positively impacted by mobile technology. The changes in financial services that you have rightfully called attention to are being well-managed and securely protected by NFC technology and the collective knowledge resources of the financial and mobile industries. The Smart Card Alliance would like to thank the subcommittee once again for holding this important and forward- looking hearing. We greatly appreciate the opportunity to present information that assists in the setting of legal, regulatory, and security frameworks necessary to implement safe, flexible, and resilient mobile financial products. Thank you. [The prepared statement of Mr. Vanderhoof can be found on page 58 of the appendix.] Chairwoman Capito. Thank you. And our final witness is Ms. Suzanne Martindale, staff attorney with the Consumers Union. Welcome. STATEMENT OF SUZANNE MARTINDALE, STAFF ATTORNEY, CONSUMERS UNION OF U.S., INC. Ms. Martindale. Madam Chairwoman, Ranking Member Maloney, and members of the subcommittee, thank you very much for the opportunity to testify today on behalf of Consumers Union, the advocacy policy arm of Consumer Reports. Mobile payments allow consumers to buy products or transfer money with a mobile device. The market includes a range of different technologies and many ways to fund the transactions. The U.S. mobile payments market is still developing and it remains unclear which trends will prevail. It is too soon to know which consumers will benefit most from the industry's growth, or inversely, be most vulnerable to risk. However, policymakers can make a few simple fixes to ensure that all mobile payments are safe. The mobile payments market is, in a word, complex. There are multiple ways to initiate payments. Some services involve sending a text message or using an application downloaded to the device. Others employ a chip embedded in the hardware which the consumer waves at a contactless reader. Furthermore, multiple parties are involved in completing the transaction. You have consumers, merchants, third-party processors, wireless carriers, and financial institutions, all in the same ecosystem. With so many players involved, the risk of confusion for the consumer increases, should something go wrong. Who is responsible for fixing the problem? If the different parties all point fingers at each other, the consumer may be out of luck. Despite these challenges, mobile payments in the United States are projected to gross $214 billion by 2015, in part due to their potential to provide speed and convenience for consumers and merchants. Some merchants are interested in the technology because mobile payment service providers may charge lower processing fees than traditional networks at the point of sale. Mobile payment technologies also have the potential to serve new audiences. This may appeal to young, tech-savvy consumers, as well as consumers who go outside the traditional banking system for financial services. For unbanked or underbanked consumers, as we call them, mobile payments may provide increased access to financial services. Low-income households and households of color, in particular, are more likely to be unbanked or underbanked. And according to a recent Pew study, these same households are more likely to adopt cellphones and smartphones compared to the general population. This presents an opportunity for mobile payment technologies to penetrate these markets. However, these same markets may be vulnerable to risk without adequate safeguards. Internationally, mobile payments have garnered attention for helping consumers in developing countries gain access to financial services. An estimated 5 billion consumers worldwide have a mobile phone, but only 1.5 billion have a bank account. In Kenya, where more consumers have cellphones than have bank accounts, Safaricoms' popular M-PESA service enables consumers to manage transactions entirely through their mobile phones, not smartphones, just regular cellphones. M-PESA customers can deposit or withdraw cash and send money through a network of ATMs and agents, and they can buy goods and services with their mobile phone, all without needing a bank account. However, U.S. consumers have been slow to adopt mobile payments for several reasons. Some mobile payments systems remain limited in scope and availability. For example, the new Google Wallet uses an NFC, or near field communication, chip embedded in the mobile device, which the consumer waves at a contactless reader. However, Google Wallet is currently only available to Sprint customers with a particular phone, the Nexus S smartphone. Another mobile payment system, Bling Nation, uses a sticker with an embedded chip that the consumer affixes to the device and waves at a reader. However, Bling Nation is still available only through pilot programs in Palo Alto, Chicago, and Austin. Furthermore, market research indicates that consumers have concerns about security of their financial information. In a survey released last week, the Federal Reserve found that over 40 percent of consumers still cite security concerns as a reason for not adopting mobile payments. Finally, not all ways to pay with a mobile device are created equal when it comes to consumer protection. Although consumers may not be aware of it, U.S. payments law is fragmented. The level of protections against unauthorized transactions and errors varies, depending on whether a consumer links payment to a credit card, a debit card, a prepaid card, a bank account, a prepaid phone deposit, or a phone bill. Traditional credit and debit cards have mandatory protections under existing law; however, prepaid cards do not. Mobile payment links to a prepaid phone deposit or a phone bill are especially problematic, because they do not neatly fit into the existing legal categories. Wireless carriers may provide voluntary protections, but they are typically not disclosed in customer contracts. The different ways to pay by mobile device, and the varying protections that apply to each, create the potential for confusion when a consumer is faced with a transaction gone wrong. Consumers need to know where to complain and how to get their money back, in case of errors or unauthorized use. Consumers cannot afford to lose precious funds due to inadequate protections. And for low- and moderate-income consumers, this loss could be especially acute. Until U.S. payments law is updated to provide clear, guaranteed protections for all payment methods, consumers may be at risk when using mobile payments technology. Nevertheless, a few simple fixes could close the gaps in protection and provide clarity to the industry. The Consumer Financial Protection Bureau is in a unique position to address mobile payments, because it has jurisdiction over payment service providers and can clarify regulations implementing Federal consumer financial laws. Congress and other Federal agencies also have a very important role to play in establishing some sensible rules for the road that protect consumers and foster innovation. Thank you again for the opportunity to testify. I welcome your questions. [The prepared statement of Ms. Martindale can be found on page 39 of the appendix.] Chairwoman Capito. Thank you. I want to thank all of you. And I will begin with the questions. First of all, Mr. Oliver, just so I understand, I am starting here with the basics. You mentioned ``open wallet.'' Can you just explain what an ``open wallet'' is? Mr. Oliver. The concept of the ``open wallet'' is that it would operate on the phone the same way it does in your current wallet. And you can select on that phone any payment instrument you choose from any provider and execute a payment using standard technology without having to do something terribly different from paying an instrument to another. Chairwoman Capito. So you could pay out of your bank account on your card? Mr. Oliver. Out of your bank account, or any card you may have in your wallet. Competing cards, prepaid cards, what-have- you. Chairwoman Capito. Right. Okay. My understanding, and I am sort of throwing this out to anybody who knows this--is that Europe has been much further ahead than we are on this technology. They have the chip and PIN cards, I guess they are using in Europe? And there is some thought that this NFC chip would sort of leapfrog that technology. Why do you think it has caught on there and it hasn't caught on here? And do you in fact think that this will leapfrog their technology? I imagine it is going to catch on like wildfire once it gets going in a more robust fashion. Does anybody know why the European model is further ahead than we are on this technology? Mr. McLaughlin. Let me open. When you look at markets and how they evolve, it usually starts at the baseline conditions. The United States benefited from having the best telecom infrastructure in the world at the times they were looking at. So there are requirements in Europe to be able to handle things like offline transactions; to put more intelligence into the transactions themselves to purely compensate for the telecoms infrastructure that were there. So that led to a set of investments in EMV and underlying security technology. We have seen that now cascade in markets around the world-- Canada, Mexico, and other markets are moving towards endorsing that. So in the United States, we now see it as absolutely time for us to move from static, plastic-based credentials to dynamic protections that can be generated using EMV and chip technology. In many ways, we took a plastic card and we put a chip on the card. We are now taking the chip off the card and putting it into the phone. Chairwoman Capito. In the phone. Mr. McLaughlin. It is also essential, though, as we work on this, that we continue to maintain that worldwide interoperability so consumers know that anywhere that they can go, they can get the same security around their payment products. Chairwoman Capito. I agree with that. The question I have on--I think all of you have mentioned the contactless reader which would be at the vendor site, the retailer site. I represent a rural area and there is always a question of cost for the retailer. How expensive are these devices? Are people investing in them? Somebody mentioned 20 retailers who are involved in this, the larger retailers. How do you see this in terms of the retailer investment? I know when we changed the interchange, there was a big hue and cry from the retailer to the different readers and so does anybody have any kind of statement on that? Mr. Vanderhoof. I would like to begin by saying that when the U.S. brands--particularly Visa, MasterCard and Discover-- announced that they were moving towards the EMV chip strategy within the last year, an important distinction that they included in that road map was that they were going to incorporate both contact and contactless technology as a part of that in order to be able to embrace the mobile contactless technologies that we are talking about here today. From a merchant perspective, they now have a very clear and distinct path forward in terms of what will be the technology platform not only to accept their existing payment cards that consumers have today, the new and emerging EMV chip cards that are coming, but also the mobile NFC payments technology. The advantage for the merchants now is that when they do make that decision to upgrade their acceptance infrastructure in their stores, they can purchase one device that is going to support the legacy card technology that is in the market today, the evolving new chip contact card technology that is coming and the NFC mobile technology in the phone. So they will make one investment supporting three of their primary methods of payment. Chairwoman Capito. Is that technology available right now? Mr. Vanderhoof. It is not only available, but also the manufacturers of those devices have now totally upgraded their equipment to be able to absorb these new technologies so that the same devices that they would purchase 5 years ago didn't have-- Chairwoman Capito. Right. I understand. Yes. I understand. I have just a couple of seconds because I think the security issue is something that we want to delve deeply into. I think Ms. Martindale brought out a great question, ``If something goes wrong, how are you going to track back as a consumer to figure out how you are going to right that wrong?'' And the other thing that Mr. McLaughlin mentioned that I think we should be looking at here is talking with the regulators about--as you mentioned, this is regulated as a card. But then, Ms. Martindale brought up some exceptions to it that I think are significant with the evolution of different types of cards. And I think that is something we need to keep our eye on. I am now going to yield to Mrs. Maloney for 5 minutes for questions. Mrs. Maloney. I want to thank you, Mr. Oliver. In your statement, you said we should come out with common standards that would help us more efficiently move this forward. Where do you see these common standards coming from? Who is going to pull them together? The industry or whatever? Mr. Oliver. Yes, these are best and usually done by industries. And Mr. Vanderhoof made several comments about the efforts of the Smart Card Alliance and others. There are forums in Europe as well as international standard forums such as ISO that generate these types of standards and allow people to adopt them. It is a critical issue in interoperability and really the key to the earlier question about an open wallet; that you would have the same experience no matter what you did. So there are organizations collaboratively participated in that would generate these. Mrs. Maloney. That is great news because on 9/11, one of our biggest challenges was that the phones from the police couldn't interact with the phones from the fire department. And if they could have, it could have saved lives. So making that common-sense step forward would be important. Many of you talked about how this would allow more access for the unbanked and those who don't have access to banking. Would someone elaborate, because that is the concern to make sure that all of our citizens can find some sort of banking services? How are you going to reach out to the unbanked? How is it going to help the unbanked? Mr. McLaughlin. This something that at MasterCard we have been working on a lot; particularly using prepaid products as an access tool for those who don't have formal banking relationships. It starts with providing ways to get access to funds themselves so they are not left to the tender mercies of the check cashers and payday lenders. You can look at the work we have done with the Social Security Administration for the electronic distribution of funds and the other ways to allow it to reach these consumers. We think the key to using mobile will provide people more visibility into their financial information, into their account status so they can be more informed. They can make savvier decisions and we can reach individuals that we haven't traditionally been able to reach through bank branches and other areas. Mrs. Maloney. The Federal Reserve has been looking into this, and they did a Federal Reserve report which said that 57 percent of all Americans and consumers surveyed felt that the banking services that they had now were adequate. Then, they looked at people who had mobile banking, and only 12 percent of mobile phone users reported that they made a mobile payment in the past 12 months; so the technology is out there and people aren't using it. And given this finding in their report, what actions should be taken by retailers, credit card companies, banks and nonbanks, mobile phone service providers, and others to develop mobile payment opportunities that are tailored to customers so that the customers use it? They say the technology is out there and that people don't even want it at this point, or use it. Mr. Vanderhoof. The mobile devices are still just starting to reach the consumers' hands through the mobile networks and through the retail stores that offer them. So we are expecting that there is going to be an increasing number of options available for consumers to be able to upgrade phones with smart card technology that has the ability to support these types of mobile payments. But unfortunately, today, we have a chicken- and-egg situation where we have consumers who want to pay with their mobile device and are waiting for the equipment to arrive for them to use it. When the equipment is available in consumers' hands, then the issuers of these payment instruments that will work on mobile phones will have an opportunity to get them in consumers' hands and merchants will see-- Mrs. Maloney. That is one barrier. What other barriers exist that could inhibit widespread adoption of mobile payment options? Security concerns? Mr. Leach. I would think so. One of the areas that we are addressing is the security of payment card data wherever it progresses. At the PCI Council, we look technology agnostic at how the data flows into the systems. Many of the terminals that are certified on our Web site have gone through laboratory tests and do have the capability to accept what we are talking about here today. But we are talking mostly on the consumer side. We also have the security of the merchant side and we are seeing rapid growth in the merchant community. So we talked about unbanked consumers--there have been unbanked merchants. And we are starting to see a new generation of merchants who, before, were not accepting any type of payment other than cash, and now are using such devices as peripherals that you would plug into a smartphone or other types of mobile devices to accept payment. And we are seeing a new industry boom here in the United States. Mrs. Maloney. Thank you. My time has expired. Chairwoman Capito. Thank you. Mr. Renacci, for 5 minutes. Mr. Renacci. Thank you, Madam Chairwoman. Again, I want to thank the witnesses for being here today. Mr. Oliver and Mr. McLaughlin, what effects do you think the current regulatory environment will have on many of these new innovations; and has the uncertain and, really, the changing regulatory environment had an effect on or slowed the evolution of many of these new products? We will start with Mr. Oliver. Mr. Oliver. That is a great question, and one of the important questions that we discussed within this work group; and one of the reasons they asked us to try to rationalize the regulatory infrastructure that might be in place. Given that most of the payments will be made using existing instruments, I think that people are pretty comfortable with where that is right now and there appears to be no serious legislation on the horizon to change that. I think the real issue here has to do with those places where gaps occur where different parties are involved in a transaction now than have typically been involved before. The Federal Communication Commission, for instance, oversees the wireless industry, but they have no experience with payments. Many of the payments firms have no experience with that. And so, that is why this collaborative effort to try to understand whether or not any new regulation at all would be required is a really important first step, we think, on the part of the government, and should occur pretty quickly. But it is not obvious that there are serious unregulated areas at this time. Mr. Renacci. Mr. McLaughlin? Mr. McLaughlin. I think it is important to recognize that the mobile phone will be one device, albeit an incredibly compelling device, that consumers will use to access their account. So from a MasterCard perspective, we want to make sure that all the rights, protections, and privileges consumers have doing that transaction are the same whether they are using a physical card, they are initiating the transaction from a mobile device, or they are shopping online. And that is the reality for our consumers. They want to be able to trust the transaction and know they are protected, whatever they are using. So we believe in making sure that we aren't creating some separate and independent mobile world, but rather saying these devices are an extension of the rights and privileges that people have today, is essential. I think it is also important that we allow innovation to flourish in this area. We need to ensure the security and consumer protections. What we can't do is constrain or restrict the ability for industry to determine how to create the most value for consumers and merchants using the new devices. Mr. Renacci. Mr. McLaughlin, to move into these type of innovations, there is a scale of investment that has to be made. Can you kind of explain again the scale of investment a company such as yours spends on developing these products and the underlying infrastructure? Mr. McLaughlin. Absolutely. And one of the things I think it is important to point out that these are technologies that we have been working on for a decade or more. We knew that we would want to take advantage of smart devices. We knew that the form factors would be changing. So the first trials we had of contact with technology were in Orlando and Dallas in 2002. We continue to build and invest. In 2005, as an industry, we began rolling out PayPass, which is the contact technology we have had. And we worked with all of the participants in the chain, whether it is handset manufacturers, security and chip companies, or telcos, to make sure there is a safe and secure environment to leverage that technology. So it is an ongoing and substantial investment, not only in the consumer experience in the environment, but in the underlying security infrastructure. Mr. Renacci. Thank you. Mr. Oliver, could you talk about the potential up-front costs that will be required for merchants to accept mobile payments? And is there any danger that they make an expensive transaction, only to have payment technology veer off in a different direction? Mr. Oliver. I am probably not the best person to answer a question about what the expense will be for the merchants. But I would like to answer the question about the long-run investments there. Obviously, they are confronted with the issue of trying to understand what the end game is, and therefore make wise choices now. There are very large merchants who have already made that decision to say, ``What do we think will happen in the next 7 years?'' And they have said, ``We believe mobile technology using NFC contact and contactless cards, as well as current instruments will be there.'' And they have actually already acquired the terminals to do that. The incremental costs, from what I understand, of adding that technology to existing terminals is pretty inexpensive. But across a huge footprint for a large retailer, it is going to incur some costs. But that is what they want to do with this roadmap, to determine what is the end state, and then let us choose how to transition and spend wisely. Mr. Renacci. Thank you. I see I am running out of time, so I yield back. Chairwoman Capito. Thank you. Mrs. McCarthy, for 5 minutes. Mrs. McCarthy of New York. Thank you. And thank you for your testimony. I tend to think that a lot of people would find this really fascinating. The Europeans have been using this technology for a while. What are the statistics for those countries that are more advanced than us on the breaking in, the stealing of information, their protections? You already see that information over there. What have you done that is going to be different for here, for us? Mr. Vanderhoof. There are several underlying technologies that we have discussed today. The European markets, in particular, have been using this chip technology as part of their payment card infrastructure for many years. And they have proven dramatic reductions in their fraud, because the payment cards now are unable to be counterfeited or the information on that consumer payment product can't be cloned and replicated because of the security of the chip technology. What is inaccurate is that they have been ahead of the U.S. market in terms of mobile payments. In fact, the U.S. market has a much faster potential for adoption of mobile payments because we have made this investment over the last 5 years in contactless payment card technology. And therefore, we have hundreds of thousands of terminals already installed in the marketplace that can now use a mobile phone with the same payment capability to make those payment transactions, where in Europe and other parts of the world which have implemented chip technology, they have not implemented chip technology with the ability to interface to a mobile device. So, they are going to require a second investment. Mrs. McCarthy of New York. Obviously, we hear a lot about cybersecurity. I know all the nations, NATO; it is their number one issue when they are talking together. Have you given it any thought, because we are always one step--or hopefully always one step in front of the criminals? This is obviously going to be a big area in the United States, because we have very innovative people who are always trying to--hopefully, you are hiring them, because they always seem to be outsmarting us. Getting back to the cybersecurity, what mechanisms are out there, when something like that possibly will happen, which many of us agree it will? And how are we going to combat that? I will throw that out to anybody. Mr. Leach. The PCI Council has written standards already to look ahead to where the future is. We are a global standard body, so we already have our standard implemented in Europe with this type of technology. One of the standards we released last year is called point- to-point encryption. What this allows is for, regardless of the technology, whatever innovation we create here in the United States or abroad, we can encrypt this information, and render it of no value to a criminal. That way, the system itself can produce and transact, and the consumer can have confidence in that transaction. What we have seen here in the United States, one example is that merchants are taking devices and plugging them into the phone. And they are now swiping the traditional cards or they are using new mobile technology. They are able to encrypt this information, protect it, before it ever gets into an insecure mobile environment, and are able to process that information securely and safely on behalf of consumers. So, we do have standards already as an industry. We are looking at new standards, as well as new dynamic ways to make it so that data is of no value. So even if that data is exposed--I share my credit card information with you--we have new technologies that are emerging that would render that of no value to a criminal. Mrs. McCarthy of New York. The only reason I am concerned, is we all have our BlackBerries. They are government-issued. But every few days, we get a very long list of those who have actually broken into our BlackBerries, and likely Spam or someone has gotten our information. So I can understand where the American people might be a little concerned here, because we are supposed to have the protection, yet we are not even supposed to use these when we go overseas. They ask us not to use them. So, I can see where Americans--you are going to have a big sell for a lot of people, I think. It might take time. And I do know it is used over in Europe quite a bit. But with that being said, you are going to have to convince an awful lot of people that their checking account is not going to be wiped out. Mr. McLaughlin. I think that is what happens any time we introduce new technologies. People are comfortable with the familiar. And that is why our obligation is to make sure every new technology we bring out there is enhancing the security, it is making it safer, so consumers can understand that we can do things using the intelligent devices to make it more secure than what we could ever do with the static, plastic device. So, that is the advantage of the new technology. But we need to make sure that we are smart about how we harness it. Mrs. McCarthy of New York. With that, I yield back the balance of my time. Chairwoman Capito. Thank you. Mr. Grimm, for 5 minutes. Mr. Grimm. Thank you, Madam Chairwoman, for holding this hearing, first of all. And I appreciate everyone's testimony today. A couple of questions--Mr. McLaughlin, how much does MasterCard spend annually on fraud? I know that there is quite a bit of fraud now, even traditionally with cards. Do you have a ballpark of how big that problem is for MasterCard? Mr. McLaughlin. I don't think we have broken out specific fraud expenses. But what I would say is it is something that we constantly battle. Any change, anything we do, we have to make sure that we are making the system safer for that; so one of the primary focuses of our organization is to make sure that we are eliminating fraud or mitigating it wherever possible. Mr. Grimm. Would you say that it increased significantly with the advancements of the Internet? Mr. McLaughlin. I think any new technology creates challenges to make sure that it is secure. We have been able to, over the last decade, do a lot to mitigate the fraud potential of what is online. But that is something that we combat every day. Mr. Grimm. I will take that as a ``yes.'' And don't get me wrong, I am all for the new technology. I just recognize that with anything that is new--I slightly disagree with my colleague. I think that criminals are a step ahead of us many times with most of these things, whether it be the Internet, counterfeiting cards originally was a tremendous problem. Then with the Internet--just now, there was a massive sting operation throughout the entire country, people ordering online and then fencing those items for cash at significant discounts. The effect on merchants, because I think a lot of the merchants are going to have some issues--when someone comes in and does a transaction, for example if they order over the phone, and they give their credit card over the phone, and then they get their bill and say, ``Oh, I didn't order this,'' the merchant usually eats it. That has been my experience. Which is really unfair because you have seen--let us just say it is for food at a restaurant. You have delivered to that residence many times, and the delivery boy actually knows the person. But it might be a college student using dad's card. And this time, dad got the bill and said, well, $45 for this. They come in and they actually sign for it, then the merchant is protected. So are there going to be safeguards for the merchants, because there obviously aren't going to be any signatures with this. So, that would be a question. Mr. McLaughlin. I think you have highlighted one of the most important points of running a payments network or a payments environment. And it is not simply the technologies that are available to us. Quite often, when we see proposals that are out there or innovations, it is not, ``What can the technology do?'' but, `How do you run the network itself, and how do you make sure that you are balanced and fair for all the participants who are in it?'' That is why, as I said earlier, as we adopt mobile technologies, we want to make sure the same protections and rules that we have apply, and the same dispute resolution mechanisms are there. The goal for adopting the new technologies is to increase the level of verification and certainty we can put around every transaction so issuers benefit from reduced fraud. Merchants also benefit from that reduction in fraud. Harnessing the new technologies to provide enhanced security and enhanced clarity is the objective. We can do things like providing one-time cryptogram on the individual transaction so we know specifically where it was generated from, moving from static identifiers to dynamic. We can get additional certainty of who you are and the device that you are transacting from, when you do things like an online transaction. So what we see going forward is the distinction between what is happening at the till, how you purchase online, and other ways that you are transacting; we will move more and more to intelligent devices; and looking to harness the capability of those devices to get us to reduce fraud is the overall goal. Mr. Grimm. And then the last question, just on that topic, how about the advanced phishing technology that is out there? When cell phones first came out they were cloning the phones constantly by using phishing technology to steal your I.D. right out of the air. I am assuming that is built into this technology but I think it is worth mentioning since this is an information forum right now. Mr. McLaughlin. Absolutely. And that is why--and the reference that Mr. Oliver made to trusted service managers-- that is why we want to make sure that anything we do with the new devices is more secure than what we did in the physical card world, so we are more protected against things like phishing and other types of attacks. Mr. Grimm. Okay. Thank you. My time has expired and I yield back. Mr. Renacci [presiding]. Thank you. I yield 5 minutes to the gentleman from Georgia, Mr. Scott. Mr. Scott. Thank you very much, Mr. Chairman. This is a really fascinating hearing. We are moving so fast with technology that it is hard to keep up with it. And now, we have a real challenge here, it seems to me, and I have a number of questions, particularly that 91 percent of the American people now own a mobile phone. That is a phenomenal situation. First of all, I have questions about who is to regulate this. I am going to start with people who are paying their phones through their mobile units. Who regulates this now? Where does it come under, mobile payments? Is there regulation now? Ms. Martindale. I think you pose a great question. And everyone kind of goes--there really isn't, when it comes to mobile payments, specifically, the use of a phone to make a non-communication type of transaction; the fingers are pointing in all different directions. And the Federal Communications Commission doesn't appear to, at least, perceive that it has jurisdiction over these types of transactions. As I pointed out earlier, I think that when a consumer's phone gets stolen, they are going go to the wireless carrier and expect that the wireless carrier has maybe something in the contract, maybe has a policy, and maybe there is a phone agency that is supposed to be in charge. But that is, at best, unclear right now. Mr. Scott. Yes, that concerns me because people lose their phones all the time. The point I am making is if you have 91 percent of the American people, 90 percent of the American people means young people, old people, senior people, people who are getting adjusted to it. So I think that there are some very serious questions here about the regulatory function of it. I also think that there are some issues about the size and the complexity of this issue. My other major concern is that who really is responsible for monitoring the security risks that are here? All of these questions really have to be carefully examined. And I think that we have the Consumer Financial Protection Bureau, we have the FCC, we have the FTC. Then we have this little thing in there where, these bills, who pays them? Where do they get the money from? How is it transacted? In some cases, a telecommunications company pays the bill for them, adds that to their monthly bill and you have, I am sure, within there, all kinds of fee structures, late payments that are piled upon if they don't pay their phone bill, let alone the other bill. And it just seems to me that the consumer can really get bamboozled here with a lot of financial burden. And yet, right now, this is going on and we don't have a regulator for it. So my question is where do you all believe this should fall? Is there one agency? Should there be several? Who is going to regulate this? Who is going do the oversight for this? And particularly, right now, I am sure there are problems in this area. So my concern is this technology is moving so fast we really have to put a priority on how we are going to protect the American consumer, because it is going to move very, very fast. Even right now, with my own cell phone, I have problems just trying to figure out how to get all of this information I am receiving. And now the other point is too, this is going to have an economic impact someplace. This is going to put a lot of businesses that are in business now out of business. It is certainly going to expedite putting the post office further out of business. And then there is no paper trail here. If I get my bill, and I am paying my bill, I like to have something in my hand that says, ``Hey, I paid this bill. I have a paper trail here.'' There is nothing here. It is all in space. So I am just making these points to say we have some work to do. Thank you, Mr. Chairman. Mr. Renacci. Thank you. I yield 5 minutes to the gentleman from Delaware, Mr. Carney. Mr. Carney. Thank you, Mr. Chairman. And thank you to the panel for coming today. I would just like to pick up where my colleague left off and ask the question: What is driving this move to mobile payments? Why don't we start with Mr. McLaughlin? Mr. McLaughlin. Let me open by saying Salesianum, Class of 1983. Mr. Carney. Oh, you would have to do that, wouldn't you--my archrival. Mr. McLaughlin. I think it is absolutely driven by the demand we are seeing from consumers. What they are recognizing is that mobile is transforming their lives, particularly younger consumers. They expect to be connected. They expect to have immediate access to information. They expect to have more information and richer information about where they can shop, what deals and offers are available to them and have immediate access. Mr. Carney. So that information would be available on their cell phone, and they would then make some purchase and make the payment through the phone, is that--personally, I don't want my cell phone to do anything more. I have a hard time keeping track of what it does for me now. And then when I leave it at home, I feel completely lost and naked without my phone. Mr. McLaughlin. Yes. In fact, when you do consumer research they use expressions like ``losing a limb,'' which I found disturbing, when they don't have their phone with them. I think you are right. I think it has become your GPS. It has become your personal assistant. It has become your alarm clock. It is something that is always on and will progressively be always with you. Mr. Carney. I think several of you have touched on this, but is it more secure? Mr. McLaughlin. That is absolutely the objective. We would not move towards this payment environment unless we could enhance the security of what we are doing. And keep in mind, what we have been able to do with plastic cards in the online authorization network has been a great way to combat fraud. We believe by harnessing mobile devices we can enhance that even further by using the intelligence that is available to it; and then by incorporating consumers deeper into the process of monitoring their finances. Even without an NFC payment, we can use the phone today. MasterCard has a technology we call ``In Control'' where I can say, ``Let me know on my mobile if an international transaction occurs or an online payment occurs or a transaction over a certain amount.'' So that connectivity gives consumers more information: ``How much money is in my account before I make this payment?'' It gives them more information-- Mr. Carney. That was going to be one of my questions. It would help you not make a payment that you didn't have money to cover. One of the big things that aggravates folks is when they overdraft their account and get a charge for that. This would help you not do that? Mr. McLaughlin. Yes. We can do even better than that. We can tell you exactly, working with mobile banking and other applications, the current status of your account. We can say, ``Here is how much you spent against the budget you have set in certain categories,'' and provide this real-time access to information. So alerts and controls, I think, are essential to the mobile payments experience. And keep in mind it is the MasterCard network and the underlying account that pulls this together. So in my experience in getting out of-- Mr. Carney. Yes, I am breaking in because my time is running out. How about the unbanked or underbanked? Let me move on to Ms. Martindale. What is the advantage and how does it work? You mentioned that, I think in your opening statement, for those folks because that is an important group of my constituents. Ms. Martindale. I think it--the way that you could set it up now so that you wouldn't even need a bank account to do these types of transactions is you could have a prepaid debit card, which is not a bank account. And you could link your mobile payment application to that prepaid card so that you are drawing down funds from your prepaid deposit. And this is a way that unbanked or underbanked consumers could use these types of-- Mr. Carney. You would have to, though, set something up? Ms. Martindale. Yes, you would have to set something up. And again, we have a whole host of other concerns about prepaid cards just standing alone because they are as yet not regulated in the same way that a debit card linked to a bank or credit union account already is. So a prepaid card itself doesn't have any mandatory protections against fraud, theft or errors should your card be lost or stolen or someone rips off your number. And so, if you are adding an extra layer of that mobile payment transaction linking to a prepaid card, we do have a concern that this could--this is a great opportunity to, again, to provide that information in a way that consumers will actually use it. Unbanked and underbanked consumers are adopting cell phones and smartphones. At the same time, we need to make sure that the payment transaction is covered by some guaranteed legal protections against fraud from the consumer financial protection side, beyond the data security side. Mr. Carney. So, I have 15 seconds left. How do the interchange fees work for this? We had a big debate about that--a dispute about that over the last year. How do the fees work for--would they work for mobile payments? Mr. McLaughlin. From MasterCard's perspective, whether you have initiated from a card or initiated from a phone, it is the same transaction. Mr. Carney. Same transaction. Thank you. I thank the subcommittee. Mr. Renacci. Thank you. I recognize the gentleman from Missouri, Mr. Leutkemeyer, for 5 minutes. Mr. Luetkemeyer. Thank you, Mr. Chairman. I guess, I probably want to start out with, what kind of timeframes do you see all of this developing in? What is the timeframe for general acceptance? What do you see as the timeframe for the problems to pop up and occur here so we know what kind of timeframe we have for some sort of regulatory fix for some of this? Mr. Oliver. Can I take the first shot at that? Mr. Luetkemeyer. Yes. Mr. Oliver. There are a lot of elements of change involved in this and a lot of parties that are going to have to collaborate, release technology, implement technology, educate the consumer, and so forth. My sense, just as a personal estimate, is that you will see significant deployment in the 2- to 5-year range, because many of the pilots that are currently going on aren't going to be completed until sometime next year. So, I think you are going to see a slow growth curve for an extended period of time. Mr. Luetkemeyer. Do the rest of you kind of anticipate the same? Mr. Leach. We have been talking about the consumer side of the phone. I think from a mobile payment acceptance, we see that today. At PIC Council, we have standards that accept certain types of mobile technology to accept traditional payment cards, plastic cards. We have seen our first products come through, be lab tested, certified, and listed on our Web site. So for mobile acceptance, payment acceptance, it is here today. Mr. Vanderhoof. Excuse me, I would just add that the solutions on mobile payment that you are hearing from the well- known, well-recognized brands that have a clean sense of the security and the certification requirements of this technology are going to evolve slower than the Internet start-ups of the world who might come up with an application that you can download on your phone and be in business basically overnight. But for consumers, I think they have to pay attention to who is behind the technology that they might be interested in using? What safeguards exist? And it is probably always the wise choice to look at the established companies that are backing this and the reasons why they are moving at the pace that they are moving in order to maintain security. Mr. Luetkemeyer. Yes, I am not very technologically savvy, so this is kind of three steps above my grade here. But it would seem to me that you are going to have to have a platform here within which all of these transactions can occur with the same sort of technology to be able to talk to each other. I assume that is possible. I am assuming everybody is already working on the same platform or the same language or whatever it takes to make this all work. Is that a safe assumption? Mr. McLaughlin. I think you see a strong movement that we work together as an industry to make sure that this will work; that it is safe and secure. So that is why some of the standards that we have talked about earlier like the underlying EMV technology, the PCI standards that are out there, and things of that nature provide a baseline that consumers and merchants know they can trust. Having those standards out there also allows us to compete vigorously on who can deliver the best consumer experience and the best value out there. So, we have to make sure that there is a foundation that works so we can all compete on the works better. Mr. Luetkemeyer. Are there other places in the world where this is being done already? Are we the leading country? Are we technologically leading the world with this application? Ms. Martindale. Actually we are one of the--we are behind on mobile-- Mr. Luetkemeyer. We are behind? Ms. Martindale. Yes, in fact, other countries--people have mentioned Europe--but in developing countries, this is taking off like wildfire, but with a very different set-up, and granted, the infrastructures in those countries may be different. So, I am not necessarily saying that we would be able to replicate in the same way that we have seen in other countries. I would use Kenya as an example. African countries have been adopting mobile payments using a regular--you don't have to have a smartphone--cell phone, where basically you are giving a deposit to the wireless carrier and the wireless carrier is helping you manage your funds. And that is something that I have not heard the industry is not as interested in going that direction right now. I think it is more the NFC-enabled, Google Wallet-type of scenario where you have your different payment cards linked up to the application. But other countries have been doing this for several years now, and it has been a way of banking unbanked consumers. However, it has also involved a great deal of proactive collaboration between the Central Bank of Nigeria, for example, and the major telecoms. It is a very different, more centralized set-up then we would have here. Mr. McLaughlin. Yes, I think the key is providing the appropriate technology for consumers. Consumers in the United States today have access to electronic payments. In many of these countries, they don't. So, MasterCard has been working hard to work with the telecommunication providers and financial institutions in those countries to provide appropriate technology. One quick example--the GSMA is a mobile association, which last year gave us their Mobile Money Innovation of the Year Award for what we had done in Kenya working with Standard Charter Bank and Airtel to provide virtual MasterCard numbers to people who had no access to online transactions on the Internet. So suddenly, a whole swath of the population who weren't able to access anything online now had access to it by harnessing the existing payment networks and tailoring it precisely for what was needed in those networks. Mr. Luetkemeyer. That is interesting. I know the death knell has been sounding for cashing checks for many, many years, and it seems that they are still there. So maybe, you guys are taking a first step down the road to do away with those. Thank you, Mr. Chairman. Mr. Renacci. I want to thank all of the members of the panel for testifying this morning. The Chair notes that some Members may have additional questions for the panel, which they may wish to submit in writing. Without objection, the hearing record will remain open for 30 days for Members to submit written questions to these witnesses and to place their responses in the record. This hearing is adjourned. [Whereupon, at 11:18 a.m., the hearing was adjourned.] A P P E N D I X March 22, 2012 [GRAPHIC] [TIFF OMITTED] T5082.001 [GRAPHIC] [TIFF OMITTED] T5082.002 [GRAPHIC] [TIFF OMITTED] T5082.003 [GRAPHIC] [TIFF OMITTED] T5082.004 [GRAPHIC] [TIFF OMITTED] T5082.005 [GRAPHIC] [TIFF OMITTED] T5082.006 [GRAPHIC] [TIFF OMITTED] T5082.007 [GRAPHIC] [TIFF OMITTED] T5082.008 [GRAPHIC] [TIFF OMITTED] T5082.009 [GRAPHIC] [TIFF OMITTED] T5082.010 [GRAPHIC] [TIFF OMITTED] T5082.011 [GRAPHIC] [TIFF OMITTED] T5082.012 [GRAPHIC] [TIFF OMITTED] T5082.013 [GRAPHIC] [TIFF OMITTED] T5082.014 [GRAPHIC] [TIFF OMITTED] T5082.015 [GRAPHIC] [TIFF OMITTED] T5082.016 [GRAPHIC] [TIFF OMITTED] T5082.017 [GRAPHIC] [TIFF OMITTED] T5082.018 [GRAPHIC] [TIFF OMITTED] T5082.019 [GRAPHIC] [TIFF OMITTED] T5082.020 [GRAPHIC] [TIFF OMITTED] T5082.021 [GRAPHIC] [TIFF OMITTED] T5082.022 [GRAPHIC] [TIFF OMITTED] T5082.023 [GRAPHIC] [TIFF OMITTED] T5082.024 [GRAPHIC] [TIFF OMITTED] T5082.025 [GRAPHIC] [TIFF OMITTED] T5082.026 [GRAPHIC] [TIFF OMITTED] T5082.027 [GRAPHIC] [TIFF OMITTED] T5082.028 [GRAPHIC] [TIFF OMITTED] T5082.029 [GRAPHIC] [TIFF OMITTED] T5082.030 [GRAPHIC] [TIFF OMITTED] T5082.031 [GRAPHIC] [TIFF OMITTED] T5082.032 [GRAPHIC] [TIFF OMITTED] T5082.033 [GRAPHIC] [TIFF OMITTED] T5082.034 [GRAPHIC] [TIFF OMITTED] T5082.035 [GRAPHIC] [TIFF OMITTED] T5082.036 [GRAPHIC] [TIFF OMITTED] T5082.037 [GRAPHIC] [TIFF OMITTED] T5082.038 [GRAPHIC] [TIFF OMITTED] T5082.039 [GRAPHIC] [TIFF OMITTED] T5082.040 [GRAPHIC] [TIFF OMITTED] T5082.041 [GRAPHIC] [TIFF OMITTED] T5082.042