[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]



 
                        THE FUTURE OF MONEY: HOW
                         MOBILE PAYMENTS COULD
                       CHANGE FINANCIAL SERVICES

=======================================================================

                                HEARING

                               BEFORE THE

                 SUBCOMMITTEE ON FINANCIAL INSTITUTIONS

                          AND CONSUMER CREDIT

                                 OF THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                             MARCH 22, 2012

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 112-110



                  U.S. GOVERNMENT PRINTING OFFICE
75-082                    WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202ï¿½09512ï¿½091800, or 866ï¿½09512ï¿½091800 (toll-free). E-mail, [email protected].  


                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                   SPENCER BACHUS, Alabama, Chairman

JEB HENSARLING, Texas, Vice          BARNEY FRANK, Massachusetts, 
    Chairman                             Ranking Member
PETER T. KING, New York              MAXINE WATERS, California
EDWARD R. ROYCE, California          CAROLYN B. MALONEY, New York
FRANK D. LUCAS, Oklahoma             LUIS V. GUTIERREZ, Illinois
RON PAUL, Texas                      NYDIA M. VELAZQUEZ, New York
DONALD A. MANZULLO, Illinois         MELVIN L. WATT, North Carolina
WALTER B. JONES, North Carolina      GARY L. ACKERMAN, New York
JUDY BIGGERT, Illinois               BRAD SHERMAN, California
GARY G. MILLER, California           GREGORY W. MEEKS, New York
SHELLEY MOORE CAPITO, West Virginia  MICHAEL E. CAPUANO, Massachusetts
SCOTT GARRETT, New Jersey            RUBEN HINOJOSA, Texas
RANDY NEUGEBAUER, Texas              WM. LACY CLAY, Missouri
PATRICK T. McHENRY, North Carolina   CAROLYN McCARTHY, New York
JOHN CAMPBELL, California            JOE BACA, California
MICHELE BACHMANN, Minnesota          STEPHEN F. LYNCH, Massachusetts
THADDEUS G. McCOTTER, Michigan       BRAD MILLER, North Carolina
KEVIN McCARTHY, California           DAVID SCOTT, Georgia
STEVAN PEARCE, New Mexico            AL GREEN, Texas
BILL POSEY, Florida                  EMANUEL CLEAVER, Missouri
MICHAEL G. FITZPATRICK,              GWEN MOORE, Wisconsin
    Pennsylvania                     KEITH ELLISON, Minnesota
LYNN A. WESTMORELAND, Georgia        ED PERLMUTTER, Colorado
BLAINE LUETKEMEYER, Missouri         JOE DONNELLY, Indiana
BILL HUIZENGA, Michigan              ANDRE CARSON, Indiana
SEAN P. DUFFY, Wisconsin             JAMES A. HIMES, Connecticut
NAN A. S. HAYWORTH, New York         GARY C. PETERS, Michigan
JAMES B. RENACCI, Ohio               JOHN C. CARNEY, Jr., Delaware
ROBERT HURT, Virginia
ROBERT J. DOLD, Illinois
DAVID SCHWEIKERT, Arizona
MICHAEL G. GRIMM, New York
FRANCISCO ``QUICO'' CANSECO, Texas
STEVE STIVERS, Ohio
STEPHEN LEE FINCHER, Tennessee

           James H. Clinger, Staff Director and Chief Counsel
       Subcommittee on Financial Institutions and Consumer Credit

             SHELLEY MOORE CAPITO, West Virginia, Chairman

JAMES B. RENACCI, Ohio, Vice         CAROLYN B. MALONEY, New York, 
    Chairman                             Ranking Member
EDWARD R. ROYCE, California          LUIS V. GUTIERREZ, Illinois
DONALD A. MANZULLO, Illinois         MELVIN L. WATT, North Carolina
WALTER B. JONES, North Carolina      GARY L. ACKERMAN, New York
JEB HENSARLING, Texas                RUBEN HINOJOSA, Texas
PATRICK T. McHENRY, North Carolina   CAROLYN McCARTHY, New York
THADDEUS G. McCOTTER, Michigan       JOE BACA, California
KEVIN McCARTHY, California           BRAD MILLER, North Carolina
STEVAN PEARCE, New Mexico            DAVID SCOTT, Georgia
LYNN A. WESTMORELAND, Georgia        NYDIA M. VELAZQUEZ, New York
BLAINE LUETKEMEYER, Missouri         GREGORY W. MEEKS, New York
BILL HUIZENGA, Michigan              STEPHEN F. LYNCH, Massachusetts
SEAN P. DUFFY, Wisconsin             JOHN C. CARNEY, Jr., Delaware
FRANCISCO ``QUICO'' CANSECO, Texas
MICHAEL G. GRIMM, New York
STEPHEN LEE FINCHER, Tennessee


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    March 22, 2012...............................................     1
Appendix:
    March 22, 2012...............................................    29

                               WITNESSES
                        Thursday, March 22, 2012

Leach, Troy, Chief Technology Officer, PCI Security Standards 
  Council, LLC...................................................     6
Martindale, Suzanne, Staff Attorney, Consumers Union of U.S., 
  Inc............................................................    11
McLaughlin, Ed, Chief Emerging Payments Officer, MasterCard 
  Worldwide......................................................     7
Oliver, Richard R., Payments Consultant/Retired Executive Vice 
  President, the Federal Reserve Bank of Atlanta, and co-author 
  of ``Mobile Payments in the United States: Mapping Out the Road 
  Ahead''........................................................     4
Vanderhoof, Randy, Executive Director, Smart Card Alliance.......     9

                                APPENDIX

Prepared statements:
    Leach, Troy..................................................    30
    Martindale, Suzanne..........................................    39
    McLaughlin, Ed...............................................    43
    Oliver, Richard R............................................    55
    Vanderhoof, Randy............................................    58


                        THE FUTURE OF MONEY: HOW
                         MOBILE PAYMENTS COULD
                       CHANGE FINANCIAL SERVICES

                              ----------                              


                        Thursday, March 22, 2012

             U.S. House of Representatives,
             Subcommittee on Financial Institutions
                               and Consumer Credit,
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to notice, at 10:02 a.m., in 
room 2128, Rayburn House Office Building, Hon. Shelley Moore 
Capito [chairwoman of the subcommittee] presiding.
    Members present: Representatives Capito, Renacci, 
Luetkemeyer, Huizenga, Grimm; Maloney, McCarthy of New York, 
Scott, and Carney.
    Chairwoman Capito. This hearing will come to order.
    I appreciate the witnesses being here. We are expecting a 
series of votes as early as 11:30, and if we are unable to 
complete the hearing before the votes, we will return after 
votes are completed.
    But we meet today to begin what I think is an exciting and 
important task, which is making sure our financial system and 
its regulatory structure are prepared to enter the new world of 
mobile payments.
    You see a lot of press about mobile banking; certainly a 
lot of advertising on mobile banking. And without saying too 
much about my general age area, this is age-specific in some 
ways considering my mother has never used an ATM, but she does 
pump her own gas.
    I know what my children, who in their 20s, are going to be 
doing in terms of how they bank. And this is what I think is 
the relevance--why I am extremely interested in this as we move 
through this panel.
    While most people believe that making a mobile payment 
involves waving a smartphone at a cash register, and it may be, 
there are a lot more ways to exchange values.
    Contactless cards and short e-mail messages giving 
instructions to transfer value represent other form of mobile 
payments. The whole field offers the possibility of faster and 
cheaper transfers of value, oftentimes with the promise of 
enhanced security that surpasses what is possible today.
    We are, I think, on a precipice of some fundamental change 
in the way money is exchanged between consumers and businesses. 
And that is why I am interested and I wanted to have this 
hearing on the future of money.
    While some aspects of mobile payments have been with us for 
a while, and some business models are already developed, other 
aspects of mobile payments are in the beginning stages of pilot 
programs. Either way, there is a lot for Congress, banks, 
regulators, retailers, and customers to learn.
    Most importantly, we want to make sure these payments are 
safe and secure; at least as safe as using cash, checks or 
credit cards, and hopefully even more so. Bringing the strength 
of high-powered computers to bear on account safety could allow 
us to erect layers of security that help foil the hackers who 
lie in wait on the Internet today, stealing millions of 
identities--and we have looked into this in our subcommittee as 
well--and billions of dollars annually.
    After all, the smartphone that was essentially nonexistent 
less than 6 years ago, is said to be far more powerful than the 
large supercomputers of the 1980s, or certainly of those of us 
who went to college in the 1970s and took computer science and 
we had those stacks of cards that we had to feed into the 
computer and stay in the computer room all night to make sure 
they went through.
    Today's hearing is an introduction to mobile payments, the 
first I am aware of to be held by Congress. We have five expert 
witnesses who can discuss broadly the state of the mobile 
payment industry and where and how fast they see it developing.
    Among them is Richard Oliver. Until he retired last year, 
he was the Federal Reserve's top mobile payments expert and the 
principal author of the Fed's widely praised White Paper on the 
subject. We also have experts from the issuer side, from the 
standards sides of mobile payments, and a consumer specialist.
    So I look forward to hearing everybody's testimony and I 
would now like to recognize the ranking member from New York, 
Mrs. Maloney, for the purpose of making an opening statement.
    Mrs. Maloney. First of all, I would like to thank 
Chairwoman Capito for holding this hearing, one in a series on 
the future of mobile payments in our financial system.
    And thank you to all the panelists for joining us this 
morning. I believe this hearing will serve as a great first 
step and learning session on this rapidly evolving technology. 
I feel that this is another example of American exceptionalism, 
of coming up with an innovative idea, an efficient idea that 
keeps America moving forward and employing more people, 
becoming more efficient and making us an even stronger country.
    I am excited about this idea and I really look forward to 
hearing all of your testimony.
    Mobile payments in the United States are expected to 
generate $215 billion by the year 2015. Forty-three million 
adults in this country use alternative financial services as a 
form of banking. And as this technology continues to move 
forward, it creates innovative and exciting opportunities for 
everyday citizens at home and at work.
    The possibilities are truly endless. We are seeing what 
technology can do for consumers and businesses as mobile 
technology opens the door to an entirely new method of 
financial interaction.
    Mobile payments, payments made by electronic means, 
effectively replace cash, checks, and traditional credit cards. 
This evolving form of financial exchange can provide consumers 
with greater purchasing power; allow merchants to market their 
goods more efficiently; and help create a truly mobile, 
electronic, and innovative society.
    Mobile payments can involve text messages that transfer 
funds from one person to another or to a financial institution, 
as experienced in the successful program to funnel aid to 
earthquake victims in Haiti. I was truly stunned at how 
successful this program was. They had on every taxicab, ``Get 
on your mobile phone and text $5 to the earthquake victims.'' 
And that successful effort led to $5 million in $10 donations 
from Americans throughout our great country through their 
cellphone carriers.
    This happened--truly outstanding possibilities for this new 
form of payment. And mobile payment technology can allow 
consumers to wave their phones at checkouts and even direct 
those charges to prepaid phone deposits and phone bills. I love 
it. It just gets better and better. We wouldn't lose all our 
papers all the time if we had this.
    And as mobile phones become more prevalent, and as the 
number of methods of making payments increase, it is important 
to look at the hurdles facing its implementation.
    How much will the adoption of mobile payments cost 
merchants as they purchase and install readers for their 
technology? How protected are consumers? Can hackers steal 
their data out of the air? What is the level of disclosure that 
will be provided to our consumers--greater regulatory clarity 
for this market? Consumers want payments that are convenient 
and inexpensive.
    But we must make sure that security is not abandoned for 
the sake of this new technology. It may be years before this 
technology fully becomes a reality for the majority of people 
the way debit cards have. However, I am happy that we are 
discussing this important issue at the ground level. I 
congratulate the chairwoman for calling this important hearing. 
I look forward to your testimony and I welcome everybody.
    Chairwoman Capito. Thank you.
    Mr. Renacci, for 1 minute, for an opening statement.
    Mr. Renacci. Thank you Madam Chairwoman.
    This is an exciting time in the payments industry. Over the 
last several years, innovative companies have invested huge 
amounts of capital and manhours to lay the groundwork for many 
of the methods we are discussing here today.
    New innovations in smartphones and mobile payments are 
bringing consumers greater convenience and a better buying 
experience, while also increasing the security of payment 
transactions. While I am interested to learn about these new 
products and services here today, I also want to hear what we 
in Congress can do to make sure that these innovations progress 
in a safe and prosperous manner.
    We must encourage a free market where innovators can 
realize the benefits of their investments and consumers can 
benefit from lower costs and safer products. I look forward to 
hearing your testimony today.
    I yield back the remainder of my time.
    Chairwoman Capito. Thank you.
    I don't think Mr. Grimm wanted to make an opening 
statement, so we will go ahead and go directly to the 
testimony.
    I want to recognize the witnesses for the purpose of making 
a 5-minute statement, and then we will go to the question-and-
answer period.
    As I mentioned in my opening statement, we are really lucky 
and pleased to have Mr. Richard Oliver here. He is the co-
author of ``Mobile Payments in the United States: Mapping Out 
the Road Ahead,'' which was published by the Federal Reserve 
Bank of Atlanta.
    Welcome, Mr. Oliver.

  STATEMENT OF RICHARD R. OLIVER, PAYMENTS CONSULTANT/RETIRED 
EXECUTIVE VICE PRESIDENT, THE FEDERAL RESERVE BANK OF ATLANTA, 
   AND CO-AUTHOR OF ``MOBILE PAYMENTS IN THE UNITED STATES: 
                  MAPPING OUT THE ROAD AHEAD''

    Mr. Oliver. Thank you very much.
    And let me start by thanking the committee and the 
subcommittee for the opportunity to come and share information 
with you about the mobile payments environment while it is 
still very early in its evolution.
    In 2010 payments research teams from the Federal Reserve 
Banks of Atlanta and Boston collaborated to conduct an 
assessment of the state of and potential for deployment of 
mobile payment options in the United States. Our interests were 
to determine the impact of mobile payments on existing payments 
businesses and to isolate potential risks to consumers and 
businesses who might choose to use mobile payment options.
    To conduct the assessment, we invited most of the major 
players from the mobile payments industry to discuss with us on 
a voluntary basis the opportunities, barriers, and challenges 
associated with implementing a successful mobile payments 
environment in this country.
    The attendees included major card brands, wireless 
operators, financial institutions, industry trade groups, 
retailers, and many other participants.
    Please note that this effort was not directed at mobile 
banking, which is the use of your mobile phone to access online 
banking functions. It was directed at actually exchanging value 
at the point of sale utilizing your phone.
    Over the course of what turned out to be seven meetings 
during 2010 and 2011, we not only gained great insight into the 
evolution of mobile payments in the country, but the group 
helped us isolate a series of key factors that they 
collectively felt should be met to ensure a safe implementation 
of mobile payments in this country. And my purpose here today 
is to share those with you.
    The first was that the proposed environment should be best 
defined as an open wallet. That is, a wallet that would allow 
complete access by all persons using all credentials they might 
want to use as opposed to proprietary initiatives that might 
limit the amount of instruments available for use by a 
consumer.
    Second, the mobile infrastructure would likely be based on 
near-field communications technology, resident and mobile 
devices, and in retail point-of-sale terminals. This technology 
is now becoming common in other countries and would allow users 
to tap their phones and institute a purchase.
    Third, existing, well-protected clearing and settlement 
rails would likely be the way that value would be exchanged. 
That is through the debit card, credit card, and prepaid and 
automated clearinghouse networks to be used for clearing and 
settlement between parties.
    Fourth, some form of enhanced security such as dynamic data 
authorization should be used to deter counterfeiting and I.D. 
theft at the point of sale. This technology is already resident 
in chip and pin cards being used throughout the world.
    Fifth, common standards should be designed, developed, 
certified, and implemented throughout the industry to ensure 
interoperability, efficiency, and ease of use by consumers and 
businesses.
    Sixth, the regulatory oversight regimen for mobiles should 
be made clear early on and participants should be involved in 
these compliance activities.
    Bank and nonbank regulators such as the FCC, the FTC, and 
the new Consumer Financial Protection Bureau should collaborate 
early on to define the regulatory environment for all the 
participants.
    Seventh, entities such as a trusted service manager that 
exist in the card world today should oversee the provision of 
the interoperable and shared security elements in the phone.
    The group also recognized the possible need over time for 
some entity to serve as a coordinating party to keep the very 
diverse participants on track and working together and possibly 
to create a roadmap for the future to allow the participants to 
understand how to minimize their long-term investments in the 
technology that is necessary.
    However, the majority of the group at the time felt it was 
too early in the process to do this and the completion of early 
pilots and tests would better inform such work.
    All of this information and more was captured in the White 
Paper that you alluded to, which was authorized by the 
participants and cooperatively authored by the two Reserve 
Banks.
    It is available on Reserve Bank Web sites. It has been 
well-vetted at conferences and trade press over the past year, 
and was shared with all of the Federal regulators and law 
enforcement agencies at a session we held in the first half of 
last year, at which my colleague from Boston and I presented.
    As the work proceeded, most of the participants have 
decided to participate in a number of pilots and test 
situations going on that should better test the validity of 
these aforementioned principles and pave the way for more 
widespread deployment.
    In closing, the work group continues to meet on issues of 
common interest such as data security. But they have been 
outspoken recently about the need to educate and inform 
business, government and consumers about the mobile 
environment.
    We view this hearing as a great first step in this process 
and appreciate the opportunity to participate. Thank you.
    [The prepared statement of Mr. Oliver can be found on page 
55 of the appendix.]
    Chairwoman Capito. Thank you very much.
    Our next witness is Mr. Troy Leach, chief technology 
officer, PCI Security Standards Council. Welcome.

STATEMENT OF TROY LEACH, CHIEF TECHNOLOGY OFFICER, PCI SECURITY 
                     STANDARDS COUNCIL, LLC

    Mr. Leach. Chairwoman Capito, Ranking Member Maloney, and 
members of the subcommittee, thank you for the opportunity to 
testify on the important topic of mobile payment security.
    My name is Troy Leach. I am the chief technology officer 
for the Payment Card Industry Security Standards Council, also 
known as the PCI Council.
    Formed in 2006 by the major payment card brands, the 
Council guides the development of open industry standards to 
protect payment information.
    More than 600 companies worldwide participate in the 
Council's work for many different industries and backgrounds, 
including a number of the leading players in the mobile space, 
including a number of people who will be spoken about later 
today.
    So it is exciting for us to be here today representing 
these members, from restaurants to banks to airlines to 
technology vendors, who are eager to realize the benefit of 
mobile payment acceptance in the most secure way possible.
    The PCI standards are a strong industry framework for 
protecting payment data. And it is this framework that we are 
applying to mobile payment acceptance space.
    Mobile technology is exciting and dynamic with a potential 
to change the way we accept payments not only in the United 
States, but also around the world. The benefits could be 
significant. However, both consumers and merchants want to know 
that using mobile technology for payment is just as safe as 
using a traditional form of payment.
    From our perspective at the council, making it secure is 
our priority. For traditional payment card security, for the 
Council, we have focused on people, process and technology.
    The mobile payment environment is very complex, more so 
than the traditional payment card scenario. Our goal is to work 
with the industry to provide security across that spectrum.
    Let me also clarify the Council's focus. There are two 
aspects to mobile payments: initiation; and acceptance. The 
first is when a consumer is using a phone in place of a payment 
card to make a purchase. That is initiation. And the other is 
where a mobile device, perhaps even the same mobile phone, is 
being used by a merchant to accept payment cards.
    There are a number of groups, including some of my fellow 
panelists, working on the first aspect with the aim to protect 
consumer's payment data.
    The Council's security efforts have been focused on the 
second area of payment acceptance, specifically of securing the 
use of mobile devices as a point-of-sale acceptance tool.
    Our first step has been to make sure that merchants can use 
mobile technology to accept payments safely and to protect 
their customers' information. PCI standards already apply to 
mobile acceptance today, addressing the security of mobile 
devices, of mobile applications, and the environments in which 
they operate.
    Expanding on these standards, we have published security 
requirements that make it possible for merchants to use plug-in 
devices with mobile phones to swipe payment card data.
    We have also put out guidance on developing mobile payment 
acceptance applications to help merchants process these 
payments securely. And we will be releasing additional best 
practices later this year on securing mobile payment 
transactions.
    As payment security is a shared responsibility, all parties 
in the payment chain must work together in this effort. The 
Council is concerned with making sure that these parties are 
validated in the products and services that they provide. And 
moving forward, we will explore this area even further.
    Lastly, great work is being done through the advancement of 
technologies in payment. Technologies are emerging that have 
the ability to eliminate card data from potentially insecure 
mobile environments.
    The Council has already harnessed some of these 
technologies to address this dynamic environment and we will 
continue to assess and develop standards and guidance around 
them moving forward.
    In closing, mobile technology offers exciting potential to 
that payment space. To help realize this securely, the Council 
will work with its global stakeholders to develop industry 
standards and the resources necessary for the protection of 
cardholder data across all payment channels and the reduction 
of fraud for consumers and businesses globally.
    Thank you. I look forward to your questions.
    [The prepared statement of Mr. Leach can be found on page 
30 of the appendix.]
    Chairwoman Capito. Thank you very much.
    Our next witness is Mr. Ed McLaughlin, chief emerging 
payments officer, MasterCard Worldwide. Welcome.

 STATEMENT OF ED MCLAUGHLIN, CHIEF EMERGING PAYMENTS OFFICER, 
                      MASTERCARD WORLDWIDE

    Mr. McLaughlin. Thank you, and good morning, Chairwoman 
Capito, Ranking Member Maloney, and members of the 
subcommittee.
    My name is Ed McLaughlin. I am the chief emerging payments 
officer at MasterCard Worldwide based in Purchase, New York. It 
is my pleasure to appear before you today and discuss 
developments in mobile payment.
    MasterCard is a leader in the transformation of mobile 
phones and to secure payment devices and a champion of global 
mobile payment standards. We appreciate the opportunity to be 
here today to share our perspective on how mobile payments are 
developing and benefiting consumers and businesses.
    As mobile payments continue to evolve, we need to 
constantly focus on two goals. First, we must strive to make 
paying for something as simple and as compelling as possible 
for every participant in the payments chain.
    Second, we must provide the highest level of security to 
consumers, to merchants, and to our financial institution 
customers. At MasterCard, we invest heavily in the technologies 
that make both of these goals possible.
    Now, as you might expect, mobile devices are bringing 
changes to the way people interact and also how they want to 
transact. For example, the acceptance of card-based payments 
through the use of handheld devices is opening up channels of 
transactions for entrepreneurs that were not possible just a 
few years ago.
    Smartphones also provide a platform for the delivery of new 
applications that are transforming the in-store shopping 
experience for consumers. For merchants, smartphones provide a 
convenient channel to engage consumers at multiple levels such 
as through an Internet storefront or social media account.
    Smartphones themselves are also becoming payment devices 
through the adoption of near field communication, or NFC, 
technology. MasterCard's PayPass, our Tap & Go product, is at 
the forefront of this space. And by 2016, it is anticipated 
that the majority of smartphones will support this technology.
    So why are the new uses for mobile phones so important? 
Because they provide convenience and promote financial 
inclusion in a very secure environment.
    Unlike the simple plastic card that has been around for 
decades, smartphones provide an intelligent device right in the 
consumer's hands that the consumer can use to interact with 
financial service providers and merchants in ways that were 
never before possible.
    Also, when you look at the 85 percent of transactions that 
are still being funded through cash and check, it is clear that 
smartphone technology provides an unprecedented opportunity to 
accelerate the transition to safe and secure electronic 
payments.
    By enhancing the ways that people connect to our network, 
we are able to deliver new services to benefit consumers and to 
reach a large number of consumers who are currently outside the 
financial mainstream.
    For example, payment card solutions like prepaid cards, 
coupled with mobile technology, can unlock the global commerce 
grid to consumers who do not currently have access to 
mainstream financial services.
    So at MasterCard, we have invested substantial financial 
resources and human capital in developing the technology 
necessary for our part in the mobile payments ecosystem.
    Each day, we strive to make payments simple for all 
participants in the payment chain while providing those highest 
levels of security. For example, this is why we applied 
MasterCard's zero liability protections for consumers to these 
new payment technologies, including mobile-based payments.
    In addition, we have recently announced a program to 
transition MasterCard-branded payment products in the United 
States to the EMV standard. The EMV standard is a global 
standard for debit and credit payments based on chip 
technology, the objective of which is to ensure 
interoperability globally and acceptance of payment cards on a 
worldwide basis.
    The adoption of EMV-compliant payments in the United States 
will help provide additional layers of protection for consumers 
at the points of interaction.
    MasterCard is extremely proud of the role we play in 
advancing commerce through new technologies. The mobile phone 
and many other smart handheld devices are transforming the way 
we conduct our everyday lives, and hold significant promise for 
providing new value to consumers and businesses, particularly 
in the delivery of financial services.
    Again, I appreciate the opportunity to appear before you 
today, and when we get to it, I will be glad to answer any 
questions you may have.
    Thank you.
    [The prepared statement of Mr. McLaughlin can be found on 
page 43 of the appendix.]
    Chairwoman Capito. Our next witness is Mr. Randy 
Vanderhoof, executive director, Smart Card Alliance.
    Welcome.

 STATEMENT OF RANDY VANDERHOOF, EXECUTIVE DIRECTOR, SMART CARD 
                            ALLIANCE

    Mr. Vanderhoof. Thank you.
    Chairwoman Capito, and members of the subcommittee, on 
behalf of the Smart Card Alliance and its members, I thank you 
for the opportunity to testify today.
    The Smart Card Alliance is a nonprofit organization that 
provides education and a collaborative open forum among leaders 
in various industries, including mobile payments.
    We applaud the subcommittee's interest in making mobile 
payments safe, flexible, and resilient with the appropriate 
legal, regulatory, and security frameworks.
    Mobile devices can be used to facilitate the payment 
process in many ways. I am going to focus my remarks on the use 
of a payment-application-enabled mobile phone that can be used 
to pay at a physical merchant location as an alternative to 
paying with a plastic credit or debit card.
    This hearing was convened to examine issues essential to 
making mobile payments safe and to ensure appropriate 
legislative oversight is in place. The good news is that the 
type of mobile payments that I am here to talk about today is 
built on already-established legal, regulatory, and security 
frameworks in both the payment and the wireless telecom 
industries.
    This mobile technology is referred to as NFC mobile 
contactless payment. NFC, or near field communication, is a 
form of short-range wireless communications inside a phone. NFC 
is a new technology that enables secure mobile payment at 
physical merchant locations.
    The NFC mobile contactless payment approach has two 
advantages very important to this subcommittee. First, 
underpinning the legal and regulatory framework is the simple 
fact that while NFC mobile payments use a phone instead of a 
card, the payment account remains a credit or debit card 
account, and as such is already covered by existing laws and 
regulations.
    Second, the security and reliability of this approach are 
grounded in global standards, established certification 
processes, and in industry best practices that are the 
culmination of nearly 20 years of work in applying smartcard 
chip technology to protect payment accounts and mobile phone 
subscribers.
    Multiple international standards have been developed for 
NFC mobile payment, and are supported by the mobile industry 
and endorsed by the payment industry. In addition, new and 
existing safeguards are used with mobile payment devices to add 
many layers of protection for consumer account information and 
transactions.
    For example, access to the payment application can be 
password-protected, and a lost or stolen phone can be turned 
off instantly with one call to the customer's mobile operator. 
The NFC-enabled phone is provisioned with a digital payment 
credential issued by a bank and stored in a new, specially 
designed, secure memory location in the phone.
    The credential is transmitted to a merchant's NFC-enabled 
payment terminal by short-range wireless communications. The 
authorization and settlement processes are the same for those 
used when the consumer pays with a traditional credit or debit 
card.
    Market development involving many of America's largest and 
most trusted companies is well under way. One example is Isis, 
a new mobile carrier joint venture between AT&T, Verizon 
Wireless, and T-Mobile using the NFC mobile contactless payment 
technology we are discussing today. Isis will license payments 
provided by American Express, Discover, MasterCard, and Visa 
for its NFC rollouts.
    Another example is Google Wallet. Google has already 
launched its NFC mobile contactless payments offering to 
consumers, partnering with MasterCard, Citi, First Data, and 
Sprint. More than two dozen large retailers including Macy's 
and American Eagle Outfitters have enabled their stores to 
accept Google Wallet mobile purchases and coupon offers.
    NFC payment-embedded and mobile phones won't be the only 
form of mobile payment. There are new mobile technologies being 
tested other than NFC that are promising yet still unproven. 
NFC offers value to both consumers and merchants. In addition 
to value, consumers' confidence is in the underlying 
infrastructure, and the credibility of industry offerings are 
critical to its adoption.
    Consumers will benefit from and trust in a mobile payments 
infrastructure that has a strong focus on security and uses the 
existing payments infrastructure for transactions.
    Mobile phones represent a fertile landscape for new ways 
consumers can transact with retailers, financial institutions, 
application stores, and each other. Mobile payments innovation 
is going to continue to evolve, as more people upgrade to 
smartphones and learn about the new services they hold in the 
palm of their hand.
    In summary, ``The Future of Money,'' as this hearing is 
entitled, is being positively impacted by mobile technology. 
The changes in financial services that you have rightfully 
called attention to are being well-managed and securely 
protected by NFC technology and the collective knowledge 
resources of the financial and mobile industries.
    The Smart Card Alliance would like to thank the 
subcommittee once again for holding this important and forward-
looking hearing. We greatly appreciate the opportunity to 
present information that assists in the setting of legal, 
regulatory, and security frameworks necessary to implement 
safe, flexible, and resilient mobile financial products.
    Thank you.
    [The prepared statement of Mr. Vanderhoof can be found on 
page 58 of the appendix.]
    Chairwoman Capito. Thank you.
    And our final witness is Ms. Suzanne Martindale, staff 
attorney with the Consumers Union.
    Welcome.

  STATEMENT OF SUZANNE MARTINDALE, STAFF ATTORNEY, CONSUMERS 
                      UNION OF U.S., INC.

    Ms. Martindale. Madam Chairwoman, Ranking Member Maloney, 
and members of the subcommittee, thank you very much for the 
opportunity to testify today on behalf of Consumers Union, the 
advocacy policy arm of Consumer Reports.
    Mobile payments allow consumers to buy products or transfer 
money with a mobile device. The market includes a range of 
different technologies and many ways to fund the transactions. 
The U.S. mobile payments market is still developing and it 
remains unclear which trends will prevail.
    It is too soon to know which consumers will benefit most 
from the industry's growth, or inversely, be most vulnerable to 
risk. However, policymakers can make a few simple fixes to 
ensure that all mobile payments are safe.
    The mobile payments market is, in a word, complex. There 
are multiple ways to initiate payments. Some services involve 
sending a text message or using an application downloaded to 
the device. Others employ a chip embedded in the hardware which 
the consumer waves at a contactless reader.
    Furthermore, multiple parties are involved in completing 
the transaction. You have consumers, merchants, third-party 
processors, wireless carriers, and financial institutions, all 
in the same ecosystem. With so many players involved, the risk 
of confusion for the consumer increases, should something go 
wrong.
    Who is responsible for fixing the problem? If the different 
parties all point fingers at each other, the consumer may be 
out of luck.
    Despite these challenges, mobile payments in the United 
States are projected to gross $214 billion by 2015, in part due 
to their potential to provide speed and convenience for 
consumers and merchants. Some merchants are interested in the 
technology because mobile payment service providers may charge 
lower processing fees than traditional networks at the point of 
sale.
    Mobile payment technologies also have the potential to 
serve new audiences. This may appeal to young, tech-savvy 
consumers, as well as consumers who go outside the traditional 
banking system for financial services. For unbanked or 
underbanked consumers, as we call them, mobile payments may 
provide increased access to financial services.
    Low-income households and households of color, in 
particular, are more likely to be unbanked or underbanked. And 
according to a recent Pew study, these same households are more 
likely to adopt cellphones and smartphones compared to the 
general population. This presents an opportunity for mobile 
payment technologies to penetrate these markets. However, these 
same markets may be vulnerable to risk without adequate 
safeguards.
    Internationally, mobile payments have garnered attention 
for helping consumers in developing countries gain access to 
financial services. An estimated 5 billion consumers worldwide 
have a mobile phone, but only 1.5 billion have a bank account.
    In Kenya, where more consumers have cellphones than have 
bank accounts, Safaricoms' popular M-PESA service enables 
consumers to manage transactions entirely through their mobile 
phones, not smartphones, just regular cellphones. M-PESA 
customers can deposit or withdraw cash and send money through a 
network of ATMs and agents, and they can buy goods and services 
with their mobile phone, all without needing a bank account.
    However, U.S. consumers have been slow to adopt mobile 
payments for several reasons. Some mobile payments systems 
remain limited in scope and availability. For example, the new 
Google Wallet uses an NFC, or near field communication, chip 
embedded in the mobile device, which the consumer waves at a 
contactless reader. However, Google Wallet is currently only 
available to Sprint customers with a particular phone, the 
Nexus S smartphone.
    Another mobile payment system, Bling Nation, uses a sticker 
with an embedded chip that the consumer affixes to the device 
and waves at a reader. However, Bling Nation is still available 
only through pilot programs in Palo Alto, Chicago, and Austin.
    Furthermore, market research indicates that consumers have 
concerns about security of their financial information. In a 
survey released last week, the Federal Reserve found that over 
40 percent of consumers still cite security concerns as a 
reason for not adopting mobile payments.
    Finally, not all ways to pay with a mobile device are 
created equal when it comes to consumer protection. Although 
consumers may not be aware of it, U.S. payments law is 
fragmented. The level of protections against unauthorized 
transactions and errors varies, depending on whether a consumer 
links payment to a credit card, a debit card, a prepaid card, a 
bank account, a prepaid phone deposit, or a phone bill.
    Traditional credit and debit cards have mandatory 
protections under existing law; however, prepaid cards do not. 
Mobile payment links to a prepaid phone deposit or a phone bill 
are especially problematic, because they do not neatly fit into 
the existing legal categories.
    Wireless carriers may provide voluntary protections, but 
they are typically not disclosed in customer contracts. The 
different ways to pay by mobile device, and the varying 
protections that apply to each, create the potential for 
confusion when a consumer is faced with a transaction gone 
wrong.
    Consumers need to know where to complain and how to get 
their money back, in case of errors or unauthorized use. 
Consumers cannot afford to lose precious funds due to 
inadequate protections. And for low- and moderate-income 
consumers, this loss could be especially acute.
    Until U.S. payments law is updated to provide clear, 
guaranteed protections for all payment methods, consumers may 
be at risk when using mobile payments technology. Nevertheless, 
a few simple fixes could close the gaps in protection and 
provide clarity to the industry.
    The Consumer Financial Protection Bureau is in a unique 
position to address mobile payments, because it has 
jurisdiction over payment service providers and can clarify 
regulations implementing Federal consumer financial laws.
    Congress and other Federal agencies also have a very 
important role to play in establishing some sensible rules for 
the road that protect consumers and foster innovation.
    Thank you again for the opportunity to testify. I welcome 
your questions.
    [The prepared statement of Ms. Martindale can be found on 
page 39 of the appendix.]
    Chairwoman Capito. Thank you.
    I want to thank all of you. And I will begin with the 
questions.
    First of all, Mr. Oliver, just so I understand, I am 
starting here with the basics. You mentioned ``open wallet.'' 
Can you just explain what an ``open wallet'' is?
    Mr. Oliver. The concept of the ``open wallet'' is that it 
would operate on the phone the same way it does in your current 
wallet. And you can select on that phone any payment instrument 
you choose from any provider and execute a payment using 
standard technology without having to do something terribly 
different from paying an instrument to another.
    Chairwoman Capito. So you could pay out of your bank 
account on your card?
    Mr. Oliver. Out of your bank account, or any card you may 
have in your wallet. Competing cards, prepaid cards, what-have-
you.
    Chairwoman Capito. Right. Okay.
    My understanding, and I am sort of throwing this out to 
anybody who knows this--is that Europe has been much further 
ahead than we are on this technology. They have the chip and 
PIN cards, I guess they are using in Europe? And there is some 
thought that this NFC chip would sort of leapfrog that 
technology.
    Why do you think it has caught on there and it hasn't 
caught on here? And do you in fact think that this will 
leapfrog their technology? I imagine it is going to catch on 
like wildfire once it gets going in a more robust fashion.
    Does anybody know why the European model is further ahead 
than we are on this technology?
    Mr. McLaughlin. Let me open. When you look at markets and 
how they evolve, it usually starts at the baseline conditions. 
The United States benefited from having the best telecom 
infrastructure in the world at the times they were looking at. 
So there are requirements in Europe to be able to handle things 
like offline transactions; to put more intelligence into the 
transactions themselves to purely compensate for the telecoms 
infrastructure that were there. So that led to a set of 
investments in EMV and underlying security technology.
    We have seen that now cascade in markets around the world--
Canada, Mexico, and other markets are moving towards endorsing 
that.
    So in the United States, we now see it as absolutely time 
for us to move from static, plastic-based credentials to 
dynamic protections that can be generated using EMV and chip 
technology. In many ways, we took a plastic card and we put a 
chip on the card. We are now taking the chip off the card and 
putting it into the phone.
    Chairwoman Capito. In the phone.
    Mr. McLaughlin. It is also essential, though, as we work on 
this, that we continue to maintain that worldwide 
interoperability so consumers know that anywhere that they can 
go, they can get the same security around their payment 
products.
    Chairwoman Capito. I agree with that.
    The question I have on--I think all of you have mentioned 
the contactless reader which would be at the vendor site, the 
retailer site. I represent a rural area and there is always a 
question of cost for the retailer. How expensive are these 
devices? Are people investing in them? Somebody mentioned 20 
retailers who are involved in this, the larger retailers.
    How do you see this in terms of the retailer investment? I 
know when we changed the interchange, there was a big hue and 
cry from the retailer to the different readers and so does 
anybody have any kind of statement on that?
    Mr. Vanderhoof. I would like to begin by saying that when 
the U.S. brands--particularly Visa, MasterCard and Discover--
announced that they were moving towards the EMV chip strategy 
within the last year, an important distinction that they 
included in that road map was that they were going to 
incorporate both contact and contactless technology as a part 
of that in order to be able to embrace the mobile contactless 
technologies that we are talking about here today.
    From a merchant perspective, they now have a very clear and 
distinct path forward in terms of what will be the technology 
platform not only to accept their existing payment cards that 
consumers have today, the new and emerging EMV chip cards that 
are coming, but also the mobile NFC payments technology.
    The advantage for the merchants now is that when they do 
make that decision to upgrade their acceptance infrastructure 
in their stores, they can purchase one device that is going to 
support the legacy card technology that is in the market today, 
the evolving new chip contact card technology that is coming 
and the NFC mobile technology in the phone. So they will make 
one investment supporting three of their primary methods of 
payment.
    Chairwoman Capito. Is that technology available right now?
    Mr. Vanderhoof. It is not only available, but also the 
manufacturers of those devices have now totally upgraded their 
equipment to be able to absorb these new technologies so that 
the same devices that they would purchase 5 years ago didn't 
have--
    Chairwoman Capito. Right. I understand. Yes. I understand.
    I have just a couple of seconds because I think the 
security issue is something that we want to delve deeply into.
    I think Ms. Martindale brought out a great question, ``If 
something goes wrong, how are you going to track back as a 
consumer to figure out how you are going to right that wrong?''
    And the other thing that Mr. McLaughlin mentioned that I 
think we should be looking at here is talking with the 
regulators about--as you mentioned, this is regulated as a 
card. But then, Ms. Martindale brought up some exceptions to it 
that I think are significant with the evolution of different 
types of cards. And I think that is something we need to keep 
our eye on.
    I am now going to yield to Mrs. Maloney for 5 minutes for 
questions.
    Mrs. Maloney. I want to thank you, Mr. Oliver. In your 
statement, you said we should come out with common standards 
that would help us more efficiently move this forward. Where do 
you see these common standards coming from? Who is going to 
pull them together? The industry or whatever?
    Mr. Oliver. Yes, these are best and usually done by 
industries. And Mr. Vanderhoof made several comments about the 
efforts of the Smart Card Alliance and others. There are forums 
in Europe as well as international standard forums such as ISO 
that generate these types of standards and allow people to 
adopt them.
    It is a critical issue in interoperability and really the 
key to the earlier question about an open wallet; that you 
would have the same experience no matter what you did. So there 
are organizations collaboratively participated in that would 
generate these.
    Mrs. Maloney. That is great news because on 9/11, one of 
our biggest challenges was that the phones from the police 
couldn't interact with the phones from the fire department. And 
if they could have, it could have saved lives. So making that 
common-sense step forward would be important.
    Many of you talked about how this would allow more access 
for the unbanked and those who don't have access to banking. 
Would someone elaborate, because that is the concern to make 
sure that all of our citizens can find some sort of banking 
services?
    How are you going to reach out to the unbanked? How is it 
going to help the unbanked?
    Mr. McLaughlin. This something that at MasterCard we have 
been working on a lot; particularly using prepaid products as 
an access tool for those who don't have formal banking 
relationships.
    It starts with providing ways to get access to funds 
themselves so they are not left to the tender mercies of the 
check cashers and payday lenders. You can look at the work we 
have done with the Social Security Administration for the 
electronic distribution of funds and the other ways to allow it 
to reach these consumers.
    We think the key to using mobile will provide people more 
visibility into their financial information, into their account 
status so they can be more informed. They can make savvier 
decisions and we can reach individuals that we haven't 
traditionally been able to reach through bank branches and 
other areas.
    Mrs. Maloney. The Federal Reserve has been looking into 
this, and they did a Federal Reserve report which said that 57 
percent of all Americans and consumers surveyed felt that the 
banking services that they had now were adequate. Then, they 
looked at people who had mobile banking, and only 12 percent of 
mobile phone users reported that they made a mobile payment in 
the past 12 months; so the technology is out there and people 
aren't using it.
    And given this finding in their report, what actions should 
be taken by retailers, credit card companies, banks and 
nonbanks, mobile phone service providers, and others to develop 
mobile payment opportunities that are tailored to customers so 
that the customers use it? They say the technology is out there 
and that people don't even want it at this point, or use it.
    Mr. Vanderhoof. The mobile devices are still just starting 
to reach the consumers' hands through the mobile networks and 
through the retail stores that offer them. So we are expecting 
that there is going to be an increasing number of options 
available for consumers to be able to upgrade phones with smart 
card technology that has the ability to support these types of 
mobile payments. But unfortunately, today, we have a chicken-
and-egg situation where we have consumers who want to pay with 
their mobile device and are waiting for the equipment to arrive 
for them to use it. When the equipment is available in 
consumers' hands, then the issuers of these payment instruments 
that will work on mobile phones will have an opportunity to get 
them in consumers' hands and merchants will see--
    Mrs. Maloney. That is one barrier. What other barriers 
exist that could inhibit widespread adoption of mobile payment 
options? Security concerns?
    Mr. Leach. I would think so. One of the areas that we are 
addressing is the security of payment card data wherever it 
progresses.
    At the PCI Council, we look technology agnostic at how the 
data flows into the systems. Many of the terminals that are 
certified on our Web site have gone through laboratory tests 
and do have the capability to accept what we are talking about 
here today. But we are talking mostly on the consumer side. We 
also have the security of the merchant side and we are seeing 
rapid growth in the merchant community.
    So we talked about unbanked consumers--there have been 
unbanked merchants. And we are starting to see a new generation 
of merchants who, before, were not accepting any type of 
payment other than cash, and now are using such devices as 
peripherals that you would plug into a smartphone or other 
types of mobile devices to accept payment. And we are seeing a 
new industry boom here in the United States.
    Mrs. Maloney. Thank you. My time has expired.
    Chairwoman Capito. Thank you.
    Mr. Renacci, for 5 minutes.
    Mr. Renacci. Thank you, Madam Chairwoman. Again, I want to 
thank the witnesses for being here today.
    Mr. Oliver and Mr. McLaughlin, what effects do you think 
the current regulatory environment will have on many of these 
new innovations; and has the uncertain and, really, the 
changing regulatory environment had an effect on or slowed the 
evolution of many of these new products?
    We will start with Mr. Oliver.
    Mr. Oliver. That is a great question, and one of the 
important questions that we discussed within this work group; 
and one of the reasons they asked us to try to rationalize the 
regulatory infrastructure that might be in place.
    Given that most of the payments will be made using existing 
instruments, I think that people are pretty comfortable with 
where that is right now and there appears to be no serious 
legislation on the horizon to change that.
    I think the real issue here has to do with those places 
where gaps occur where different parties are involved in a 
transaction now than have typically been involved before. The 
Federal Communication Commission, for instance, oversees the 
wireless industry, but they have no experience with payments. 
Many of the payments firms have no experience with that.
    And so, that is why this collaborative effort to try to 
understand whether or not any new regulation at all would be 
required is a really important first step, we think, on the 
part of the government, and should occur pretty quickly.
    But it is not obvious that there are serious unregulated 
areas at this time.
    Mr. Renacci. Mr. McLaughlin?
    Mr. McLaughlin. I think it is important to recognize that 
the mobile phone will be one device, albeit an incredibly 
compelling device, that consumers will use to access their 
account.
    So from a MasterCard perspective, we want to make sure that 
all the rights, protections, and privileges consumers have 
doing that transaction are the same whether they are using a 
physical card, they are initiating the transaction from a 
mobile device, or they are shopping online.
    And that is the reality for our consumers. They want to be 
able to trust the transaction and know they are protected, 
whatever they are using. So we believe in making sure that we 
aren't creating some separate and independent mobile world, but 
rather saying these devices are an extension of the rights and 
privileges that people have today, is essential.
    I think it is also important that we allow innovation to 
flourish in this area. We need to ensure the security and 
consumer protections. What we can't do is constrain or restrict 
the ability for industry to determine how to create the most 
value for consumers and merchants using the new devices.
    Mr. Renacci. Mr. McLaughlin, to move into these type of 
innovations, there is a scale of investment that has to be 
made. Can you kind of explain again the scale of investment a 
company such as yours spends on developing these products and 
the underlying infrastructure?
    Mr. McLaughlin. Absolutely. And one of the things I think 
it is important to point out that these are technologies that 
we have been working on for a decade or more.
    We knew that we would want to take advantage of smart 
devices. We knew that the form factors would be changing. So 
the first trials we had of contact with technology were in 
Orlando and Dallas in 2002.
    We continue to build and invest. In 2005, as an industry, 
we began rolling out PayPass, which is the contact technology 
we have had. And we worked with all of the participants in the 
chain, whether it is handset manufacturers, security and chip 
companies, or telcos, to make sure there is a safe and secure 
environment to leverage that technology.
    So it is an ongoing and substantial investment, not only in 
the consumer experience in the environment, but in the 
underlying security infrastructure.
    Mr. Renacci. Thank you.
    Mr. Oliver, could you talk about the potential up-front 
costs that will be required for merchants to accept mobile 
payments? And is there any danger that they make an expensive 
transaction, only to have payment technology veer off in a 
different direction?
    Mr. Oliver. I am probably not the best person to answer a 
question about what the expense will be for the merchants. But 
I would like to answer the question about the long-run 
investments there. Obviously, they are confronted with the 
issue of trying to understand what the end game is, and 
therefore make wise choices now.
    There are very large merchants who have already made that 
decision to say, ``What do we think will happen in the next 7 
years?'' And they have said, ``We believe mobile technology 
using NFC contact and contactless cards, as well as current 
instruments will be there.'' And they have actually already 
acquired the terminals to do that.
    The incremental costs, from what I understand, of adding 
that technology to existing terminals is pretty inexpensive. 
But across a huge footprint for a large retailer, it is going 
to incur some costs.
    But that is what they want to do with this roadmap, to 
determine what is the end state, and then let us choose how to 
transition and spend wisely.
    Mr. Renacci. Thank you.
    I see I am running out of time, so I yield back.
    Chairwoman Capito. Thank you. Mrs. McCarthy, for 5 minutes.
    Mrs. McCarthy of New York. Thank you.
    And thank you for your testimony. I tend to think that a 
lot of people would find this really fascinating.
    The Europeans have been using this technology for a while. 
What are the statistics for those countries that are more 
advanced than us on the breaking in, the stealing of 
information, their protections?
    You already see that information over there. What have you 
done that is going to be different for here, for us?
    Mr. Vanderhoof. There are several underlying technologies 
that we have discussed today. The European markets, in 
particular, have been using this chip technology as part of 
their payment card infrastructure for many years. And they have 
proven dramatic reductions in their fraud, because the payment 
cards now are unable to be counterfeited or the information on 
that consumer payment product can't be cloned and replicated 
because of the security of the chip technology.
    What is inaccurate is that they have been ahead of the U.S. 
market in terms of mobile payments. In fact, the U.S. market 
has a much faster potential for adoption of mobile payments 
because we have made this investment over the last 5 years in 
contactless payment card technology.
    And therefore, we have hundreds of thousands of terminals 
already installed in the marketplace that can now use a mobile 
phone with the same payment capability to make those payment 
transactions, where in Europe and other parts of the world 
which have implemented chip technology, they have not 
implemented chip technology with the ability to interface to a 
mobile device. So, they are going to require a second 
investment.
    Mrs. McCarthy of New York. Obviously, we hear a lot about 
cybersecurity. I know all the nations, NATO; it is their number 
one issue when they are talking together.
    Have you given it any thought, because we are always one 
step--or hopefully always one step in front of the criminals? 
This is obviously going to be a big area in the United States, 
because we have very innovative people who are always trying 
to--hopefully, you are hiring them, because they always seem to 
be outsmarting us.
    Getting back to the cybersecurity, what mechanisms are out 
there, when something like that possibly will happen, which 
many of us agree it will? And how are we going to combat that?
    I will throw that out to anybody.
    Mr. Leach. The PCI Council has written standards already to 
look ahead to where the future is. We are a global standard 
body, so we already have our standard implemented in Europe 
with this type of technology.
    One of the standards we released last year is called point-
to-point encryption. What this allows is for, regardless of the 
technology, whatever innovation we create here in the United 
States or abroad, we can encrypt this information, and render 
it of no value to a criminal.
    That way, the system itself can produce and transact, and 
the consumer can have confidence in that transaction. What we 
have seen here in the United States, one example is that 
merchants are taking devices and plugging them into the phone.
    And they are now swiping the traditional cards or they are 
using new mobile technology. They are able to encrypt this 
information, protect it, before it ever gets into an insecure 
mobile environment, and are able to process that information 
securely and safely on behalf of consumers.
    So, we do have standards already as an industry. We are 
looking at new standards, as well as new dynamic ways to make 
it so that data is of no value. So even if that data is 
exposed--I share my credit card information with you--we have 
new technologies that are emerging that would render that of no 
value to a criminal.
    Mrs. McCarthy of New York. The only reason I am concerned, 
is we all have our BlackBerries. They are government-issued. 
But every few days, we get a very long list of those who have 
actually broken into our BlackBerries, and likely Spam or 
someone has gotten our information.
    So I can understand where the American people might be a 
little concerned here, because we are supposed to have the 
protection, yet we are not even supposed to use these when we 
go overseas. They ask us not to use them.
    So, I can see where Americans--you are going to have a big 
sell for a lot of people, I think. It might take time. And I do 
know it is used over in Europe quite a bit.
    But with that being said, you are going to have to convince 
an awful lot of people that their checking account is not going 
to be wiped out.
    Mr. McLaughlin. I think that is what happens any time we 
introduce new technologies. People are comfortable with the 
familiar. And that is why our obligation is to make sure every 
new technology we bring out there is enhancing the security, it 
is making it safer, so consumers can understand that we can do 
things using the intelligent devices to make it more secure 
than what we could ever do with the static, plastic device.
    So, that is the advantage of the new technology. But we 
need to make sure that we are smart about how we harness it.
    Mrs. McCarthy of New York. With that, I yield back the 
balance of my time.
    Chairwoman Capito. Thank you.
    Mr. Grimm, for 5 minutes.
    Mr. Grimm. Thank you, Madam Chairwoman, for holding this 
hearing, first of all.
    And I appreciate everyone's testimony today.
    A couple of questions--Mr. McLaughlin, how much does 
MasterCard spend annually on fraud? I know that there is quite 
a bit of fraud now, even traditionally with cards. Do you have 
a ballpark of how big that problem is for MasterCard?
    Mr. McLaughlin. I don't think we have broken out specific 
fraud expenses. But what I would say is it is something that we 
constantly battle. Any change, anything we do, we have to make 
sure that we are making the system safer for that; so one of 
the primary focuses of our organization is to make sure that we 
are eliminating fraud or mitigating it wherever possible.
    Mr. Grimm. Would you say that it increased significantly 
with the advancements of the Internet?
    Mr. McLaughlin. I think any new technology creates 
challenges to make sure that it is secure. We have been able 
to, over the last decade, do a lot to mitigate the fraud 
potential of what is online. But that is something that we 
combat every day.
    Mr. Grimm. I will take that as a ``yes.''
    And don't get me wrong, I am all for the new technology. I 
just recognize that with anything that is new--I slightly 
disagree with my colleague. I think that criminals are a step 
ahead of us many times with most of these things, whether it be 
the Internet, counterfeiting cards originally was a tremendous 
problem.
    Then with the Internet--just now, there was a massive sting 
operation throughout the entire country, people ordering online 
and then fencing those items for cash at significant discounts.
    The effect on merchants, because I think a lot of the 
merchants are going to have some issues--when someone comes in 
and does a transaction, for example if they order over the 
phone, and they give their credit card over the phone, and then 
they get their bill and say, ``Oh, I didn't order this,'' the 
merchant usually eats it. That has been my experience.
    Which is really unfair because you have seen--let us just 
say it is for food at a restaurant. You have delivered to that 
residence many times, and the delivery boy actually knows the 
person. But it might be a college student using dad's card. And 
this time, dad got the bill and said, well, $45 for this.
    They come in and they actually sign for it, then the 
merchant is protected. So are there going to be safeguards for 
the merchants, because there obviously aren't going to be any 
signatures with this. So, that would be a question.
    Mr. McLaughlin. I think you have highlighted one of the 
most important points of running a payments network or a 
payments environment. And it is not simply the technologies 
that are available to us.
    Quite often, when we see proposals that are out there or 
innovations, it is not, ``What can the technology do?'' but, 
`How do you run the network itself, and how do you make sure 
that you are balanced and fair for all the participants who are 
in it?''
    That is why, as I said earlier, as we adopt mobile 
technologies, we want to make sure the same protections and 
rules that we have apply, and the same dispute resolution 
mechanisms are there.
    The goal for adopting the new technologies is to increase 
the level of verification and certainty we can put around every 
transaction so issuers benefit from reduced fraud. Merchants 
also benefit from that reduction in fraud.
    Harnessing the new technologies to provide enhanced 
security and enhanced clarity is the objective. We can do 
things like providing one-time cryptogram on the individual 
transaction so we know specifically where it was generated 
from, moving from static identifiers to dynamic. We can get 
additional certainty of who you are and the device that you are 
transacting from, when you do things like an online 
transaction.
    So what we see going forward is the distinction between 
what is happening at the till, how you purchase online, and 
other ways that you are transacting; we will move more and more 
to intelligent devices; and looking to harness the capability 
of those devices to get us to reduce fraud is the overall goal.
    Mr. Grimm. And then the last question, just on that topic, 
how about the advanced phishing technology that is out there? 
When cell phones first came out they were cloning the phones 
constantly by using phishing technology to steal your I.D. 
right out of the air. I am assuming that is built into this 
technology but I think it is worth mentioning since this is an 
information forum right now.
    Mr. McLaughlin. Absolutely. And that is why--and the 
reference that Mr. Oliver made to trusted service managers--
that is why we want to make sure that anything we do with the 
new devices is more secure than what we did in the physical 
card world, so we are more protected against things like 
phishing and other types of attacks.
    Mr. Grimm. Okay. Thank you.
    My time has expired and I yield back.
    Mr. Renacci [presiding]. Thank you.
    I yield 5 minutes to the gentleman from Georgia, Mr. Scott.
    Mr. Scott. Thank you very much, Mr. Chairman.
    This is a really fascinating hearing. We are moving so fast 
with technology that it is hard to keep up with it.
    And now, we have a real challenge here, it seems to me, and 
I have a number of questions, particularly that 91 percent of 
the American people now own a mobile phone. That is a 
phenomenal situation.
    First of all, I have questions about who is to regulate 
this. I am going to start with people who are paying their 
phones through their mobile units. Who regulates this now? 
Where does it come under, mobile payments? Is there regulation 
now?
    Ms. Martindale. I think you pose a great question. And 
everyone kind of goes--there really isn't, when it comes to 
mobile payments, specifically, the use of a phone to make a 
non-communication type of transaction; the fingers are pointing 
in all different directions. And the Federal Communications 
Commission doesn't appear to, at least, perceive that it has 
jurisdiction over these types of transactions.
    As I pointed out earlier, I think that when a consumer's 
phone gets stolen, they are going go to the wireless carrier 
and expect that the wireless carrier has maybe something in the 
contract, maybe has a policy, and maybe there is a phone agency 
that is supposed to be in charge. But that is, at best, unclear 
right now.
    Mr. Scott. Yes, that concerns me because people lose their 
phones all the time. The point I am making is if you have 91 
percent of the American people, 90 percent of the American 
people means young people, old people, senior people, people 
who are getting adjusted to it. So I think that there are some 
very serious questions here about the regulatory function of 
it. I also think that there are some issues about the size and 
the complexity of this issue.
    My other major concern is that who really is responsible 
for monitoring the security risks that are here?
    All of these questions really have to be carefully 
examined. And I think that we have the Consumer Financial 
Protection Bureau, we have the FCC, we have the FTC. Then we 
have this little thing in there where, these bills, who pays 
them? Where do they get the money from? How is it transacted?
    In some cases, a telecommunications company pays the bill 
for them, adds that to their monthly bill and you have, I am 
sure, within there, all kinds of fee structures, late payments 
that are piled upon if they don't pay their phone bill, let 
alone the other bill.
    And it just seems to me that the consumer can really get 
bamboozled here with a lot of financial burden. And yet, right 
now, this is going on and we don't have a regulator for it.
    So my question is where do you all believe this should 
fall? Is there one agency? Should there be several? Who is 
going to regulate this?
    Who is going do the oversight for this? And particularly, 
right now, I am sure there are problems in this area. So my 
concern is this technology is moving so fast we really have to 
put a priority on how we are going to protect the American 
consumer, because it is going to move very, very fast. Even 
right now, with my own cell phone, I have problems just trying 
to figure out how to get all of this information I am 
receiving.
    And now the other point is too, this is going to have an 
economic impact someplace. This is going to put a lot of 
businesses that are in business now out of business. It is 
certainly going to expedite putting the post office further out 
of business.
    And then there is no paper trail here. If I get my bill, 
and I am paying my bill, I like to have something in my hand 
that says, ``Hey, I paid this bill. I have a paper trail 
here.''
    There is nothing here. It is all in space. So I am just 
making these points to say we have some work to do.
    Thank you, Mr. Chairman.
    Mr. Renacci. Thank you.
    I yield 5 minutes to the gentleman from Delaware, Mr. 
Carney.
    Mr. Carney. Thank you, Mr. Chairman.
    And thank you to the panel for coming today.
    I would just like to pick up where my colleague left off 
and ask the question: What is driving this move to mobile 
payments?
    Why don't we start with Mr. McLaughlin?
    Mr. McLaughlin. Let me open by saying Salesianum, Class of 
1983.
    Mr. Carney. Oh, you would have to do that, wouldn't you--my 
archrival.
    Mr. McLaughlin. I think it is absolutely driven by the 
demand we are seeing from consumers. What they are recognizing 
is that mobile is transforming their lives, particularly 
younger consumers. They expect to be connected. They expect to 
have immediate access to information. They expect to have more 
information and richer information about where they can shop, 
what deals and offers are available to them and have immediate 
access.
    Mr. Carney. So that information would be available on their 
cell phone, and they would then make some purchase and make the 
payment through the phone, is that--personally, I don't want my 
cell phone to do anything more.
    I have a hard time keeping track of what it does for me 
now. And then when I leave it at home, I feel completely lost 
and naked without my phone.
    Mr. McLaughlin. Yes.
    In fact, when you do consumer research they use expressions 
like ``losing a limb,'' which I found disturbing, when they 
don't have their phone with them.
    I think you are right. I think it has become your GPS. It 
has become your personal assistant. It has become your alarm 
clock. It is something that is always on and will progressively 
be always with you.
    Mr. Carney. I think several of you have touched on this, 
but is it more secure?
    Mr. McLaughlin. That is absolutely the objective. We would 
not move towards this payment environment unless we could 
enhance the security of what we are doing.
    And keep in mind, what we have been able to do with plastic 
cards in the online authorization network has been a great way 
to combat fraud. We believe by harnessing mobile devices we can 
enhance that even further by using the intelligence that is 
available to it; and then by incorporating consumers deeper 
into the process of monitoring their finances.
    Even without an NFC payment, we can use the phone today. 
MasterCard has a technology we call ``In Control'' where I can 
say, ``Let me know on my mobile if an international transaction 
occurs or an online payment occurs or a transaction over a 
certain amount.''
    So that connectivity gives consumers more information: 
``How much money is in my account before I make this payment?'' 
It gives them more information--
    Mr. Carney. That was going to be one of my questions. It 
would help you not make a payment that you didn't have money to 
cover.
    One of the big things that aggravates folks is when they 
overdraft their account and get a charge for that. This would 
help you not do that?
    Mr. McLaughlin. Yes. We can do even better than that. We 
can tell you exactly, working with mobile banking and other 
applications, the current status of your account. We can say, 
``Here is how much you spent against the budget you have set in 
certain categories,'' and provide this real-time access to 
information. So alerts and controls, I think, are essential to 
the mobile payments experience.
    And keep in mind it is the MasterCard network and the 
underlying account that pulls this together. So in my 
experience in getting out of--
    Mr. Carney. Yes, I am breaking in because my time is 
running out.
    How about the unbanked or underbanked?
    Let me move on to Ms. Martindale. What is the advantage and 
how does it work? You mentioned that, I think in your opening 
statement, for those folks because that is an important group 
of my constituents.
    Ms. Martindale. I think it--the way that you could set it 
up now so that you wouldn't even need a bank account to do 
these types of transactions is you could have a prepaid debit 
card, which is not a bank account.
    And you could link your mobile payment application to that 
prepaid card so that you are drawing down funds from your 
prepaid deposit. And this is a way that unbanked or underbanked 
consumers could use these types of--
    Mr. Carney. You would have to, though, set something up?
    Ms. Martindale. Yes, you would have to set something up.
    And again, we have a whole host of other concerns about 
prepaid cards just standing alone because they are as yet not 
regulated in the same way that a debit card linked to a bank or 
credit union account already is.
    So a prepaid card itself doesn't have any mandatory 
protections against fraud, theft or errors should your card be 
lost or stolen or someone rips off your number. And so, if you 
are adding an extra layer of that mobile payment transaction 
linking to a prepaid card, we do have a concern that this 
could--this is a great opportunity to, again, to provide that 
information in a way that consumers will actually use it.
    Unbanked and underbanked consumers are adopting cell phones 
and smartphones. At the same time, we need to make sure that 
the payment transaction is covered by some guaranteed legal 
protections against fraud from the consumer financial 
protection side, beyond the data security side.
    Mr. Carney. So, I have 15 seconds left. How do the 
interchange fees work for this? We had a big debate about 
that--a dispute about that over the last year. How do the fees 
work for--would they work for mobile payments?
    Mr. McLaughlin. From MasterCard's perspective, whether you 
have initiated from a card or initiated from a phone, it is the 
same transaction.
    Mr. Carney. Same transaction. Thank you.
    I thank the subcommittee.
    Mr. Renacci. Thank you.
    I recognize the gentleman from Missouri, Mr. Leutkemeyer, 
for 5 minutes.
    Mr. Luetkemeyer. Thank you, Mr. Chairman.
    I guess, I probably want to start out with, what kind of 
timeframes do you see all of this developing in? What is the 
timeframe for general acceptance? What do you see as the 
timeframe for the problems to pop up and occur here so we know 
what kind of timeframe we have for some sort of regulatory fix 
for some of this?
    Mr. Oliver. Can I take the first shot at that?
    Mr. Luetkemeyer. Yes.
    Mr. Oliver. There are a lot of elements of change involved 
in this and a lot of parties that are going to have to 
collaborate, release technology, implement technology, educate 
the consumer, and so forth.
    My sense, just as a personal estimate, is that you will see 
significant deployment in the 2- to 5-year range, because many 
of the pilots that are currently going on aren't going to be 
completed until sometime next year. So, I think you are going 
to see a slow growth curve for an extended period of time.
    Mr. Luetkemeyer. Do the rest of you kind of anticipate the 
same?
    Mr. Leach. We have been talking about the consumer side of 
the phone. I think from a mobile payment acceptance, we see 
that today.
    At PIC Council, we have standards that accept certain types 
of mobile technology to accept traditional payment cards, 
plastic cards. We have seen our first products come through, be 
lab tested, certified, and listed on our Web site. So for 
mobile acceptance, payment acceptance, it is here today.
    Mr. Vanderhoof. Excuse me, I would just add that the 
solutions on mobile payment that you are hearing from the well-
known, well-recognized brands that have a clean sense of the 
security and the certification requirements of this technology 
are going to evolve slower than the Internet start-ups of the 
world who might come up with an application that you can 
download on your phone and be in business basically overnight.
    But for consumers, I think they have to pay attention to 
who is behind the technology that they might be interested in 
using? What safeguards exist? And it is probably always the 
wise choice to look at the established companies that are 
backing this and the reasons why they are moving at the pace 
that they are moving in order to maintain security.
    Mr. Luetkemeyer. Yes, I am not very technologically savvy, 
so this is kind of three steps above my grade here.
    But it would seem to me that you are going to have to have 
a platform here within which all of these transactions can 
occur with the same sort of technology to be able to talk to 
each other. I assume that is possible. I am assuming everybody 
is already working on the same platform or the same language or 
whatever it takes to make this all work. Is that a safe 
assumption?
    Mr. McLaughlin. I think you see a strong movement that we 
work together as an industry to make sure that this will work; 
that it is safe and secure. So that is why some of the 
standards that we have talked about earlier like the underlying 
EMV technology, the PCI standards that are out there, and 
things of that nature provide a baseline that consumers and 
merchants know they can trust.
    Having those standards out there also allows us to compete 
vigorously on who can deliver the best consumer experience and 
the best value out there. So, we have to make sure that there 
is a foundation that works so we can all compete on the works 
better.
    Mr. Luetkemeyer. Are there other places in the world where 
this is being done already? Are we the leading country? Are we 
technologically leading the world with this application?
    Ms. Martindale. Actually we are one of the--we are behind 
on mobile--
    Mr. Luetkemeyer. We are behind?
    Ms. Martindale. Yes, in fact, other countries--people have 
mentioned Europe--but in developing countries, this is taking 
off like wildfire, but with a very different set-up, and 
granted, the infrastructures in those countries may be 
different. So, I am not necessarily saying that we would be 
able to replicate in the same way that we have seen in other 
countries.
    I would use Kenya as an example. African countries have 
been adopting mobile payments using a regular--you don't have 
to have a smartphone--cell phone, where basically you are 
giving a deposit to the wireless carrier and the wireless 
carrier is helping you manage your funds.
    And that is something that I have not heard the industry is 
not as interested in going that direction right now. I think it 
is more the NFC-enabled, Google Wallet-type of scenario where 
you have your different payment cards linked up to the 
application. But other countries have been doing this for 
several years now, and it has been a way of banking unbanked 
consumers.
    However, it has also involved a great deal of proactive 
collaboration between the Central Bank of Nigeria, for example, 
and the major telecoms. It is a very different, more 
centralized set-up then we would have here.
    Mr. McLaughlin. Yes, I think the key is providing the 
appropriate technology for consumers. Consumers in the United 
States today have access to electronic payments. In many of 
these countries, they don't. So, MasterCard has been working 
hard to work with the telecommunication providers and financial 
institutions in those countries to provide appropriate 
technology.
    One quick example--the GSMA is a mobile association, which 
last year gave us their Mobile Money Innovation of the Year 
Award for what we had done in Kenya working with Standard 
Charter Bank and Airtel to provide virtual MasterCard numbers 
to people who had no access to online transactions on the 
Internet.
    So suddenly, a whole swath of the population who weren't 
able to access anything online now had access to it by 
harnessing the existing payment networks and tailoring it 
precisely for what was needed in those networks.
    Mr. Luetkemeyer. That is interesting. I know the death 
knell has been sounding for cashing checks for many, many 
years, and it seems that they are still there. So maybe, you 
guys are taking a first step down the road to do away with 
those. Thank you, Mr. Chairman.
    Mr. Renacci. I want to thank all of the members of the 
panel for testifying this morning.
    The Chair notes that some Members may have additional 
questions for the panel, which they may wish to submit in 
writing. Without objection, the hearing record will remain open 
for 30 days for Members to submit written questions to these 
witnesses and to place their responses in the record.
    This hearing is adjourned.
    [Whereupon, at 11:18 a.m., the hearing was adjourned.]


                            A P P E N D I X



                             March 22, 2012


[GRAPHIC] [TIFF OMITTED] T5082.001

[GRAPHIC] [TIFF OMITTED] T5082.002

[GRAPHIC] [TIFF OMITTED] T5082.003

[GRAPHIC] [TIFF OMITTED] T5082.004

[GRAPHIC] [TIFF OMITTED] T5082.005

[GRAPHIC] [TIFF OMITTED] T5082.006

[GRAPHIC] [TIFF OMITTED] T5082.007

[GRAPHIC] [TIFF OMITTED] T5082.008

[GRAPHIC] [TIFF OMITTED] T5082.009

[GRAPHIC] [TIFF OMITTED] T5082.010

[GRAPHIC] [TIFF OMITTED] T5082.011

[GRAPHIC] [TIFF OMITTED] T5082.012

[GRAPHIC] [TIFF OMITTED] T5082.013

[GRAPHIC] [TIFF OMITTED] T5082.014

[GRAPHIC] [TIFF OMITTED] T5082.015

[GRAPHIC] [TIFF OMITTED] T5082.016

[GRAPHIC] [TIFF OMITTED] T5082.017

[GRAPHIC] [TIFF OMITTED] T5082.018

[GRAPHIC] [TIFF OMITTED] T5082.019

[GRAPHIC] [TIFF OMITTED] T5082.020

[GRAPHIC] [TIFF OMITTED] T5082.021

[GRAPHIC] [TIFF OMITTED] T5082.022

[GRAPHIC] [TIFF OMITTED] T5082.023

[GRAPHIC] [TIFF OMITTED] T5082.024

[GRAPHIC] [TIFF OMITTED] T5082.025

[GRAPHIC] [TIFF OMITTED] T5082.026

[GRAPHIC] [TIFF OMITTED] T5082.027

[GRAPHIC] [TIFF OMITTED] T5082.028

[GRAPHIC] [TIFF OMITTED] T5082.029

[GRAPHIC] [TIFF OMITTED] T5082.030

[GRAPHIC] [TIFF OMITTED] T5082.031

[GRAPHIC] [TIFF OMITTED] T5082.032

[GRAPHIC] [TIFF OMITTED] T5082.033

[GRAPHIC] [TIFF OMITTED] T5082.034

[GRAPHIC] [TIFF OMITTED] T5082.035

[GRAPHIC] [TIFF OMITTED] T5082.036

[GRAPHIC] [TIFF OMITTED] T5082.037

[GRAPHIC] [TIFF OMITTED] T5082.038

[GRAPHIC] [TIFF OMITTED] T5082.039

[GRAPHIC] [TIFF OMITTED] T5082.040

[GRAPHIC] [TIFF OMITTED] T5082.041

[GRAPHIC] [TIFF OMITTED] T5082.042

