[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
THE FUTURE OF MONEY: HOW
MOBILE PAYMENTS COULD
CHANGE FINANCIAL SERVICES
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON FINANCIAL INSTITUTIONS
AND CONSUMER CREDIT
OF THE
COMMITTEE ON FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
SECOND SESSION
__________
MARCH 22, 2012
__________
Printed for the use of the Committee on Financial Services
Serial No. 112-110
U.S. GOVERNMENT PRINTING OFFICE
75-082 WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected].
HOUSE COMMITTEE ON FINANCIAL SERVICES
SPENCER BACHUS, Alabama, Chairman
JEB HENSARLING, Texas, Vice BARNEY FRANK, Massachusetts,
Chairman Ranking Member
PETER T. KING, New York MAXINE WATERS, California
EDWARD R. ROYCE, California CAROLYN B. MALONEY, New York
FRANK D. LUCAS, Oklahoma LUIS V. GUTIERREZ, Illinois
RON PAUL, Texas NYDIA M. VELAZQUEZ, New York
DONALD A. MANZULLO, Illinois MELVIN L. WATT, North Carolina
WALTER B. JONES, North Carolina GARY L. ACKERMAN, New York
JUDY BIGGERT, Illinois BRAD SHERMAN, California
GARY G. MILLER, California GREGORY W. MEEKS, New York
SHELLEY MOORE CAPITO, West Virginia MICHAEL E. CAPUANO, Massachusetts
SCOTT GARRETT, New Jersey RUBEN HINOJOSA, Texas
RANDY NEUGEBAUER, Texas WM. LACY CLAY, Missouri
PATRICK T. McHENRY, North Carolina CAROLYN McCARTHY, New York
JOHN CAMPBELL, California JOE BACA, California
MICHELE BACHMANN, Minnesota STEPHEN F. LYNCH, Massachusetts
THADDEUS G. McCOTTER, Michigan BRAD MILLER, North Carolina
KEVIN McCARTHY, California DAVID SCOTT, Georgia
STEVAN PEARCE, New Mexico AL GREEN, Texas
BILL POSEY, Florida EMANUEL CLEAVER, Missouri
MICHAEL G. FITZPATRICK, GWEN MOORE, Wisconsin
Pennsylvania KEITH ELLISON, Minnesota
LYNN A. WESTMORELAND, Georgia ED PERLMUTTER, Colorado
BLAINE LUETKEMEYER, Missouri JOE DONNELLY, Indiana
BILL HUIZENGA, Michigan ANDRE CARSON, Indiana
SEAN P. DUFFY, Wisconsin JAMES A. HIMES, Connecticut
NAN A. S. HAYWORTH, New York GARY C. PETERS, Michigan
JAMES B. RENACCI, Ohio JOHN C. CARNEY, Jr., Delaware
ROBERT HURT, Virginia
ROBERT J. DOLD, Illinois
DAVID SCHWEIKERT, Arizona
MICHAEL G. GRIMM, New York
FRANCISCO ``QUICO'' CANSECO, Texas
STEVE STIVERS, Ohio
STEPHEN LEE FINCHER, Tennessee
James H. Clinger, Staff Director and Chief Counsel
Subcommittee on Financial Institutions and Consumer Credit
SHELLEY MOORE CAPITO, West Virginia, Chairman
JAMES B. RENACCI, Ohio, Vice CAROLYN B. MALONEY, New York,
Chairman Ranking Member
EDWARD R. ROYCE, California LUIS V. GUTIERREZ, Illinois
DONALD A. MANZULLO, Illinois MELVIN L. WATT, North Carolina
WALTER B. JONES, North Carolina GARY L. ACKERMAN, New York
JEB HENSARLING, Texas RUBEN HINOJOSA, Texas
PATRICK T. McHENRY, North Carolina CAROLYN McCARTHY, New York
THADDEUS G. McCOTTER, Michigan JOE BACA, California
KEVIN McCARTHY, California BRAD MILLER, North Carolina
STEVAN PEARCE, New Mexico DAVID SCOTT, Georgia
LYNN A. WESTMORELAND, Georgia NYDIA M. VELAZQUEZ, New York
BLAINE LUETKEMEYER, Missouri GREGORY W. MEEKS, New York
BILL HUIZENGA, Michigan STEPHEN F. LYNCH, Massachusetts
SEAN P. DUFFY, Wisconsin JOHN C. CARNEY, Jr., Delaware
FRANCISCO ``QUICO'' CANSECO, Texas
MICHAEL G. GRIMM, New York
STEPHEN LEE FINCHER, Tennessee
C O N T E N T S
----------
Page
Hearing held on:
March 22, 2012............................................... 1
Appendix:
March 22, 2012............................................... 29
WITNESSES
Thursday, March 22, 2012
Leach, Troy, Chief Technology Officer, PCI Security Standards
Council, LLC................................................... 6
Martindale, Suzanne, Staff Attorney, Consumers Union of U.S.,
Inc............................................................ 11
McLaughlin, Ed, Chief Emerging Payments Officer, MasterCard
Worldwide...................................................... 7
Oliver, Richard R., Payments Consultant/Retired Executive Vice
President, the Federal Reserve Bank of Atlanta, and co-author
of ``Mobile Payments in the United States: Mapping Out the Road
Ahead''........................................................ 4
Vanderhoof, Randy, Executive Director, Smart Card Alliance....... 9
APPENDIX
Prepared statements:
Leach, Troy.................................................. 30
Martindale, Suzanne.......................................... 39
McLaughlin, Ed............................................... 43
Oliver, Richard R............................................ 55
Vanderhoof, Randy............................................ 58
THE FUTURE OF MONEY: HOW
MOBILE PAYMENTS COULD
CHANGE FINANCIAL SERVICES
----------
Thursday, March 22, 2012
U.S. House of Representatives,
Subcommittee on Financial Institutions
and Consumer Credit,
Committee on Financial Services,
Washington, D.C.
The subcommittee met, pursuant to notice, at 10:02 a.m., in
room 2128, Rayburn House Office Building, Hon. Shelley Moore
Capito [chairwoman of the subcommittee] presiding.
Members present: Representatives Capito, Renacci,
Luetkemeyer, Huizenga, Grimm; Maloney, McCarthy of New York,
Scott, and Carney.
Chairwoman Capito. This hearing will come to order.
I appreciate the witnesses being here. We are expecting a
series of votes as early as 11:30, and if we are unable to
complete the hearing before the votes, we will return after
votes are completed.
But we meet today to begin what I think is an exciting and
important task, which is making sure our financial system and
its regulatory structure are prepared to enter the new world of
mobile payments.
You see a lot of press about mobile banking; certainly a
lot of advertising on mobile banking. And without saying too
much about my general age area, this is age-specific in some
ways considering my mother has never used an ATM, but she does
pump her own gas.
I know what my children, who in their 20s, are going to be
doing in terms of how they bank. And this is what I think is
the relevance--why I am extremely interested in this as we move
through this panel.
While most people believe that making a mobile payment
involves waving a smartphone at a cash register, and it may be,
there are a lot more ways to exchange values.
Contactless cards and short e-mail messages giving
instructions to transfer value represent other form of mobile
payments. The whole field offers the possibility of faster and
cheaper transfers of value, oftentimes with the promise of
enhanced security that surpasses what is possible today.
We are, I think, on a precipice of some fundamental change
in the way money is exchanged between consumers and businesses.
And that is why I am interested and I wanted to have this
hearing on the future of money.
While some aspects of mobile payments have been with us for
a while, and some business models are already developed, other
aspects of mobile payments are in the beginning stages of pilot
programs. Either way, there is a lot for Congress, banks,
regulators, retailers, and customers to learn.
Most importantly, we want to make sure these payments are
safe and secure; at least as safe as using cash, checks or
credit cards, and hopefully even more so. Bringing the strength
of high-powered computers to bear on account safety could allow
us to erect layers of security that help foil the hackers who
lie in wait on the Internet today, stealing millions of
identities--and we have looked into this in our subcommittee as
well--and billions of dollars annually.
After all, the smartphone that was essentially nonexistent
less than 6 years ago, is said to be far more powerful than the
large supercomputers of the 1980s, or certainly of those of us
who went to college in the 1970s and took computer science and
we had those stacks of cards that we had to feed into the
computer and stay in the computer room all night to make sure
they went through.
Today's hearing is an introduction to mobile payments, the
first I am aware of to be held by Congress. We have five expert
witnesses who can discuss broadly the state of the mobile
payment industry and where and how fast they see it developing.
Among them is Richard Oliver. Until he retired last year,
he was the Federal Reserve's top mobile payments expert and the
principal author of the Fed's widely praised White Paper on the
subject. We also have experts from the issuer side, from the
standards sides of mobile payments, and a consumer specialist.
So I look forward to hearing everybody's testimony and I
would now like to recognize the ranking member from New York,
Mrs. Maloney, for the purpose of making an opening statement.
Mrs. Maloney. First of all, I would like to thank
Chairwoman Capito for holding this hearing, one in a series on
the future of mobile payments in our financial system.
And thank you to all the panelists for joining us this
morning. I believe this hearing will serve as a great first
step and learning session on this rapidly evolving technology.
I feel that this is another example of American exceptionalism,
of coming up with an innovative idea, an efficient idea that
keeps America moving forward and employing more people,
becoming more efficient and making us an even stronger country.
I am excited about this idea and I really look forward to
hearing all of your testimony.
Mobile payments in the United States are expected to
generate $215 billion by the year 2015. Forty-three million
adults in this country use alternative financial services as a
form of banking. And as this technology continues to move
forward, it creates innovative and exciting opportunities for
everyday citizens at home and at work.
The possibilities are truly endless. We are seeing what
technology can do for consumers and businesses as mobile
technology opens the door to an entirely new method of
financial interaction.
Mobile payments, payments made by electronic means,
effectively replace cash, checks, and traditional credit cards.
This evolving form of financial exchange can provide consumers
with greater purchasing power; allow merchants to market their
goods more efficiently; and help create a truly mobile,
electronic, and innovative society.
Mobile payments can involve text messages that transfer
funds from one person to another or to a financial institution,
as experienced in the successful program to funnel aid to
earthquake victims in Haiti. I was truly stunned at how
successful this program was. They had on every taxicab, ``Get
on your mobile phone and text $5 to the earthquake victims.''
And that successful effort led to $5 million in $10 donations
from Americans throughout our great country through their
cellphone carriers.
This happened--truly outstanding possibilities for this new
form of payment. And mobile payment technology can allow
consumers to wave their phones at checkouts and even direct
those charges to prepaid phone deposits and phone bills. I love
it. It just gets better and better. We wouldn't lose all our
papers all the time if we had this.
And as mobile phones become more prevalent, and as the
number of methods of making payments increase, it is important
to look at the hurdles facing its implementation.
How much will the adoption of mobile payments cost
merchants as they purchase and install readers for their
technology? How protected are consumers? Can hackers steal
their data out of the air? What is the level of disclosure that
will be provided to our consumers--greater regulatory clarity
for this market? Consumers want payments that are convenient
and inexpensive.
But we must make sure that security is not abandoned for
the sake of this new technology. It may be years before this
technology fully becomes a reality for the majority of people
the way debit cards have. However, I am happy that we are
discussing this important issue at the ground level. I
congratulate the chairwoman for calling this important hearing.
I look forward to your testimony and I welcome everybody.
Chairwoman Capito. Thank you.
Mr. Renacci, for 1 minute, for an opening statement.
Mr. Renacci. Thank you Madam Chairwoman.
This is an exciting time in the payments industry. Over the
last several years, innovative companies have invested huge
amounts of capital and manhours to lay the groundwork for many
of the methods we are discussing here today.
New innovations in smartphones and mobile payments are
bringing consumers greater convenience and a better buying
experience, while also increasing the security of payment
transactions. While I am interested to learn about these new
products and services here today, I also want to hear what we
in Congress can do to make sure that these innovations progress
in a safe and prosperous manner.
We must encourage a free market where innovators can
realize the benefits of their investments and consumers can
benefit from lower costs and safer products. I look forward to
hearing your testimony today.
I yield back the remainder of my time.
Chairwoman Capito. Thank you.
I don't think Mr. Grimm wanted to make an opening
statement, so we will go ahead and go directly to the
testimony.
I want to recognize the witnesses for the purpose of making
a 5-minute statement, and then we will go to the question-and-
answer period.
As I mentioned in my opening statement, we are really lucky
and pleased to have Mr. Richard Oliver here. He is the co-
author of ``Mobile Payments in the United States: Mapping Out
the Road Ahead,'' which was published by the Federal Reserve
Bank of Atlanta.
Welcome, Mr. Oliver.
STATEMENT OF RICHARD R. OLIVER, PAYMENTS CONSULTANT/RETIRED
EXECUTIVE VICE PRESIDENT, THE FEDERAL RESERVE BANK OF ATLANTA,
AND CO-AUTHOR OF ``MOBILE PAYMENTS IN THE UNITED STATES:
MAPPING OUT THE ROAD AHEAD''
Mr. Oliver. Thank you very much.
And let me start by thanking the committee and the
subcommittee for the opportunity to come and share information
with you about the mobile payments environment while it is
still very early in its evolution.
In 2010 payments research teams from the Federal Reserve
Banks of Atlanta and Boston collaborated to conduct an
assessment of the state of and potential for deployment of
mobile payment options in the United States. Our interests were
to determine the impact of mobile payments on existing payments
businesses and to isolate potential risks to consumers and
businesses who might choose to use mobile payment options.
To conduct the assessment, we invited most of the major
players from the mobile payments industry to discuss with us on
a voluntary basis the opportunities, barriers, and challenges
associated with implementing a successful mobile payments
environment in this country.
The attendees included major card brands, wireless
operators, financial institutions, industry trade groups,
retailers, and many other participants.
Please note that this effort was not directed at mobile
banking, which is the use of your mobile phone to access online
banking functions. It was directed at actually exchanging value
at the point of sale utilizing your phone.
Over the course of what turned out to be seven meetings
during 2010 and 2011, we not only gained great insight into the
evolution of mobile payments in the country, but the group
helped us isolate a series of key factors that they
collectively felt should be met to ensure a safe implementation
of mobile payments in this country. And my purpose here today
is to share those with you.
The first was that the proposed environment should be best
defined as an open wallet. That is, a wallet that would allow
complete access by all persons using all credentials they might
want to use as opposed to proprietary initiatives that might
limit the amount of instruments available for use by a
consumer.
Second, the mobile infrastructure would likely be based on
near-field communications technology, resident and mobile
devices, and in retail point-of-sale terminals. This technology
is now becoming common in other countries and would allow users
to tap their phones and institute a purchase.
Third, existing, well-protected clearing and settlement
rails would likely be the way that value would be exchanged.
That is through the debit card, credit card, and prepaid and
automated clearinghouse networks to be used for clearing and
settlement between parties.
Fourth, some form of enhanced security such as dynamic data
authorization should be used to deter counterfeiting and I.D.
theft at the point of sale. This technology is already resident
in chip and pin cards being used throughout the world.
Fifth, common standards should be designed, developed,
certified, and implemented throughout the industry to ensure
interoperability, efficiency, and ease of use by consumers and
businesses.
Sixth, the regulatory oversight regimen for mobiles should
be made clear early on and participants should be involved in
these compliance activities.
Bank and nonbank regulators such as the FCC, the FTC, and
the new Consumer Financial Protection Bureau should collaborate
early on to define the regulatory environment for all the
participants.
Seventh, entities such as a trusted service manager that
exist in the card world today should oversee the provision of
the interoperable and shared security elements in the phone.
The group also recognized the possible need over time for
some entity to serve as a coordinating party to keep the very
diverse participants on track and working together and possibly
to create a roadmap for the future to allow the participants to
understand how to minimize their long-term investments in the
technology that is necessary.
However, the majority of the group at the time felt it was
too early in the process to do this and the completion of early
pilots and tests would better inform such work.
All of this information and more was captured in the White
Paper that you alluded to, which was authorized by the
participants and cooperatively authored by the two Reserve
Banks.
It is available on Reserve Bank Web sites. It has been
well-vetted at conferences and trade press over the past year,
and was shared with all of the Federal regulators and law
enforcement agencies at a session we held in the first half of
last year, at which my colleague from Boston and I presented.
As the work proceeded, most of the participants have
decided to participate in a number of pilots and test
situations going on that should better test the validity of
these aforementioned principles and pave the way for more
widespread deployment.
In closing, the work group continues to meet on issues of
common interest such as data security. But they have been
outspoken recently about the need to educate and inform
business, government and consumers about the mobile
environment.
We view this hearing as a great first step in this process
and appreciate the opportunity to participate. Thank you.
[The prepared statement of Mr. Oliver can be found on page
55 of the appendix.]
Chairwoman Capito. Thank you very much.
Our next witness is Mr. Troy Leach, chief technology
officer, PCI Security Standards Council. Welcome.
STATEMENT OF TROY LEACH, CHIEF TECHNOLOGY OFFICER, PCI SECURITY
STANDARDS COUNCIL, LLC
Mr. Leach. Chairwoman Capito, Ranking Member Maloney, and
members of the subcommittee, thank you for the opportunity to
testify on the important topic of mobile payment security.
My name is Troy Leach. I am the chief technology officer
for the Payment Card Industry Security Standards Council, also
known as the PCI Council.
Formed in 2006 by the major payment card brands, the
Council guides the development of open industry standards to
protect payment information.
More than 600 companies worldwide participate in the
Council's work for many different industries and backgrounds,
including a number of the leading players in the mobile space,
including a number of people who will be spoken about later
today.
So it is exciting for us to be here today representing
these members, from restaurants to banks to airlines to
technology vendors, who are eager to realize the benefit of
mobile payment acceptance in the most secure way possible.
The PCI standards are a strong industry framework for
protecting payment data. And it is this framework that we are
applying to mobile payment acceptance space.
Mobile technology is exciting and dynamic with a potential
to change the way we accept payments not only in the United
States, but also around the world. The benefits could be
significant. However, both consumers and merchants want to know
that using mobile technology for payment is just as safe as
using a traditional form of payment.
From our perspective at the council, making it secure is
our priority. For traditional payment card security, for the
Council, we have focused on people, process and technology.
The mobile payment environment is very complex, more so
than the traditional payment card scenario. Our goal is to work
with the industry to provide security across that spectrum.
Let me also clarify the Council's focus. There are two
aspects to mobile payments: initiation; and acceptance. The
first is when a consumer is using a phone in place of a payment
card to make a purchase. That is initiation. And the other is
where a mobile device, perhaps even the same mobile phone, is
being used by a merchant to accept payment cards.
There are a number of groups, including some of my fellow
panelists, working on the first aspect with the aim to protect
consumer's payment data.
The Council's security efforts have been focused on the
second area of payment acceptance, specifically of securing the
use of mobile devices as a point-of-sale acceptance tool.
Our first step has been to make sure that merchants can use
mobile technology to accept payments safely and to protect
their customers' information. PCI standards already apply to
mobile acceptance today, addressing the security of mobile
devices, of mobile applications, and the environments in which
they operate.
Expanding on these standards, we have published security
requirements that make it possible for merchants to use plug-in
devices with mobile phones to swipe payment card data.
We have also put out guidance on developing mobile payment
acceptance applications to help merchants process these
payments securely. And we will be releasing additional best
practices later this year on securing mobile payment
transactions.
As payment security is a shared responsibility, all parties
in the payment chain must work together in this effort. The
Council is concerned with making sure that these parties are
validated in the products and services that they provide. And
moving forward, we will explore this area even further.
Lastly, great work is being done through the advancement of
technologies in payment. Technologies are emerging that have
the ability to eliminate card data from potentially insecure
mobile environments.
The Council has already harnessed some of these
technologies to address this dynamic environment and we will
continue to assess and develop standards and guidance around
them moving forward.
In closing, mobile technology offers exciting potential to
that payment space. To help realize this securely, the Council
will work with its global stakeholders to develop industry
standards and the resources necessary for the protection of
cardholder data across all payment channels and the reduction
of fraud for consumers and businesses globally.
Thank you. I look forward to your questions.
[The prepared statement of Mr. Leach can be found on page
30 of the appendix.]
Chairwoman Capito. Thank you very much.
Our next witness is Mr. Ed McLaughlin, chief emerging
payments officer, MasterCard Worldwide. Welcome.
STATEMENT OF ED MCLAUGHLIN, CHIEF EMERGING PAYMENTS OFFICER,
MASTERCARD WORLDWIDE
Mr. McLaughlin. Thank you, and good morning, Chairwoman
Capito, Ranking Member Maloney, and members of the
subcommittee.
My name is Ed McLaughlin. I am the chief emerging payments
officer at MasterCard Worldwide based in Purchase, New York. It
is my pleasure to appear before you today and discuss
developments in mobile payment.
MasterCard is a leader in the transformation of mobile
phones and to secure payment devices and a champion of global
mobile payment standards. We appreciate the opportunity to be
here today to share our perspective on how mobile payments are
developing and benefiting consumers and businesses.
As mobile payments continue to evolve, we need to
constantly focus on two goals. First, we must strive to make
paying for something as simple and as compelling as possible
for every participant in the payments chain.
Second, we must provide the highest level of security to
consumers, to merchants, and to our financial institution
customers. At MasterCard, we invest heavily in the technologies
that make both of these goals possible.
Now, as you might expect, mobile devices are bringing
changes to the way people interact and also how they want to
transact. For example, the acceptance of card-based payments
through the use of handheld devices is opening up channels of
transactions for entrepreneurs that were not possible just a
few years ago.
Smartphones also provide a platform for the delivery of new
applications that are transforming the in-store shopping
experience for consumers. For merchants, smartphones provide a
convenient channel to engage consumers at multiple levels such
as through an Internet storefront or social media account.
Smartphones themselves are also becoming payment devices
through the adoption of near field communication, or NFC,
technology. MasterCard's PayPass, our Tap & Go product, is at
the forefront of this space. And by 2016, it is anticipated
that the majority of smartphones will support this technology.
So why are the new uses for mobile phones so important?
Because they provide convenience and promote financial
inclusion in a very secure environment.
Unlike the simple plastic card that has been around for
decades, smartphones provide an intelligent device right in the
consumer's hands that the consumer can use to interact with
financial service providers and merchants in ways that were
never before possible.
Also, when you look at the 85 percent of transactions that
are still being funded through cash and check, it is clear that
smartphone technology provides an unprecedented opportunity to
accelerate the transition to safe and secure electronic
payments.
By enhancing the ways that people connect to our network,
we are able to deliver new services to benefit consumers and to
reach a large number of consumers who are currently outside the
financial mainstream.
For example, payment card solutions like prepaid cards,
coupled with mobile technology, can unlock the global commerce
grid to consumers who do not currently have access to
mainstream financial services.
So at MasterCard, we have invested substantial financial
resources and human capital in developing the technology
necessary for our part in the mobile payments ecosystem.
Each day, we strive to make payments simple for all
participants in the payment chain while providing those highest
levels of security. For example, this is why we applied
MasterCard's zero liability protections for consumers to these
new payment technologies, including mobile-based payments.
In addition, we have recently announced a program to
transition MasterCard-branded payment products in the United
States to the EMV standard. The EMV standard is a global
standard for debit and credit payments based on chip
technology, the objective of which is to ensure
interoperability globally and acceptance of payment cards on a
worldwide basis.
The adoption of EMV-compliant payments in the United States
will help provide additional layers of protection for consumers
at the points of interaction.
MasterCard is extremely proud of the role we play in
advancing commerce through new technologies. The mobile phone
and many other smart handheld devices are transforming the way
we conduct our everyday lives, and hold significant promise for
providing new value to consumers and businesses, particularly
in the delivery of financial services.
Again, I appreciate the opportunity to appear before you
today, and when we get to it, I will be glad to answer any
questions you may have.
Thank you.
[The prepared statement of Mr. McLaughlin can be found on
page 43 of the appendix.]
Chairwoman Capito. Our next witness is Mr. Randy
Vanderhoof, executive director, Smart Card Alliance.
Welcome.
STATEMENT OF RANDY VANDERHOOF, EXECUTIVE DIRECTOR, SMART CARD
ALLIANCE
Mr. Vanderhoof. Thank you.
Chairwoman Capito, and members of the subcommittee, on
behalf of the Smart Card Alliance and its members, I thank you
for the opportunity to testify today.
The Smart Card Alliance is a nonprofit organization that
provides education and a collaborative open forum among leaders
in various industries, including mobile payments.
We applaud the subcommittee's interest in making mobile
payments safe, flexible, and resilient with the appropriate
legal, regulatory, and security frameworks.
Mobile devices can be used to facilitate the payment
process in many ways. I am going to focus my remarks on the use
of a payment-application-enabled mobile phone that can be used
to pay at a physical merchant location as an alternative to
paying with a plastic credit or debit card.
This hearing was convened to examine issues essential to
making mobile payments safe and to ensure appropriate
legislative oversight is in place. The good news is that the
type of mobile payments that I am here to talk about today is
built on already-established legal, regulatory, and security
frameworks in both the payment and the wireless telecom
industries.
This mobile technology is referred to as NFC mobile
contactless payment. NFC, or near field communication, is a
form of short-range wireless communications inside a phone. NFC
is a new technology that enables secure mobile payment at
physical merchant locations.
The NFC mobile contactless payment approach has two
advantages very important to this subcommittee. First,
underpinning the legal and regulatory framework is the simple
fact that while NFC mobile payments use a phone instead of a
card, the payment account remains a credit or debit card
account, and as such is already covered by existing laws and
regulations.
Second, the security and reliability of this approach are
grounded in global standards, established certification
processes, and in industry best practices that are the
culmination of nearly 20 years of work in applying smartcard
chip technology to protect payment accounts and mobile phone
subscribers.
Multiple international standards have been developed for
NFC mobile payment, and are supported by the mobile industry
and endorsed by the payment industry. In addition, new and
existing safeguards are used with mobile payment devices to add
many layers of protection for consumer account information and
transactions.
For example, access to the payment application can be
password-protected, and a lost or stolen phone can be turned
off instantly with one call to the customer's mobile operator.
The NFC-enabled phone is provisioned with a digital payment
credential issued by a bank and stored in a new, specially
designed, secure memory location in the phone.
The credential is transmitted to a merchant's NFC-enabled
payment terminal by short-range wireless communications. The
authorization and settlement processes are the same for those
used when the consumer pays with a traditional credit or debit
card.
Market development involving many of America's largest and
most trusted companies is well under way. One example is Isis,
a new mobile carrier joint venture between AT&T, Verizon
Wireless, and T-Mobile using the NFC mobile contactless payment
technology we are discussing today. Isis will license payments
provided by American Express, Discover, MasterCard, and Visa
for its NFC rollouts.
Another example is Google Wallet. Google has already
launched its NFC mobile contactless payments offering to
consumers, partnering with MasterCard, Citi, First Data, and
Sprint. More than two dozen large retailers including Macy's
and American Eagle Outfitters have enabled their stores to
accept Google Wallet mobile purchases and coupon offers.
NFC payment-embedded and mobile phones won't be the only
form of mobile payment. There are new mobile technologies being
tested other than NFC that are promising yet still unproven.
NFC offers value to both consumers and merchants. In addition
to value, consumers' confidence is in the underlying
infrastructure, and the credibility of industry offerings are
critical to its adoption.
Consumers will benefit from and trust in a mobile payments
infrastructure that has a strong focus on security and uses the
existing payments infrastructure for transactions.
Mobile phones represent a fertile landscape for new ways
consumers can transact with retailers, financial institutions,
application stores, and each other. Mobile payments innovation
is going to continue to evolve, as more people upgrade to
smartphones and learn about the new services they hold in the
palm of their hand.
In summary, ``The Future of Money,'' as this hearing is
entitled, is being positively impacted by mobile technology.
The changes in financial services that you have rightfully
called attention to are being well-managed and securely
protected by NFC technology and the collective knowledge
resources of the financial and mobile industries.
The Smart Card Alliance would like to thank the
subcommittee once again for holding this important and forward-
looking hearing. We greatly appreciate the opportunity to
present information that assists in the setting of legal,
regulatory, and security frameworks necessary to implement
safe, flexible, and resilient mobile financial products.
Thank you.
[The prepared statement of Mr. Vanderhoof can be found on
page 58 of the appendix.]
Chairwoman Capito. Thank you.
And our final witness is Ms. Suzanne Martindale, staff
attorney with the Consumers Union.
Welcome.
STATEMENT OF SUZANNE MARTINDALE, STAFF ATTORNEY, CONSUMERS
UNION OF U.S., INC.
Ms. Martindale. Madam Chairwoman, Ranking Member Maloney,
and members of the subcommittee, thank you very much for the
opportunity to testify today on behalf of Consumers Union, the
advocacy policy arm of Consumer Reports.
Mobile payments allow consumers to buy products or transfer
money with a mobile device. The market includes a range of
different technologies and many ways to fund the transactions.
The U.S. mobile payments market is still developing and it
remains unclear which trends will prevail.
It is too soon to know which consumers will benefit most
from the industry's growth, or inversely, be most vulnerable to
risk. However, policymakers can make a few simple fixes to
ensure that all mobile payments are safe.
The mobile payments market is, in a word, complex. There
are multiple ways to initiate payments. Some services involve
sending a text message or using an application downloaded to
the device. Others employ a chip embedded in the hardware which
the consumer waves at a contactless reader.
Furthermore, multiple parties are involved in completing
the transaction. You have consumers, merchants, third-party
processors, wireless carriers, and financial institutions, all
in the same ecosystem. With so many players involved, the risk
of confusion for the consumer increases, should something go
wrong.
Who is responsible for fixing the problem? If the different
parties all point fingers at each other, the consumer may be
out of luck.
Despite these challenges, mobile payments in the United
States are projected to gross $214 billion by 2015, in part due
to their potential to provide speed and convenience for
consumers and merchants. Some merchants are interested in the
technology because mobile payment service providers may charge
lower processing fees than traditional networks at the point of
sale.
Mobile payment technologies also have the potential to
serve new audiences. This may appeal to young, tech-savvy
consumers, as well as consumers who go outside the traditional
banking system for financial services. For unbanked or
underbanked consumers, as we call them, mobile payments may
provide increased access to financial services.
Low-income households and households of color, in
particular, are more likely to be unbanked or underbanked. And
according to a recent Pew study, these same households are more
likely to adopt cellphones and smartphones compared to the
general population. This presents an opportunity for mobile
payment technologies to penetrate these markets. However, these
same markets may be vulnerable to risk without adequate
safeguards.
Internationally, mobile payments have garnered attention
for helping consumers in developing countries gain access to
financial services. An estimated 5 billion consumers worldwide
have a mobile phone, but only 1.5 billion have a bank account.
In Kenya, where more consumers have cellphones than have
bank accounts, Safaricoms' popular M-PESA service enables
consumers to manage transactions entirely through their mobile
phones, not smartphones, just regular cellphones. M-PESA
customers can deposit or withdraw cash and send money through a
network of ATMs and agents, and they can buy goods and services
with their mobile phone, all without needing a bank account.
However, U.S. consumers have been slow to adopt mobile
payments for several reasons. Some mobile payments systems
remain limited in scope and availability. For example, the new
Google Wallet uses an NFC, or near field communication, chip
embedded in the mobile device, which the consumer waves at a
contactless reader. However, Google Wallet is currently only
available to Sprint customers with a particular phone, the
Nexus S smartphone.
Another mobile payment system, Bling Nation, uses a sticker
with an embedded chip that the consumer affixes to the device
and waves at a reader. However, Bling Nation is still available
only through pilot programs in Palo Alto, Chicago, and Austin.
Furthermore, market research indicates that consumers have
concerns about security of their financial information. In a
survey released last week, the Federal Reserve found that over
40 percent of consumers still cite security concerns as a
reason for not adopting mobile payments.
Finally, not all ways to pay with a mobile device are
created equal when it comes to consumer protection. Although
consumers may not be aware of it, U.S. payments law is
fragmented. The level of protections against unauthorized
transactions and errors varies, depending on whether a consumer
links payment to a credit card, a debit card, a prepaid card, a
bank account, a prepaid phone deposit, or a phone bill.
Traditional credit and debit cards have mandatory
protections under existing law; however, prepaid cards do not.
Mobile payment links to a prepaid phone deposit or a phone bill
are especially problematic, because they do not neatly fit into
the existing legal categories.
Wireless carriers may provide voluntary protections, but
they are typically not disclosed in customer contracts. The
different ways to pay by mobile device, and the varying
protections that apply to each, create the potential for
confusion when a consumer is faced with a transaction gone
wrong.
Consumers need to know where to complain and how to get
their money back, in case of errors or unauthorized use.
Consumers cannot afford to lose precious funds due to
inadequate protections. And for low- and moderate-income
consumers, this loss could be especially acute.
Until U.S. payments law is updated to provide clear,
guaranteed protections for all payment methods, consumers may
be at risk when using mobile payments technology. Nevertheless,
a few simple fixes could close the gaps in protection and
provide clarity to the industry.
The Consumer Financial Protection Bureau is in a unique
position to address mobile payments, because it has
jurisdiction over payment service providers and can clarify
regulations implementing Federal consumer financial laws.
Congress and other Federal agencies also have a very
important role to play in establishing some sensible rules for
the road that protect consumers and foster innovation.
Thank you again for the opportunity to testify. I welcome
your questions.
[The prepared statement of Ms. Martindale can be found on
page 39 of the appendix.]
Chairwoman Capito. Thank you.
I want to thank all of you. And I will begin with the
questions.
First of all, Mr. Oliver, just so I understand, I am
starting here with the basics. You mentioned ``open wallet.''
Can you just explain what an ``open wallet'' is?
Mr. Oliver. The concept of the ``open wallet'' is that it
would operate on the phone the same way it does in your current
wallet. And you can select on that phone any payment instrument
you choose from any provider and execute a payment using
standard technology without having to do something terribly
different from paying an instrument to another.
Chairwoman Capito. So you could pay out of your bank
account on your card?
Mr. Oliver. Out of your bank account, or any card you may
have in your wallet. Competing cards, prepaid cards, what-have-
you.
Chairwoman Capito. Right. Okay.
My understanding, and I am sort of throwing this out to
anybody who knows this--is that Europe has been much further
ahead than we are on this technology. They have the chip and
PIN cards, I guess they are using in Europe? And there is some
thought that this NFC chip would sort of leapfrog that
technology.
Why do you think it has caught on there and it hasn't
caught on here? And do you in fact think that this will
leapfrog their technology? I imagine it is going to catch on
like wildfire once it gets going in a more robust fashion.
Does anybody know why the European model is further ahead
than we are on this technology?
Mr. McLaughlin. Let me open. When you look at markets and
how they evolve, it usually starts at the baseline conditions.
The United States benefited from having the best telecom
infrastructure in the world at the times they were looking at.
So there are requirements in Europe to be able to handle things
like offline transactions; to put more intelligence into the
transactions themselves to purely compensate for the telecoms
infrastructure that were there. So that led to a set of
investments in EMV and underlying security technology.
We have seen that now cascade in markets around the world--
Canada, Mexico, and other markets are moving towards endorsing
that.
So in the United States, we now see it as absolutely time
for us to move from static, plastic-based credentials to
dynamic protections that can be generated using EMV and chip
technology. In many ways, we took a plastic card and we put a
chip on the card. We are now taking the chip off the card and
putting it into the phone.
Chairwoman Capito. In the phone.
Mr. McLaughlin. It is also essential, though, as we work on
this, that we continue to maintain that worldwide
interoperability so consumers know that anywhere that they can
go, they can get the same security around their payment
products.
Chairwoman Capito. I agree with that.
The question I have on--I think all of you have mentioned
the contactless reader which would be at the vendor site, the
retailer site. I represent a rural area and there is always a
question of cost for the retailer. How expensive are these
devices? Are people investing in them? Somebody mentioned 20
retailers who are involved in this, the larger retailers.
How do you see this in terms of the retailer investment? I
know when we changed the interchange, there was a big hue and
cry from the retailer to the different readers and so does
anybody have any kind of statement on that?
Mr. Vanderhoof. I would like to begin by saying that when
the U.S. brands--particularly Visa, MasterCard and Discover--
announced that they were moving towards the EMV chip strategy
within the last year, an important distinction that they
included in that road map was that they were going to
incorporate both contact and contactless technology as a part
of that in order to be able to embrace the mobile contactless
technologies that we are talking about here today.
From a merchant perspective, they now have a very clear and
distinct path forward in terms of what will be the technology
platform not only to accept their existing payment cards that
consumers have today, the new and emerging EMV chip cards that
are coming, but also the mobile NFC payments technology.
The advantage for the merchants now is that when they do
make that decision to upgrade their acceptance infrastructure
in their stores, they can purchase one device that is going to
support the legacy card technology that is in the market today,
the evolving new chip contact card technology that is coming
and the NFC mobile technology in the phone. So they will make
one investment supporting three of their primary methods of
payment.
Chairwoman Capito. Is that technology available right now?
Mr. Vanderhoof. It is not only available, but also the
manufacturers of those devices have now totally upgraded their
equipment to be able to absorb these new technologies so that
the same devices that they would purchase 5 years ago didn't
have--
Chairwoman Capito. Right. I understand. Yes. I understand.
I have just a couple of seconds because I think the
security issue is something that we want to delve deeply into.
I think Ms. Martindale brought out a great question, ``If
something goes wrong, how are you going to track back as a
consumer to figure out how you are going to right that wrong?''
And the other thing that Mr. McLaughlin mentioned that I
think we should be looking at here is talking with the
regulators about--as you mentioned, this is regulated as a
card. But then, Ms. Martindale brought up some exceptions to it
that I think are significant with the evolution of different
types of cards. And I think that is something we need to keep
our eye on.
I am now going to yield to Mrs. Maloney for 5 minutes for
questions.
Mrs. Maloney. I want to thank you, Mr. Oliver. In your
statement, you said we should come out with common standards
that would help us more efficiently move this forward. Where do
you see these common standards coming from? Who is going to
pull them together? The industry or whatever?
Mr. Oliver. Yes, these are best and usually done by
industries. And Mr. Vanderhoof made several comments about the
efforts of the Smart Card Alliance and others. There are forums
in Europe as well as international standard forums such as ISO
that generate these types of standards and allow people to
adopt them.
It is a critical issue in interoperability and really the
key to the earlier question about an open wallet; that you
would have the same experience no matter what you did. So there
are organizations collaboratively participated in that would
generate these.
Mrs. Maloney. That is great news because on 9/11, one of
our biggest challenges was that the phones from the police
couldn't interact with the phones from the fire department. And
if they could have, it could have saved lives. So making that
common-sense step forward would be important.
Many of you talked about how this would allow more access
for the unbanked and those who don't have access to banking.
Would someone elaborate, because that is the concern to make
sure that all of our citizens can find some sort of banking
services?
How are you going to reach out to the unbanked? How is it
going to help the unbanked?
Mr. McLaughlin. This something that at MasterCard we have
been working on a lot; particularly using prepaid products as
an access tool for those who don't have formal banking
relationships.
It starts with providing ways to get access to funds
themselves so they are not left to the tender mercies of the
check cashers and payday lenders. You can look at the work we
have done with the Social Security Administration for the
electronic distribution of funds and the other ways to allow it
to reach these consumers.
We think the key to using mobile will provide people more
visibility into their financial information, into their account
status so they can be more informed. They can make savvier
decisions and we can reach individuals that we haven't
traditionally been able to reach through bank branches and
other areas.
Mrs. Maloney. The Federal Reserve has been looking into
this, and they did a Federal Reserve report which said that 57
percent of all Americans and consumers surveyed felt that the
banking services that they had now were adequate. Then, they
looked at people who had mobile banking, and only 12 percent of
mobile phone users reported that they made a mobile payment in
the past 12 months; so the technology is out there and people
aren't using it.
And given this finding in their report, what actions should
be taken by retailers, credit card companies, banks and
nonbanks, mobile phone service providers, and others to develop
mobile payment opportunities that are tailored to customers so
that the customers use it? They say the technology is out there
and that people don't even want it at this point, or use it.
Mr. Vanderhoof. The mobile devices are still just starting
to reach the consumers' hands through the mobile networks and
through the retail stores that offer them. So we are expecting
that there is going to be an increasing number of options
available for consumers to be able to upgrade phones with smart
card technology that has the ability to support these types of
mobile payments. But unfortunately, today, we have a chicken-
and-egg situation where we have consumers who want to pay with
their mobile device and are waiting for the equipment to arrive
for them to use it. When the equipment is available in
consumers' hands, then the issuers of these payment instruments
that will work on mobile phones will have an opportunity to get
them in consumers' hands and merchants will see--
Mrs. Maloney. That is one barrier. What other barriers
exist that could inhibit widespread adoption of mobile payment
options? Security concerns?
Mr. Leach. I would think so. One of the areas that we are
addressing is the security of payment card data wherever it
progresses.
At the PCI Council, we look technology agnostic at how the
data flows into the systems. Many of the terminals that are
certified on our Web site have gone through laboratory tests
and do have the capability to accept what we are talking about
here today. But we are talking mostly on the consumer side. We
also have the security of the merchant side and we are seeing
rapid growth in the merchant community.
So we talked about unbanked consumers--there have been
unbanked merchants. And we are starting to see a new generation
of merchants who, before, were not accepting any type of
payment other than cash, and now are using such devices as
peripherals that you would plug into a smartphone or other
types of mobile devices to accept payment. And we are seeing a
new industry boom here in the United States.
Mrs. Maloney. Thank you. My time has expired.
Chairwoman Capito. Thank you.
Mr. Renacci, for 5 minutes.
Mr. Renacci. Thank you, Madam Chairwoman. Again, I want to
thank the witnesses for being here today.
Mr. Oliver and Mr. McLaughlin, what effects do you think
the current regulatory environment will have on many of these
new innovations; and has the uncertain and, really, the
changing regulatory environment had an effect on or slowed the
evolution of many of these new products?
We will start with Mr. Oliver.
Mr. Oliver. That is a great question, and one of the
important questions that we discussed within this work group;
and one of the reasons they asked us to try to rationalize the
regulatory infrastructure that might be in place.
Given that most of the payments will be made using existing
instruments, I think that people are pretty comfortable with
where that is right now and there appears to be no serious
legislation on the horizon to change that.
I think the real issue here has to do with those places
where gaps occur where different parties are involved in a
transaction now than have typically been involved before. The
Federal Communication Commission, for instance, oversees the
wireless industry, but they have no experience with payments.
Many of the payments firms have no experience with that.
And so, that is why this collaborative effort to try to
understand whether or not any new regulation at all would be
required is a really important first step, we think, on the
part of the government, and should occur pretty quickly.
But it is not obvious that there are serious unregulated
areas at this time.
Mr. Renacci. Mr. McLaughlin?
Mr. McLaughlin. I think it is important to recognize that
the mobile phone will be one device, albeit an incredibly
compelling device, that consumers will use to access their
account.
So from a MasterCard perspective, we want to make sure that
all the rights, protections, and privileges consumers have
doing that transaction are the same whether they are using a
physical card, they are initiating the transaction from a
mobile device, or they are shopping online.
And that is the reality for our consumers. They want to be
able to trust the transaction and know they are protected,
whatever they are using. So we believe in making sure that we
aren't creating some separate and independent mobile world, but
rather saying these devices are an extension of the rights and
privileges that people have today, is essential.
I think it is also important that we allow innovation to
flourish in this area. We need to ensure the security and
consumer protections. What we can't do is constrain or restrict
the ability for industry to determine how to create the most
value for consumers and merchants using the new devices.
Mr. Renacci. Mr. McLaughlin, to move into these type of
innovations, there is a scale of investment that has to be
made. Can you kind of explain again the scale of investment a
company such as yours spends on developing these products and
the underlying infrastructure?
Mr. McLaughlin. Absolutely. And one of the things I think
it is important to point out that these are technologies that
we have been working on for a decade or more.
We knew that we would want to take advantage of smart
devices. We knew that the form factors would be changing. So
the first trials we had of contact with technology were in
Orlando and Dallas in 2002.
We continue to build and invest. In 2005, as an industry,
we began rolling out PayPass, which is the contact technology
we have had. And we worked with all of the participants in the
chain, whether it is handset manufacturers, security and chip
companies, or telcos, to make sure there is a safe and secure
environment to leverage that technology.
So it is an ongoing and substantial investment, not only in
the consumer experience in the environment, but in the
underlying security infrastructure.
Mr. Renacci. Thank you.
Mr. Oliver, could you talk about the potential up-front
costs that will be required for merchants to accept mobile
payments? And is there any danger that they make an expensive
transaction, only to have payment technology veer off in a
different direction?
Mr. Oliver. I am probably not the best person to answer a
question about what the expense will be for the merchants. But
I would like to answer the question about the long-run
investments there. Obviously, they are confronted with the
issue of trying to understand what the end game is, and
therefore make wise choices now.
There are very large merchants who have already made that
decision to say, ``What do we think will happen in the next 7
years?'' And they have said, ``We believe mobile technology
using NFC contact and contactless cards, as well as current
instruments will be there.'' And they have actually already
acquired the terminals to do that.
The incremental costs, from what I understand, of adding
that technology to existing terminals is pretty inexpensive.
But across a huge footprint for a large retailer, it is going
to incur some costs.
But that is what they want to do with this roadmap, to
determine what is the end state, and then let us choose how to
transition and spend wisely.
Mr. Renacci. Thank you.
I see I am running out of time, so I yield back.
Chairwoman Capito. Thank you. Mrs. McCarthy, for 5 minutes.
Mrs. McCarthy of New York. Thank you.
And thank you for your testimony. I tend to think that a
lot of people would find this really fascinating.
The Europeans have been using this technology for a while.
What are the statistics for those countries that are more
advanced than us on the breaking in, the stealing of
information, their protections?
You already see that information over there. What have you
done that is going to be different for here, for us?
Mr. Vanderhoof. There are several underlying technologies
that we have discussed today. The European markets, in
particular, have been using this chip technology as part of
their payment card infrastructure for many years. And they have
proven dramatic reductions in their fraud, because the payment
cards now are unable to be counterfeited or the information on
that consumer payment product can't be cloned and replicated
because of the security of the chip technology.
What is inaccurate is that they have been ahead of the U.S.
market in terms of mobile payments. In fact, the U.S. market
has a much faster potential for adoption of mobile payments
because we have made this investment over the last 5 years in
contactless payment card technology.
And therefore, we have hundreds of thousands of terminals
already installed in the marketplace that can now use a mobile
phone with the same payment capability to make those payment
transactions, where in Europe and other parts of the world
which have implemented chip technology, they have not
implemented chip technology with the ability to interface to a
mobile device. So, they are going to require a second
investment.
Mrs. McCarthy of New York. Obviously, we hear a lot about
cybersecurity. I know all the nations, NATO; it is their number
one issue when they are talking together.
Have you given it any thought, because we are always one
step--or hopefully always one step in front of the criminals?
This is obviously going to be a big area in the United States,
because we have very innovative people who are always trying
to--hopefully, you are hiring them, because they always seem to
be outsmarting us.
Getting back to the cybersecurity, what mechanisms are out
there, when something like that possibly will happen, which
many of us agree it will? And how are we going to combat that?
I will throw that out to anybody.
Mr. Leach. The PCI Council has written standards already to
look ahead to where the future is. We are a global standard
body, so we already have our standard implemented in Europe
with this type of technology.
One of the standards we released last year is called point-
to-point encryption. What this allows is for, regardless of the
technology, whatever innovation we create here in the United
States or abroad, we can encrypt this information, and render
it of no value to a criminal.
That way, the system itself can produce and transact, and
the consumer can have confidence in that transaction. What we
have seen here in the United States, one example is that
merchants are taking devices and plugging them into the phone.
And they are now swiping the traditional cards or they are
using new mobile technology. They are able to encrypt this
information, protect it, before it ever gets into an insecure
mobile environment, and are able to process that information
securely and safely on behalf of consumers.
So, we do have standards already as an industry. We are
looking at new standards, as well as new dynamic ways to make
it so that data is of no value. So even if that data is
exposed--I share my credit card information with you--we have
new technologies that are emerging that would render that of no
value to a criminal.
Mrs. McCarthy of New York. The only reason I am concerned,
is we all have our BlackBerries. They are government-issued.
But every few days, we get a very long list of those who have
actually broken into our BlackBerries, and likely Spam or
someone has gotten our information.
So I can understand where the American people might be a
little concerned here, because we are supposed to have the
protection, yet we are not even supposed to use these when we
go overseas. They ask us not to use them.
So, I can see where Americans--you are going to have a big
sell for a lot of people, I think. It might take time. And I do
know it is used over in Europe quite a bit.
But with that being said, you are going to have to convince
an awful lot of people that their checking account is not going
to be wiped out.
Mr. McLaughlin. I think that is what happens any time we
introduce new technologies. People are comfortable with the
familiar. And that is why our obligation is to make sure every
new technology we bring out there is enhancing the security, it
is making it safer, so consumers can understand that we can do
things using the intelligent devices to make it more secure
than what we could ever do with the static, plastic device.
So, that is the advantage of the new technology. But we
need to make sure that we are smart about how we harness it.
Mrs. McCarthy of New York. With that, I yield back the
balance of my time.
Chairwoman Capito. Thank you.
Mr. Grimm, for 5 minutes.
Mr. Grimm. Thank you, Madam Chairwoman, for holding this
hearing, first of all.
And I appreciate everyone's testimony today.
A couple of questions--Mr. McLaughlin, how much does
MasterCard spend annually on fraud? I know that there is quite
a bit of fraud now, even traditionally with cards. Do you have
a ballpark of how big that problem is for MasterCard?
Mr. McLaughlin. I don't think we have broken out specific
fraud expenses. But what I would say is it is something that we
constantly battle. Any change, anything we do, we have to make
sure that we are making the system safer for that; so one of
the primary focuses of our organization is to make sure that we
are eliminating fraud or mitigating it wherever possible.
Mr. Grimm. Would you say that it increased significantly
with the advancements of the Internet?
Mr. McLaughlin. I think any new technology creates
challenges to make sure that it is secure. We have been able
to, over the last decade, do a lot to mitigate the fraud
potential of what is online. But that is something that we
combat every day.
Mr. Grimm. I will take that as a ``yes.''
And don't get me wrong, I am all for the new technology. I
just recognize that with anything that is new--I slightly
disagree with my colleague. I think that criminals are a step
ahead of us many times with most of these things, whether it be
the Internet, counterfeiting cards originally was a tremendous
problem.
Then with the Internet--just now, there was a massive sting
operation throughout the entire country, people ordering online
and then fencing those items for cash at significant discounts.
The effect on merchants, because I think a lot of the
merchants are going to have some issues--when someone comes in
and does a transaction, for example if they order over the
phone, and they give their credit card over the phone, and then
they get their bill and say, ``Oh, I didn't order this,'' the
merchant usually eats it. That has been my experience.
Which is really unfair because you have seen--let us just
say it is for food at a restaurant. You have delivered to that
residence many times, and the delivery boy actually knows the
person. But it might be a college student using dad's card. And
this time, dad got the bill and said, well, $45 for this.
They come in and they actually sign for it, then the
merchant is protected. So are there going to be safeguards for
the merchants, because there obviously aren't going to be any
signatures with this. So, that would be a question.
Mr. McLaughlin. I think you have highlighted one of the
most important points of running a payments network or a
payments environment. And it is not simply the technologies
that are available to us.
Quite often, when we see proposals that are out there or
innovations, it is not, ``What can the technology do?'' but,
`How do you run the network itself, and how do you make sure
that you are balanced and fair for all the participants who are
in it?''
That is why, as I said earlier, as we adopt mobile
technologies, we want to make sure the same protections and
rules that we have apply, and the same dispute resolution
mechanisms are there.
The goal for adopting the new technologies is to increase
the level of verification and certainty we can put around every
transaction so issuers benefit from reduced fraud. Merchants
also benefit from that reduction in fraud.
Harnessing the new technologies to provide enhanced
security and enhanced clarity is the objective. We can do
things like providing one-time cryptogram on the individual
transaction so we know specifically where it was generated
from, moving from static identifiers to dynamic. We can get
additional certainty of who you are and the device that you are
transacting from, when you do things like an online
transaction.
So what we see going forward is the distinction between
what is happening at the till, how you purchase online, and
other ways that you are transacting; we will move more and more
to intelligent devices; and looking to harness the capability
of those devices to get us to reduce fraud is the overall goal.
Mr. Grimm. And then the last question, just on that topic,
how about the advanced phishing technology that is out there?
When cell phones first came out they were cloning the phones
constantly by using phishing technology to steal your I.D.
right out of the air. I am assuming that is built into this
technology but I think it is worth mentioning since this is an
information forum right now.
Mr. McLaughlin. Absolutely. And that is why--and the
reference that Mr. Oliver made to trusted service managers--
that is why we want to make sure that anything we do with the
new devices is more secure than what we did in the physical
card world, so we are more protected against things like
phishing and other types of attacks.
Mr. Grimm. Okay. Thank you.
My time has expired and I yield back.
Mr. Renacci [presiding]. Thank you.
I yield 5 minutes to the gentleman from Georgia, Mr. Scott.
Mr. Scott. Thank you very much, Mr. Chairman.
This is a really fascinating hearing. We are moving so fast
with technology that it is hard to keep up with it.
And now, we have a real challenge here, it seems to me, and
I have a number of questions, particularly that 91 percent of
the American people now own a mobile phone. That is a
phenomenal situation.
First of all, I have questions about who is to regulate
this. I am going to start with people who are paying their
phones through their mobile units. Who regulates this now?
Where does it come under, mobile payments? Is there regulation
now?
Ms. Martindale. I think you pose a great question. And
everyone kind of goes--there really isn't, when it comes to
mobile payments, specifically, the use of a phone to make a
non-communication type of transaction; the fingers are pointing
in all different directions. And the Federal Communications
Commission doesn't appear to, at least, perceive that it has
jurisdiction over these types of transactions.
As I pointed out earlier, I think that when a consumer's
phone gets stolen, they are going go to the wireless carrier
and expect that the wireless carrier has maybe something in the
contract, maybe has a policy, and maybe there is a phone agency
that is supposed to be in charge. But that is, at best, unclear
right now.
Mr. Scott. Yes, that concerns me because people lose their
phones all the time. The point I am making is if you have 91
percent of the American people, 90 percent of the American
people means young people, old people, senior people, people
who are getting adjusted to it. So I think that there are some
very serious questions here about the regulatory function of
it. I also think that there are some issues about the size and
the complexity of this issue.
My other major concern is that who really is responsible
for monitoring the security risks that are here?
All of these questions really have to be carefully
examined. And I think that we have the Consumer Financial
Protection Bureau, we have the FCC, we have the FTC. Then we
have this little thing in there where, these bills, who pays
them? Where do they get the money from? How is it transacted?
In some cases, a telecommunications company pays the bill
for them, adds that to their monthly bill and you have, I am
sure, within there, all kinds of fee structures, late payments
that are piled upon if they don't pay their phone bill, let
alone the other bill.
And it just seems to me that the consumer can really get
bamboozled here with a lot of financial burden. And yet, right
now, this is going on and we don't have a regulator for it.
So my question is where do you all believe this should
fall? Is there one agency? Should there be several? Who is
going to regulate this?
Who is going do the oversight for this? And particularly,
right now, I am sure there are problems in this area. So my
concern is this technology is moving so fast we really have to
put a priority on how we are going to protect the American
consumer, because it is going to move very, very fast. Even
right now, with my own cell phone, I have problems just trying
to figure out how to get all of this information I am
receiving.
And now the other point is too, this is going to have an
economic impact someplace. This is going to put a lot of
businesses that are in business now out of business. It is
certainly going to expedite putting the post office further out
of business.
And then there is no paper trail here. If I get my bill,
and I am paying my bill, I like to have something in my hand
that says, ``Hey, I paid this bill. I have a paper trail
here.''
There is nothing here. It is all in space. So I am just
making these points to say we have some work to do.
Thank you, Mr. Chairman.
Mr. Renacci. Thank you.
I yield 5 minutes to the gentleman from Delaware, Mr.
Carney.
Mr. Carney. Thank you, Mr. Chairman.
And thank you to the panel for coming today.
I would just like to pick up where my colleague left off
and ask the question: What is driving this move to mobile
payments?
Why don't we start with Mr. McLaughlin?
Mr. McLaughlin. Let me open by saying Salesianum, Class of
1983.
Mr. Carney. Oh, you would have to do that, wouldn't you--my
archrival.
Mr. McLaughlin. I think it is absolutely driven by the
demand we are seeing from consumers. What they are recognizing
is that mobile is transforming their lives, particularly
younger consumers. They expect to be connected. They expect to
have immediate access to information. They expect to have more
information and richer information about where they can shop,
what deals and offers are available to them and have immediate
access.
Mr. Carney. So that information would be available on their
cell phone, and they would then make some purchase and make the
payment through the phone, is that--personally, I don't want my
cell phone to do anything more.
I have a hard time keeping track of what it does for me
now. And then when I leave it at home, I feel completely lost
and naked without my phone.
Mr. McLaughlin. Yes.
In fact, when you do consumer research they use expressions
like ``losing a limb,'' which I found disturbing, when they
don't have their phone with them.
I think you are right. I think it has become your GPS. It
has become your personal assistant. It has become your alarm
clock. It is something that is always on and will progressively
be always with you.
Mr. Carney. I think several of you have touched on this,
but is it more secure?
Mr. McLaughlin. That is absolutely the objective. We would
not move towards this payment environment unless we could
enhance the security of what we are doing.
And keep in mind, what we have been able to do with plastic
cards in the online authorization network has been a great way
to combat fraud. We believe by harnessing mobile devices we can
enhance that even further by using the intelligence that is
available to it; and then by incorporating consumers deeper
into the process of monitoring their finances.
Even without an NFC payment, we can use the phone today.
MasterCard has a technology we call ``In Control'' where I can
say, ``Let me know on my mobile if an international transaction
occurs or an online payment occurs or a transaction over a
certain amount.''
So that connectivity gives consumers more information:
``How much money is in my account before I make this payment?''
It gives them more information--
Mr. Carney. That was going to be one of my questions. It
would help you not make a payment that you didn't have money to
cover.
One of the big things that aggravates folks is when they
overdraft their account and get a charge for that. This would
help you not do that?
Mr. McLaughlin. Yes. We can do even better than that. We
can tell you exactly, working with mobile banking and other
applications, the current status of your account. We can say,
``Here is how much you spent against the budget you have set in
certain categories,'' and provide this real-time access to
information. So alerts and controls, I think, are essential to
the mobile payments experience.
And keep in mind it is the MasterCard network and the
underlying account that pulls this together. So in my
experience in getting out of--
Mr. Carney. Yes, I am breaking in because my time is
running out.
How about the unbanked or underbanked?
Let me move on to Ms. Martindale. What is the advantage and
how does it work? You mentioned that, I think in your opening
statement, for those folks because that is an important group
of my constituents.
Ms. Martindale. I think it--the way that you could set it
up now so that you wouldn't even need a bank account to do
these types of transactions is you could have a prepaid debit
card, which is not a bank account.
And you could link your mobile payment application to that
prepaid card so that you are drawing down funds from your
prepaid deposit. And this is a way that unbanked or underbanked
consumers could use these types of--
Mr. Carney. You would have to, though, set something up?
Ms. Martindale. Yes, you would have to set something up.
And again, we have a whole host of other concerns about
prepaid cards just standing alone because they are as yet not
regulated in the same way that a debit card linked to a bank or
credit union account already is.
So a prepaid card itself doesn't have any mandatory
protections against fraud, theft or errors should your card be
lost or stolen or someone rips off your number. And so, if you
are adding an extra layer of that mobile payment transaction
linking to a prepaid card, we do have a concern that this
could--this is a great opportunity to, again, to provide that
information in a way that consumers will actually use it.
Unbanked and underbanked consumers are adopting cell phones
and smartphones. At the same time, we need to make sure that
the payment transaction is covered by some guaranteed legal
protections against fraud from the consumer financial
protection side, beyond the data security side.
Mr. Carney. So, I have 15 seconds left. How do the
interchange fees work for this? We had a big debate about
that--a dispute about that over the last year. How do the fees
work for--would they work for mobile payments?
Mr. McLaughlin. From MasterCard's perspective, whether you
have initiated from a card or initiated from a phone, it is the
same transaction.
Mr. Carney. Same transaction. Thank you.
I thank the subcommittee.
Mr. Renacci. Thank you.
I recognize the gentleman from Missouri, Mr. Leutkemeyer,
for 5 minutes.
Mr. Luetkemeyer. Thank you, Mr. Chairman.
I guess, I probably want to start out with, what kind of
timeframes do you see all of this developing in? What is the
timeframe for general acceptance? What do you see as the
timeframe for the problems to pop up and occur here so we know
what kind of timeframe we have for some sort of regulatory fix
for some of this?
Mr. Oliver. Can I take the first shot at that?
Mr. Luetkemeyer. Yes.
Mr. Oliver. There are a lot of elements of change involved
in this and a lot of parties that are going to have to
collaborate, release technology, implement technology, educate
the consumer, and so forth.
My sense, just as a personal estimate, is that you will see
significant deployment in the 2- to 5-year range, because many
of the pilots that are currently going on aren't going to be
completed until sometime next year. So, I think you are going
to see a slow growth curve for an extended period of time.
Mr. Luetkemeyer. Do the rest of you kind of anticipate the
same?
Mr. Leach. We have been talking about the consumer side of
the phone. I think from a mobile payment acceptance, we see
that today.
At PIC Council, we have standards that accept certain types
of mobile technology to accept traditional payment cards,
plastic cards. We have seen our first products come through, be
lab tested, certified, and listed on our Web site. So for
mobile acceptance, payment acceptance, it is here today.
Mr. Vanderhoof. Excuse me, I would just add that the
solutions on mobile payment that you are hearing from the well-
known, well-recognized brands that have a clean sense of the
security and the certification requirements of this technology
are going to evolve slower than the Internet start-ups of the
world who might come up with an application that you can
download on your phone and be in business basically overnight.
But for consumers, I think they have to pay attention to
who is behind the technology that they might be interested in
using? What safeguards exist? And it is probably always the
wise choice to look at the established companies that are
backing this and the reasons why they are moving at the pace
that they are moving in order to maintain security.
Mr. Luetkemeyer. Yes, I am not very technologically savvy,
so this is kind of three steps above my grade here.
But it would seem to me that you are going to have to have
a platform here within which all of these transactions can
occur with the same sort of technology to be able to talk to
each other. I assume that is possible. I am assuming everybody
is already working on the same platform or the same language or
whatever it takes to make this all work. Is that a safe
assumption?
Mr. McLaughlin. I think you see a strong movement that we
work together as an industry to make sure that this will work;
that it is safe and secure. So that is why some of the
standards that we have talked about earlier like the underlying
EMV technology, the PCI standards that are out there, and
things of that nature provide a baseline that consumers and
merchants know they can trust.
Having those standards out there also allows us to compete
vigorously on who can deliver the best consumer experience and
the best value out there. So, we have to make sure that there
is a foundation that works so we can all compete on the works
better.
Mr. Luetkemeyer. Are there other places in the world where
this is being done already? Are we the leading country? Are we
technologically leading the world with this application?
Ms. Martindale. Actually we are one of the--we are behind
on mobile--
Mr. Luetkemeyer. We are behind?
Ms. Martindale. Yes, in fact, other countries--people have
mentioned Europe--but in developing countries, this is taking
off like wildfire, but with a very different set-up, and
granted, the infrastructures in those countries may be
different. So, I am not necessarily saying that we would be
able to replicate in the same way that we have seen in other
countries.
I would use Kenya as an example. African countries have
been adopting mobile payments using a regular--you don't have
to have a smartphone--cell phone, where basically you are
giving a deposit to the wireless carrier and the wireless
carrier is helping you manage your funds.
And that is something that I have not heard the industry is
not as interested in going that direction right now. I think it
is more the NFC-enabled, Google Wallet-type of scenario where
you have your different payment cards linked up to the
application. But other countries have been doing this for
several years now, and it has been a way of banking unbanked
consumers.
However, it has also involved a great deal of proactive
collaboration between the Central Bank of Nigeria, for example,
and the major telecoms. It is a very different, more
centralized set-up then we would have here.
Mr. McLaughlin. Yes, I think the key is providing the
appropriate technology for consumers. Consumers in the United
States today have access to electronic payments. In many of
these countries, they don't. So, MasterCard has been working
hard to work with the telecommunication providers and financial
institutions in those countries to provide appropriate
technology.
One quick example--the GSMA is a mobile association, which
last year gave us their Mobile Money Innovation of the Year
Award for what we had done in Kenya working with Standard
Charter Bank and Airtel to provide virtual MasterCard numbers
to people who had no access to online transactions on the
Internet.
So suddenly, a whole swath of the population who weren't
able to access anything online now had access to it by
harnessing the existing payment networks and tailoring it
precisely for what was needed in those networks.
Mr. Luetkemeyer. That is interesting. I know the death
knell has been sounding for cashing checks for many, many
years, and it seems that they are still there. So maybe, you
guys are taking a first step down the road to do away with
those. Thank you, Mr. Chairman.
Mr. Renacci. I want to thank all of the members of the
panel for testifying this morning.
The Chair notes that some Members may have additional
questions for the panel, which they may wish to submit in
writing. Without objection, the hearing record will remain open
for 30 days for Members to submit written questions to these
witnesses and to place their responses in the record.
This hearing is adjourned.
[Whereupon, at 11:18 a.m., the hearing was adjourned.]
A P P E N D I X
March 22, 2012
[GRAPHIC] [TIFF OMITTED] T5082.001
[GRAPHIC] [TIFF OMITTED] T5082.002
[GRAPHIC] [TIFF OMITTED] T5082.003
[GRAPHIC] [TIFF OMITTED] T5082.004
[GRAPHIC] [TIFF OMITTED] T5082.005
[GRAPHIC] [TIFF OMITTED] T5082.006
[GRAPHIC] [TIFF OMITTED] T5082.007
[GRAPHIC] [TIFF OMITTED] T5082.008
[GRAPHIC] [TIFF OMITTED] T5082.009
[GRAPHIC] [TIFF OMITTED] T5082.010
[GRAPHIC] [TIFF OMITTED] T5082.011
[GRAPHIC] [TIFF OMITTED] T5082.012
[GRAPHIC] [TIFF OMITTED] T5082.013
[GRAPHIC] [TIFF OMITTED] T5082.014
[GRAPHIC] [TIFF OMITTED] T5082.015
[GRAPHIC] [TIFF OMITTED] T5082.016
[GRAPHIC] [TIFF OMITTED] T5082.017
[GRAPHIC] [TIFF OMITTED] T5082.018
[GRAPHIC] [TIFF OMITTED] T5082.019
[GRAPHIC] [TIFF OMITTED] T5082.020
[GRAPHIC] [TIFF OMITTED] T5082.021
[GRAPHIC] [TIFF OMITTED] T5082.022
[GRAPHIC] [TIFF OMITTED] T5082.023
[GRAPHIC] [TIFF OMITTED] T5082.024
[GRAPHIC] [TIFF OMITTED] T5082.025
[GRAPHIC] [TIFF OMITTED] T5082.026
[GRAPHIC] [TIFF OMITTED] T5082.027
[GRAPHIC] [TIFF OMITTED] T5082.028
[GRAPHIC] [TIFF OMITTED] T5082.029
[GRAPHIC] [TIFF OMITTED] T5082.030
[GRAPHIC] [TIFF OMITTED] T5082.031
[GRAPHIC] [TIFF OMITTED] T5082.032
[GRAPHIC] [TIFF OMITTED] T5082.033
[GRAPHIC] [TIFF OMITTED] T5082.034
[GRAPHIC] [TIFF OMITTED] T5082.035
[GRAPHIC] [TIFF OMITTED] T5082.036
[GRAPHIC] [TIFF OMITTED] T5082.037
[GRAPHIC] [TIFF OMITTED] T5082.038
[GRAPHIC] [TIFF OMITTED] T5082.039
[GRAPHIC] [TIFF OMITTED] T5082.040
[GRAPHIC] [TIFF OMITTED] T5082.041
[GRAPHIC] [TIFF OMITTED] T5082.042
�