[Senate Hearing 112-644]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 112-644
 
    DEVELOPING THE FRAMEWORK FOR SAFE AND EFFICIENT MOBILE PAYMENTS 

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                   BANKING,HOUSING,AND URBAN AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                                   ON

     EXAMINING THE FRAMEWORK FOR SAFE AND EFFICIENT MOBILE PAYMENTS

                               __________

                       MARCH 29 AND JULY 10, 2012

                               __________

  Printed for the use of the Committee on Banking, Housing, and Urban 
                                Affairs


                 Available at: http: //www.fdsys.gov /
?

            COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS

                  TIM JOHNSON, South Dakota, Chairman

JACK REED, Rhode Island              RICHARD C. SHELBY, Alabama
CHARLES E. SCHUMER, New York         MIKE CRAPO, Idaho
ROBERT MENENDEZ, New Jersey          BOB CORKER, Tennessee
DANIEL K. AKAKA, Hawaii              JIM DeMINT, South Carolina
SHERROD BROWN, Ohio                  DAVID VITTER, Louisiana
JON TESTER, Montana                  MIKE JOHANNS, Nebraska
HERB KOHL, Wisconsin                 PATRICK J. TOOMEY, Pennsylvania
MARK R. WARNER, Virginia             MARK KIRK, Illinois
JEFF MERKLEY, Oregon                 JERRY MORAN, Kansas
MICHAEL F. BENNET, Colorado          ROGER F. WICKER, Mississippi
KAY HAGAN, North Carolina

                     Dwight Fettig, Staff Director

              William D. Duhnke, Republican Staff Director

                       Charles Yi, Chief Counsel

                     Laura Swanson, Policy Director

                       Catherine Galicia, Counsel

                 Jana Steenholdt, Legislative Assistant

                  Brett Hewitt, Legislative Assistant

                  Marc Labonte, CRS Detailed Economist

              Brian Filipowich, Professional Staff Member

                 William Fields, Legislative Assistant

                 Andrew Olmem, Republican Chief Counsel

                Mike Piwowar, Republican Chief Economist

                     Beth Zorc, Republican Counsel

            Dana Wade, Republican Professional Staff Member

                       Dawn Ratliff, Chief Clerk

                     Riker Vermilye, Hearing Clerk

                      Shelvin Simmons, IT Director

                          Jim Crowell, Editor

                                  (ii)
?

                            C O N T E N T S

                              ----------                              

                        THURSDAY, MARCH 29, 2012

                                                                   Page

Opening statement of Chairman Johnson............................     1

                               WITNESSES

Kenneth C. Montgomery, First Vice President and Chief Operating 
  Officer, Federal Reserve Bank of Boston........................     3
    Prepared statement...........................................    15
Sandra F. Braunstein, Director, Division of Consumer and 
  Community Affairs, Board of Governors of the Federal Reserve 
  System.........................................................     5
    Prepared statement...........................................    21
    Responses to written questions of:
        Senator Kirk.............................................    86

              Additional Material Supplied for the Record

``Mobile Payments in the United States: Mapping out the Road 
  Ahead''........................................................    92

                              ----------                              

                         TUESDAY, JULY 10, 2012

                                                                   Page

Opening statement of Chairman Johnson............................   149

                               WITNESSES

Michael L. Katz, Sarin Chair in Strategy and Leadership, 
  Professor of Economics, University of California, Berkeley.....   150
    Prepared statement...........................................   167
Sarah Jane Hughes, University Scholar and Fellow in Commercial 
  Law, Maurer School of Law, University of Indiana...............   152
    Prepared statement...........................................   222
Thomas P. Brown, Adjunct Professor, University of California, 
  Berkeley School of Law.........................................   154
    Prepared statement...........................................   227

                                 (iii)


DEVELOPING THE FRAMEWORK FOR SAFE AND EFFICIENT MOBILE PAYMENTS--PART I

                              ----------                              


                        THURSDAY, MARCH 29, 2012

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.
    The Committee met at 10:05 a.m., in room SD-538, Dirksen 
Senate Office Building, Hon. Tim Johnson, Chairman of the 
Committee, presiding.

           OPENING STATEMENT OF CHAIRMAN TIM JOHNSON

    Chairman Johnson. Good morning. I call this hearing to 
order, entitled, ``Developing the Framework for Safe and 
Efficient Mobile Payments''. It is an opportunity for the 
Committee to learn about the growth of mobile payments and the 
current framework of rules this market operates under.
    Our jurisdiction extends over all financial services and 
payment systems regardless of the company that delivers this 
service. That is why the Committee needs to make sure there are 
no gaps in the rules so that this emerging market is safe and 
efficient. This will be the first in a series of hearings, and 
future hearings will delve deeper into this discrete policy 
area.
    I would note that today we are exploring mobile payments, 
not mobile banking. Although both require a cell phone or a 
smart phone, mobile banking is simply a service that allows 
consumers to access their bank account over the Internet on a 
mobile device so that they can perform transactions.
    Mobile payments are much more. They allow consumers to pay 
for a purchase or transfer money using a mobile device. The 
device takes the place of cash, check, or card. The payment is 
made through a Web page, a downloadable app, an email, or a 
text message using a bank or money service business or a mobile 
network provider.
    By simply waving or tapping the device at a terminal, or 
texting a few letters, a payment is made. At a future hearing, 
we plan to invite industry witnesses to describe how this works 
in more detail.
    Today's witnesses are at the forefront of the mobile 
payments and have spent much time studying this topic. They 
will describe our country's current mobile payment system and 
how it is different from similar systems in other parts of the 
world. They will also discuss trends in mobile payment use such 
as who is making mobile payments and how much money is moving 
through our payment system.
    It is not surprising to learn that people between the ages 
of 18 and 29 are the most active mobile payment users. What may 
be surprising is that the underbanked make significant use of 
mobile payments. This can be explained by the high rate of 
mobile and smart phone ownership across socioeconomic lines.
    This morning, we will also explore barriers to use and 
development of mobile payments in the U.S., opportunities for 
growth in this marketplace, and regulatory gaps in the various 
mobile payment models. The current framework of laws that 
govern mobile payments depends on how the payment is modeled.
    If the payment is made through a bank, then the existing 
set of banking and consumer protection laws apply. If the 
payment is made through a money service business, then at a 
minimum, Federal consumer financial, antimoney laundering, and 
State laws apply.
    However, payments made through a text message via a mobile 
network provider do not fall under banking laws. This Committee 
began laying the foundation for rules to oversee these new 
types of payments in the Wall Street Reform Act. The Consumer 
Financial Protection Bureau was given the authority to apply 
Federal consumer financial laws to these transactions.
    The bottom line is that as the mobile payment system 
evolves, it is important for this Committee to provide proper 
oversight so that these payments can be secure and convenient. 
I look forward to today's testimony, and I now turn to Ranking 
Member Shelby for his opening statement.
    Senator Shelby. Mr. Chairman, I ask that my written 
statement be made part of the record so we can move on with the 
witnesses.
    Chairman Johnson. Without objection.
    Senator Shelby. Thank you.
    Chairman Johnson. Thank you, Senator Shelby. Are there any 
other Members who wish to make a brief opening statement? If 
not, thank you all. I want to remind my colleagues that the 
record will be open for the next 7 days for opening statements 
and any other materials you would like to submit.
    Now I will briefly introduce our witnesses. Kenneth 
Montgomery is the First Vice President and the Chief Operating 
Officer of the Federal Reserve Bank of Boston. The Boston and 
Atlanta Reserve Banks have been at the forefront of starting 
mobile payments. The convened the Mobile Payments Workgroup and 
produced a white paper that sets out a roadmap for the 
development of the mobile payments market in the United States.
    Sandra F. Braunstein is the Director of the Division of 
Consumer and Community Affairs at the Federal Reserve Board. 
Her division authored the Consumer Mobile Financial Services 
survey we are examining today. I thank all of you again for 
being here today. I would like to ask the witnesses to please 
keep your remarks to 5 minutes. Your full written statements 
will be included in the hearing record.
    Mr. Montgomery, please proceed.

 STATEMENT OF KENNETH C. MONTGOMERY, FIRST VICE PRESIDENT AND 
    CHIEF OPERATING OFFICER, FEDERAL RESERVE BANK OF BOSTON

    Mr. Montgomery. Chairman Johnson, Ranking Member Shelby, 
and Members of the Committee, thank you for inviting me to talk 
about the Federal Reserve's involvement in the evolution of 
payment systems in the United States. The Federal Reserve has a 
keen interest in this topic as part of our broader efforts to 
foster the efficiency and safety of the Nation's payment 
systems.
    In 2009, the Federal Reserve Bank of Boston began assessing 
the U.S. mobile payments market to understand mobile payment 
trends, activities of key stakeholders, and potential risks to 
consumers related to security and protection.
    As part of our assessment and to respond to industry 
concerns, the Boston and Atlanta Reserve Banks facilitated a 
meeting in early 2010 with most of the major stakeholders 
involved in the mobile payments industry. The purpose of this 
meeting was to discuss the opportunities, barriers, and 
challenges associated with implementing a successful mobile 
payments environment in this country, with a focus on mobile 
purchases at point of sale.
    This first meeting prompted the establishment of the Mobile 
Payments Industry Workgroup, or MPIW, which has met three or 
four times a year and these meetings are continuing through 
2012. Over the course of these meetings, participants have 
shared their high level plans for mobile payments and their 
perspectives on the benefits and barriers to implementation.
    The workgroup also identified possible areas for future 
collaboration to build critical mass for mobile payments in the 
U.S. such as in the area of security and standards. Recognizing 
that a successful mobile payments platform needed an 
underpinning on which to build, the MPIW collaborated to define 
the necessary foundational principles.
    The first was to build an open mobile wallet. The concept 
is a virtual wallet that securely stores multiple payment 
credentials, as opposed to proprietary or closed wallets that 
might limit the number of payment methods available for use by 
a consumer with a mobile phone.
    Second, the mobile infrastructure would be based on a 
standardized near-field communication or contactless technology 
implemented in mobile phones and retail point of sale terminals 
allowing users to tap their phones to pay for purchases.
    Third, mobile payments will be cleared and settled over 
existing, well-protected rails, including debit card, credit 
card, prepaid, and ACH networks. Further, to address security 
issues during the payment process, dynamic data authentication 
would be used to deter counterfeiting and ID theft at the point 
of sale. This is already used in so-called chip and PIN cards 
in other countries and getting readied for use in the United 
States over the next 3 years.
    Fifth, common standards for mobile payments should be 
implemented throughout the industry to ensure interoperability, 
efficiency, and ease of use by consumers and businesses.
    Sixth, clarity of regulatory responsibilities among bank 
and nonbank regulators needs to be established early on. While 
current regulations and rules may cover underlying payment 
methods, multiple regulatory agencies have responsibility for 
different aspects of payments and wireless transactions. 
Industry participants urge bank and nonbank regulators, such as 
the FCC, the FTC, and the Consumer Financial Protection Bureau 
to collaborate to define the regulatory environment for all 
participants.
    Finally, entities known as Trusted Service Managers should 
oversee the provision of interoperable and shared secure 
elements in the mobile phone. These TSMs are the bridge between 
the banks and the mobile carriers and ensure the process of 
installing a customer's account information to the mobile phone 
as efficient and secure.
    These principles form the basis of the white paper on the 
future point of sale mobile payments titled, Mobile Payments in 
the United States, Mapping Out the Road Ahead. The paper, 
reflecting the general thoughts of the MPIW participants, was 
written by the Federal Reserve Banks of Boston and Atlanta and 
published in March 2011.
    The paper was socialized at numerous conferences and in the 
trade press, and shared prior to final publication at a meeting 
with Federal regulators and law enforcement agencies. The 
Federal Reserve will continue to facilitate the dialog among 
the MPIW participants and other stakeholders and monitor 
progress in the evolution of mobile payments.
    A workgroup meeting is scheduled next month. This meeting, 
which will include bank and nonbank regulatory agencies, will 
focus on issues related to security, privacy, consumer 
protection, and respective oversight responsibilities. Future 
efforts will focus on education that is needed to help 
consumers understand steps they can take to protect their 
mobile financial and personal information.
    In closing, the Federal Reserve plans to continue to 
leverage the MPIW as a forum to discuss issues and barriers, 
collaborate on areas of common interest, and help to ensure 
that mobile payments evolve safely and efficiently for all 
consumers. Thank you for inviting me to appear today. I am 
happy to answer any questions the Committee may have.
    Chairman Johnson. Thank you, Mr. Montgomery. Ms. 
Braunstein, you may begin your testimony.

   STATEMENT OF SANDRA F. BRAUNSTEIN, DIRECTOR, DIVISION OF 
   CONSUMER AND COMMUNITY AFFAIRS, BOARD OF GOVERNORS OF THE 
                     FEDERAL RESERVE SYSTEM

    Ms. Braunstein. Thank you. Chairman Johnson, Ranking Member 
Shelby, and Members of the Committee, thank you for inviting me 
to appear today to discuss consumers' use of mobile financial 
services. By mobile financial services, I am talking about two 
categories of activities.
    The first we call mobile banking, which is using your 
mobile device to interact with your financial institution, 
doing things you could also do through more traditional means 
like check your account balance or transfer money between 
accounts.
    The second we call mobile payments, which we define as 
making purchases, bill payments, charitable donations, or 
payments to other persons using your mobile device with the 
payment applied to your phone bill, charged to your credit 
card, or withdrawn directly from your bank account.
    Beyond banking and payments, mobile devices have the 
potential to be useful tools in helping consumers track their 
spending, saving, investing, and borrowing, and in making 
financial decisions. Such technologies also hold the potential 
to expand access to mainstream financial services for segments 
of the population that are currently unbanked or under banked.
    That said, the technologies are still evolving and 
important concerns such as consumers' unease about the security 
of these technologies must be addressed for consumers to feel 
confident adopting these new services.
    To further our understanding about consumers' use of and 
opinions about such services, the Board commissioned a survey 
late last year. Nearly 2,300 respondents completed the survey. 
This survey integrated questions about using mobile devices for 
shopping and comparing products, along with questions about 
using mobile devices for banking and payments. A copy of the 
report, which is based on the survey responses, is attached to 
my written testimony.
    Nearly nine out of ten adults in the United States have a 
mobile phone, and two-fifths of those phones are smart phones 
with Internet connectivity. Among all mobile phone users, one 
out of five have used their phones to conduct some banking 
activity in the last 12 months.
    Consumers below age 29 have readily adopted mobile banking 
and make up almost 44 percent of all consumers surveyed who use 
such services. Adoption rates of mobile banking also differ by 
racial and ethnic background, with Hispanics and non-Hispanic 
blacks making up a disproportionate share of those who use 
mobile banking services.
    Of those consumers who had not adopted mobile banking, the 
primary reason given was that they felt their banking needs 
were being met through more traditional means. Security 
concerns were the second-most cited reason for not using mobile 
banking. Mobile payments are not yet as prevalent as mobile 
banking. One out of eight respondents reported making a mobile 
payment in the previous 12 months, and usually this involved 
paying a bill online via their mobile phone.
    Mobile payments are disproportionately used by consumers 
under the age of 45 and by Hispanics. Consumers who are not 
currently using mobile payments responded that they were 
concerned about the security of the technology, did not see any 
benefit from mobile payments, or found it easier to pay in 
other ways, for example, with cash or with a credit card.
    Consumers who were underbanked, that is, those who have a 
bank account but also use alternative financial service 
providers, such as a check casher, a payday lender, an auto-
title lender, or payroll card makes significant use of mobile 
banking and mobile payments. The underbanked are more likely 
than the general population to use mobile payments, with one 
out of six using payment services on their mobile devices.
    Consumers can also use mobile financial services to make 
financial decisions. Of those consumers who use mobile banking, 
more than two-thirds reported that they checked their account 
balance or available credit before making a large purchase. 
Moreover, among the consumers that reported doing this, nearly 
six out of ten reported that they had decided not to buy an 
item because of the amount of money available in their account.
    Some consumers reported setting up text alerts from their 
banks if their account balance was getting low, and among those 
using this service, five out of six reported taking some action 
in response to receiving these alerts.
    We plan to continue monitoring consumers' experiences as 
the technology and business practices evolve. I am happy to 
answer any questions you may have.
    Chairman Johnson. Thank you. Unfortunately, it does not 
appear that we will reach a quorum for this morning's 
nominations mark-up. We will, therefore, hold the mark-up off 
the Senate floor when we vote at 11:30. Please monitor 
communications from Committee staff for specific details.
    Thank you for your testimony. As we begin questions, I will 
ask the clerk to put 5 minutes on the clock for each Member. 
Mr. Montgomery, given the evolving marketplace for mobile 
payments, what are your recommendations for effectively 
balancing the need for safeguards while fostering efficiency 
and innovation in this rapidly changing industry?
    Mr. Montgomery. We think that there needs to be a balance 
to ensure that we have an environment where we have cooperation 
amongst the providers in this complex delivery environment. 
Mobile payments require a combination of technologies and using 
our existing infrastructures and payment mechanisms such that 
there has to be cooperation between the providers, handset 
manufacturers, and others involved in the payment system.
    In that regard, we think that an environment where 
regulators are working with the structures already in place, 
will help foster that innovation and where the providers are 
working collaboratively, setting standards with one another 
such that the innovation will continue.
    The need for standards and interoperability is going to be 
very important to continue to move progress forward on the 
adoption of mobile payments.
    Chairman Johnson. This is for both witnesses, beginning 
with you, Ms. Braunstein. Information security concerns are one 
of the biggest barriers to mobile payment use. What steps has 
industry taken to address those concerns and are they 
sufficient? What steps should this Committee take to make sure 
that all forms of mobile payments are secure? Ms. Braunstein, 
let us start with you?
    Ms. Braunstein. OK. I think, to be honest, Mr. Montgomery 
is probably better able to address this question. I know that 
industry is very concerned about the security, as it is a big 
consumer issue, and there are things they are doing to address 
these concerns. Mr. Montgomery could better address those.
    Mr. Montgomery. The industry is looking at a number of 
different mechanisms for security. Security needs to occur both 
at the channel and in terms of the mobile phone itself. And so, 
there are standards under development for technologies related 
to near-field communication. Likewise, we have to ensure that 
there is security through the entire channel of delivery, 
including backing systems.
    Sufficient standards exist in place for many of those 
mechanisms today. Ongoing technology looking at potential 
security risks across that broad spectrum needs to occur. There 
is a component of this that involves making sure the consumer 
is aware of how to use the device and what protections they can 
take to ensure that their phone is being used for banking 
appropriately.
    Chairman Johnson. Ms. Braunstein, what information should a 
consumer disclosure form contain for a mobile payments service?
    Ms. Braunstein. So at this point in time, there are no 
specific disclosures for using mobile technology. The 
disclosures that apply to the accounts or the mechanisms that 
people are using to pay their bills would still apply. I think 
that it bears further study in terms of how effective the 
current disclosure regime will be over a mobile device.
    There are questions of clear and conspicuous. There are 
questions of size of disclosures for various transactions. And 
I think that those things have not yet been addressed, but are 
something that need to be looked at.
    Chairman Johnson. Mr. Montgomery, the U.S. lags the rest of 
the world in mobile payment usage. Please discuss why using 
examples of how this market has evolved in other countries. 
What were some of the major barriers and how were they 
overcome? What can we do to encourage the safe growth of this 
market in the United States?
    Mr. Montgomery. So as we look at the market of mobile 
payments, there are a couple of other countries and 
implementations that we could look at. In Japan, for example, 
they have a rather robust implementation of mobile payments. 
They started with the use of contactless payment cards that 
were used basically in their transportation system.
    In Japan, cash is widely used for payments of lots of 
services. Over several years, as more and more consumers got 
accustomed to using contactless technology for transportation, 
as well as other merchants in particular areas surrounding 
transportation, they quickly were able to move that technology 
into secured chips within mobile phones.
    As a result, a number of organizations within Japan have 
collaborated to come up with standards such that mobile handset 
providers as well as other providers can use similar formats. 
Restaurants, other consumer outlets now accept that mobile 
payment device at the point of sale as part of that 
transaction.
    What we see in other countries that do not have as many 
choices in terms of retail payments, countries like Kenya where 
they do not have a banking system with lots of branches, is 
that they are using mobile payments as a way of not only 
person-to-person payments, but for the ability to get cash and 
make payments in other outlets. That use relies quite a bit on 
collaboration between the telecommunication providers as well 
as the national banking systems.
    As we look into Europe, they are likewise moving toward a 
mobile payment environment, but they have years of experience 
with the so-called chip and pin card. They are moving to 
contactless technology. We see that making consumers 
comfortable with the use of a contactless card seems to be a 
segue into getting them comfortable with using a mobile device 
with the same type of security protections to make purchases.
    Chairman Johnson. Senator Shelby.
    Senator Shelby. Thank you, Mr. Chairman. Mr. Montgomery, in 
your testimony, you discuss the need to clarify the regulatory 
responsibilities among the bank and nonbank regulators for 
oversight of mobile payments. You note that you believe that 
the FCC, the FTC, and the Consumer Bureau all have to 
collaborate to define the regulatory environment for all the 
participants here.
    On which issue is it most important for regulators to 
cooperate on regulating mobile payments and has the Federal 
Reserve met with any or all of those agencies to address those 
issues?
    Mr. Montgomery. The regulation for payments using debit 
cards, credit cards is very well defined. Using a mobile device 
is just another channel into the payment system. So those rules 
apply very well.
    Senator Shelby. The rules are there, right?
    Mr. Montgomery. Yes, sir, the rules are there. As we look 
at some other mechanisms by which mobile can be funded, like 
prepaid cards, as well as perhaps prefunded cards that would be 
used as part of your mobile payment bill, or perhaps some 
purchases you would make that would be charged to your mobile 
payment bill, there are the areas where we seem to need some 
further collaboration amongst the regulators.
    Senator Shelby. For example? Give us an example.
    Mr. Montgomery. So if I was purchasing something and it was 
charged directly to my mobile phone bill and it cost six or 
seven dollars, what would be my redress if for some reason I 
really did not make that charge? Who would I have to go to to 
get that money back? What would be the regulations so that that 
telco provider would fund my account? Those are the types of 
things that we would have to look at.
    Senator Shelby. Is there a lot of that?
    Mr. Montgomery. There are some instances in which we are 
seeing people buying ringtones or other things from their 
provider and they have to work directly with their provider to 
purchase those things. Probably another area with similar 
concerns is the use of prepaid cards, such that if the prepaid 
card is the funding mechanism, and there was an unauthorized 
charge, what would be the recourse for getting that card 
refunded.
    Senator Shelby. Well, today if you have a problem with your 
credit card, you call your credit card issuer.
    Mr. Montgomery. That is correct.
    Senator Shelby. I have had people steal my card, stuff like 
that. But the issuer always corrects it.
    Mr. Montgomery. The issuer corrects that as part of the 
relationship that they have within banking regulation, and 
there are rules in terms of the time frames that they have to 
be resolved, when credits have to be returned. That is not as 
clear in the mobile world if it was being charged not with your 
debit or your credit card but with a telco provider or a 
prepaid card.
    And that is the area we think, working with the FCC and the 
FTC and the Consumer Protection Bureau, we could look at what 
changes would be required for that.
    Senator Shelby. You want the system to continue to work. I 
would assume you would not want to be so heavy-handed it would 
not work, right?
    Mr. Montgomery. That is, I think, a very important point, 
that we are looking for regulation to basically help continue 
movement in this area, not inhibit the type of progress we want 
to make. And so, as we look at where there might be gaps in 
regulation, it would be closing those gaps, not doing a zero-
based review with the regulation.
    Senator Shelby. Ms. Braunstein, the underbanked, which are 
a lot of people, the Fed's recent survey stated that the 
underbanked are substantially more likely to make bill payments 
using their mobile phones than the general population. In 
particular, the report states that 62 percent of the 
underbanked who use mobile services report paying bills with 
their mobile phones in the past year, compared with 47 percent 
of the overall population of mobile phone users.
    What are some of the benefits to the underbanked that come 
from the use of mobile technology? And how do you define the 
underbanked?
    Ms. Braunstein. The underbanked--I will take the last 
question first.
    Senator Shelby. OK.
    Ms. Braunstein. And the underbanked are defined as people 
who have a banking relationship. They may have an account at a 
bank, but they also use alternative financial providers. So in 
addition to their bank account----
    Senator Shelby. And why do they--excuse me. Why do they do 
that if they have a banking relationship? Why do they use 
alternatives?
    Ms. Braunstein. Well, there could be a variety of reasons 
why they use--they may need a payday loan or an auto-title loan 
and it could be the inability to get a loan at a bank. Or the 
fact that there is discomfort with dealing with banks----
    Senator Shelby. OK.
    Ms. Braunstein. ----and dealing with a payday lender is 
easier. The accessibility in neighborhoods is also a big 
reason, where the check cashers and the payday lenders are more 
accessible to some people who are underbanked, and so they use 
those services more frequently. It seems that the underbanked 
are not necessarily underphoned, so they do have a much higher 
percentage of ownership of mobile phones.
    That may be one reason why they are using these mechanisms. 
There may be a comfort factor with using mobile technology.
    Senator Shelby. The Fed's recent survey also indicated that 
the use of a mobile phone can have a positive impact on a 
consumer's financial decisions. For example, the survey found 
that 59 percent of those consumers who check their bank or 
credit card account information using a mobile device before 
making a purchase reported that they decided not to buy an 
item. They probably saw their balance or thought that they 
would be challenged.
    What are the other ways a mobile device can help consumers 
make on-the-spot financial decisions?
    Ms. Braunstein. Well, in addition to the fact that they do 
not make the purchase, there is also an interesting statistic 
in terms of consumers who get information about their account 
balances getting low and take some action such as transferring 
or depositing more funds to bring the balances up.
    The other thing that we are starting to see is consumers 
using their mobile devices for shopping, and there is the 
ability for some smart phones, to be used when consumers are in 
a store to scan in the barcode of an item and get information 
about similar products, which may be cheaper. It helps 
consumers make better financial decisions in terms of their 
purchasing right on the spot.
    So it is one of those teachable moments, frankly, in 
financial education.
    Senator Shelby. It could have a positive impact on 
consumers' shopping habits----
    Ms. Braunstein. Correct.
    Senator Shelby. ----and make them a little more frugal?
    Ms. Braunstein. Could be, yes.
    Senator Shelby. Thank you. Mr. Montgomery, in your 
testimony, you noted that data privacy is a major concern. 
Providers of the mobile payment services will have access to 
customer data and a customer's buying behavior, which could in 
turn be sold to marketers and retailers. We know that.
    Your testimony states, and I quote, that the potential 
marketing value of consumer data, when tied to mobile payments, 
is significant. I think that is obvious. The question to you, 
should consumers be given the opportunity to opt out of having 
their customer information shared in this context?
    Mr. Montgomery. Yes. Consumers should have the----
    Senator Shelby. The answer is yes?
    Mr. Montgomery. Yes.
    Senator Shelby. OK.
    Mr. Montgomery. Consumers need to have the option to opt 
out from information that is being collected about them. 
Likewise, as they are using particular services provided by 
mobile phone and mobile payments, they should be very much 
informed about what data is being collected.
    Senator Shelby. Thank you, Mr. Chairman.
    Chairman Johnson. Senator Warner.
    Senator Warner. Thank you, Mr. Chairman. I want to thank 
you and the Ranking Member for holding this hearing. I know 
maybe it has not attracted a lot of our colleagues, but I think 
you are probably looking at one of the most significant areas 
of growth over the next couple of decades, and I am glad the 
Fed is taking some of these actions.
    I mean, it seems to me you have got two or three different 
buckets here. You have got, on the mobile payments, you have 
got the mobile banking piece. You have got the mobile payments 
piece. You have got the mobile payments piece that runs through 
the traditional credit card authorization process that comes 
with a certain amount of protections and rules of the road.
    You have got the mobile payment piece that might run, as 
you mentioned, Mr. Montgomery, back to the telecom provider, 
right? So the bill might appear there. You have got certain 
individual retailers who are setting up their own systems where 
if you come into the national brand retailer, it may then 
appear back on that particular retailer's credit card or credit 
device, if they have got some prearranged. And then you have 
got the prepaid.
    Is there any way, at this point, either in the States with 
your survey you did, or examinations abroad of kind of breaking 
that into percentages of how much falls into each of those 
categories?
    Mr. Montgomery. I do not have exact percentages, but the 
vast majority goes back to the credit card.
    Senator Warner. But if you could get some of that and 
whether the growth is coming in on the prepaid side, as Ms. 
Braunstein said, in terms of folks who are underbanked, I would 
be very interested in those, as well as directly back onto the 
telecom providers' bill.
    Because I think one of the things that we might want to 
think about or love to get you-all's comments on, is that if 
you are not going to go through the credit card, and we have 
had more than some debates in this Committee and on the floor 
about the whole question of interchange fees, and if you affect 
that fee, whatever level it is set at is the transaction 
protection fee in there. You could end up having a marketplace 
set a whole bunch of fees that could be hidden, baked into your 
telecom bill, or baked into your provider bill, or prebaked 
into if you have got a prepaid card.
    I would just hope we would be--I do not have an answer on 
what that should look like, but have we been--have you been 
looking at that? If you are bypassing the traditional credit 
card industry with the protections that are in place, who is 
going to bear the risk and who is going to charge the fee to 
bear that risk?
    Mr. Montgomery. Those are some of the issues as we look at, 
the channels people are using for payment. What are the 
associated costs that are coming along with that? My earlier 
comment where I indicated that the vast majority of payments 
were flowing through the channels that support a debit and 
credit card, those fees are well-known.
    And as we look at some of these other channels, prepaid 
directly to the telecom provider, that is where we would have 
to make sure we understood the fee structure.
    Senator Warner. Again, but there are two ways. One may be 
prepaid, which may or may not carry--you might have a telecom 
risk. The other would be whether the telecom company is going 
to take on that risk in terms of bundling into some kind of 
payment that appears or maybe does not appear on your telecom 
bill. Is that not correct?
    Mr. Montgomery. That is correct. There would be two 
different areas to look at related to that.
    Senator Warner. And has the work you have done, both looked 
into how those practices are evolving in the United States and 
how they have evolved in other countries?
    Mr. Montgomery. Not at this point. As we talk about moving 
forward with some of the work of the Boston and Atlanta Feds 
and this MPIW and discussions with the regulators, that is 
where I would expect we would at least start to discuss some of 
these issues, and then as other regulators begin to collaborate 
on them, I would expect some work to occur on that as well.
    Senator Warner. Mr. Chairman, as somebody who felt that we 
kind of took a blunt instrument to the interchange fee debate, 
and that echoing Senator Shelby's comments that we want this 
practice to have appropriate rules of the road but we do not 
want to inhibit it moving forward, I would urge that we ought 
to see if we can get some thinking maybe--I know you are going 
to have other hearings in this area--that kind of get ahead of 
this, at least in our thinking, because I think this area, you 
know, somebody's going to bear this risk, different type on 
prepaid, different type on putting onto the telecom, different 
type on directly putting it onto the retailers, a specific 
card, and thinking about that ahead of time so we do not end up 
later on down the path finding that there is a monster been 
created here that we did not think about ahead of time and then 
having to come in and, perhaps with over-regulation later, if 
we can set the rules before this industry grows too quick.
    But I can assure you, as somebody that managed to eke out a 
living in the wireless business 25 years back when everybody 
thought it was going to be a tiny little business, and just 
like this Committee, nobody wanted to show up at the hearing, I 
would make a bet that this payment system around mobile is 
going to be a huge issue.
    Senator Shelby. Would the Senator yield, if you would?
    Senator Warner. Of course.
    Senator Shelby. He did more than eke out a living, but he 
was in the early part of the mobile phone business and 
everything else. But we want this to grow. I think you would 
agree. The market will grow it. Innovation will grow it. But we 
also could choke it to death by regulation and pricing and 
price fixing, like we did on the interchange fee. Somebody, as 
you mentioned, somebody is going to pay. There is a cost for 
all of this, but the more it is, the lower the cost.
    Senator Warner. Right. And all I am saying, Senator----
    Senator Shelby. Would you disagree with that?
    Senator Warner. No, I completely agree and I think you--you 
know, I agree with you. We do not want to choke this off with 
over-regulation. But we do need--what we would hate, knowing 
how quickly some of these industries develop, and there is 
going to be a clearinghouse at some point because you are going 
to have all these different systems, trying to at least make 
sure that we are all aware.
    What we would not want to have happen is you have got the 
beginnings of a robust industry and telecom providers have 
agreed to bake into a bill X percent, whatever it is, and then 
after the fact, everybody says, Oh, my gosh, this is way above 
market, or whatever, and then we kind of back into another 
interchange argument. We just ought to know what we are getting 
into ahead of time.
    Senator Shelby. Absolutely.
    Ms. Braunstein. Senator, can I just----
    Senator Warner. And I know my time is expired.
    Ms. Braunstein. I am sorry.
    Chairman Johnson. Ms. Braunstein.
    Ms. Braunstein. Yes. I am sorry. I just wanted to address 
one thing in terms of the prepaids, not the telecom bills, but 
the prepaids. There are some protections already afforded to 
those prepaids that are payroll cards that are used 
specifically for paying employees. Those protections have not 
been extended at this point to general purpose, prepaid cards.
    But the authority to do that kind of work has been given to 
the Consumer Protection Bureau. It was one of the authorities 
we had under the EFTA Regulation E, that transferred to the 
Bureau last July. So there is some authority for that right 
now.
    Senator Warner. The only comment I would make, Mr. 
Chairman, is, you know, again having been on the telecom side, 
and I cannot believe that the telecom provider, even with a 
prepaid, is going to charge the same rate or fee for a text 
message that my daughter might send to her friend, that they 
are going to charge for that financial transaction, even with a 
prepaid chip back to the ultimate receiver of those funds.
    Because just the risk exposure is going to be different. 
Maybe I am wrong. I do not know, but I would like----
    Ms. Braunstein. Well, at this point, we do not know what 
will happen in the future, but at this point, from what we can 
see, the telecoms are not charging for the use of mobile 
banking or payments. There is no charge.
    Senator Warner. I just would love to have, at some point--
and I know we are just at the beginnings of this and maybe we 
could get some more from the merchants and others and telecoms, 
and again, a little more idea about what is going on abroad, 
where this--somebody is going to charge an interchange fee or 
something like an interchange fee in this process.
    I would just like to see what all the options are.
    Ms. Braunstein. As we said, this is a mechanism to use 
existing channels. So if you are using a debit card or a credit 
card, the interchange fees that apply to those instruments----
    Senator Warner. Right, I got that.
    Ms. Braunstein. ----will still apply.
    Senator Warner. I got that. Thank you. Thank you, Mr. 
Chairman. I appreciate it.
    Chairman Johnson. Senator Shelby.
    Senator Shelby. I just want to pick up in the area of 
Senator Warner, just an observation. There is a charge for 
anything, a service. There should be a charge. People should be 
aware of this. But I believe myself that the market ought to 
set it, not the Government, because it is price fixing, in a 
sense, because as this technology explodes and keeps growing, 
and it will, as Senator Warner pointed out, price of doing 
business should come down, not go up.
    There is nothing like transparency, but gosh knows, I hope 
we will not continue down the road of staying in the 
interchanges. There is just a cost for transactions. I do not 
mind paying that cost. I know I have got a friend that used 
PayPal on something. I did not even know how PayPal worked.
    But he did it because it was a quick payment like this and 
he is happy with what he paid. He knew. He is very well-
educated. He knew what was happening and he knew it was not 
free. But as long as people know.
    Senator Warner. And I guess I would completely echo what 
Senator Shelby just said. I think the market ought to set this, 
but there are so many ways that you could bake this in that it 
is not transparent.
    Senator Shelby. Oh, yes.
    Senator Warner. And that is what I was trying to make 
sure----
    Senator Shelby. I do not like hidden things, but I do not 
want the Government pricing things. I do not believe the 
Senator from Virginia does either.
    Senator Warner. No, sir. Thank you, Mr. Chairman.
    Chairman Johnson. I would like to thank our witnesses for 
their very interesting testimony today. As the mobile payment 
system develops in this country and around the world, the 
Committee must make sure that consumers are protected and that 
the efficiency and integrity of the U.S. payment system is 
maintained.
    I will look forward to learning more about this topic and 
working with my colleagues on the policy questions raised by 
this evolving market. This hearing is adjourned.
    [Whereupon, at 10:52 a.m., the hearing was adjourned.]
    [Prepared statements, responses to written questions, and 
additional material supplied for the record follow:]
              PREPARED STATEMENT OF KENNETH C. MONTGOMERY
First Vice President and Chief Operating Officer, Federal Reserve Bank 
                               of Boston
                             March 29, 2012
    Chairman Johnson, Ranking Member Shelby, and Members of the 
Committee, thank you for inviting me to appear before you today to talk 
about consumers' use of mobile financial services.
    My testimony today will discuss development of the mobile payments 
system in the United States, and activities and progress of a mobile 
payments industry workgroup (MPIW) first convened by the Federal 
Reserve Banks of Boston (FRB Boston) and Atlanta in January 2010 to 
facilitate a discussion among key mobile industry stakeholders as to 
how a successful retail mobile payments ecosystem could evolve in the 
U.S. This group includes representatives of several large banks, credit 
card and automated clearing house (ACH) networks, the two largest 
mobile carriers, intermediaries/third-party payment processors, 
Internet payment service providers, mobile technology and security 
providers, handset and chip manufacturers, mobile and payment trade 
organizations, and a merchant trade group. Representatives from the 
Board of Governors of the Federal Reserve and United States Treasury 
also participate. This workgroup has continued to meet three to four 
times each year since the initial 2010 meeting.
Evolution of Mobile Payments and Banking in the United States
    Before turning to mobile payments and banking, it may be helpful to 
provide brief context about the post- World War II history of the U.S. 
payments system. Looking back, banks and policy makers in the 1950s and 
1960s were grappling with significant problems created by the growth of 
economic and financial activity relative to our ability to process 
paper payments and other financial instruments. At that time, retail 
payments were largely made by cash and checks. The use of computers to 
automate banking processes was just beginning. Since then, the U.S. 
payments landscape has changed dramatically. Electronic payments made 
through payment card networks and the automated clearing house system 
have become increasingly prevalent, and now represent about four out of 
every five noncash payments in this country. Virtually all check 
payments, which have been declining in number since the mid-1990s, are 
now cleared electronically, rather than in paper form. The cumulative 
effects of automation and innovation have driven several waves of new 
banking and payment services that continue to improve the efficiency 
and effectiveness of our payment systems.
    The evolution of mobile banking and payments encompasses a 
combination of continued advances in hardware, software, and payment 
systems, including contactless payments, online banking, mobile phones 
(particularly smartphones), applications, and the convergence of 
Internet or e-commerce and mobile-commerce.
    Since the late 1980s, companies and industries around the globe 
have experimented with different payment mechanisms aimed at improving 
access to banking services and the efficiency and ease of use for 
retail point-of-sale payments. For example, a contactless technology 
was developed in Japan, which a major commuter railroad in Tokyo 
implemented in a proprietary reloadable prepaid card. In addition to 
transit fare, consumers could use the contactless card to pay for 
purchases at merchants equipped with contactless readers near train 
stations. A similar product, also based on this contactless technology, 
was launched in Hong Kong's transit system in 1997. In the same year, a 
RFID \1\ contactless payment system that allowed customers to wave/tap 
a fob to pay at the pump, was launched, the first of its kind in the 
United States.
---------------------------------------------------------------------------
     \1\ RFID or Radio Frequency Identification Device is a tag or 
transponder used to identify and transmit data short distances in one 
direction via radio waves.
---------------------------------------------------------------------------
    In the late 1990s, Finland launched a number of mobile commerce and 
banking initiatives. The first two mobile phone-enabled vending 
machines, which accepted payment via mobile phone text messaging, were 
installed in Helsinki. A bank in Finland launched the first mobile 
banking service to monitor account activity using this technology.
    In the early 2000s, an online payment platform emerged that allowed 
consumers to email payments to each other. In 2002, online auctions 
were enabled to receive electronic payments from participants, 
replacing paper checks. Eventually, the online payment platform was 
expanded to online merchants.
    U.S. consumers began to embrace online banking in the early 2000s. 
By October 2002, 34 million consumers, (representing 30 percent of U.S. 
Internet users) used online banking, an increase of 19 million 
consumers performing online banking since March 2000.
    Initiatives that would allow consumers to use their mobile phones 
to perform new functions surged in 2000, driven by the development of 
mobile Internet access, the popularity of the Internet and e-commerce, 
and the increased awareness of mobile phones as more than voice 
communication tools. However, these service offerings did not meet 
consumer expectations and neither the phones nor the mobile networks 
handled data well, which led to very low adoption rates. The arrival of 
3G \2\ services in the mid-2000s addressed earlier technology problems 
and had a revolutionary impact on mobile technology in the U.S. Mobile 
phone manufacturers introduced smartphones that were enabled with more 
effective Web browsing and data capabilities.
---------------------------------------------------------------------------
     \2\ 3G (generation) mobile services provided more bandwidth for 
faster Internet access from a mobile phone, as well as advanced media 
features.
---------------------------------------------------------------------------
    By 2006, helped by increased Internet and online banking adoption, 
and availability of smartphones, banks began to reexamine the 
development of mobile banking capabilities. Six of the largest ten U.S. 
banks offered mobile banking services by the end of 2007. Initially 
most banks offered browser and Short Message Service (SMS) based 
services, but in 2007, the mobile banking/payments market underwent a 
major transformation with the introduction of a new generation of 
smartphone. Now customers were able to download banking applications 
and other more advanced applications used for mobile-commerce that were 
not SMS-based, providing customization and improved security. The 
success and rapid growth of these and other smartphones led to 
increasing use of downloadable mobile applications for mobile banking 
and payments. By 2008, core deposit processors and mobile solution 
vendors began to develop software solutions tailored to financial 
institutions, enabling smaller U.S. banks to also offer mobile banking 
services.
    Beginning in 2005, two payment networks launched several U.S. card 
and mobile contactless trials, which typically took place in 
metropolitan areas and ran for 4 to 6 months. The trials involved using 
a mobile phone to pay for in-store purchases at selected convenience 
stores and fast food restaurants, purchase transit tickets, or purchase 
concession items at sports venues. Although some trials proved the 
viability of Near Field Communication \3\ (NFC) contactless technology, 
no full-scale deployments followed. In 2009-2010, several NFC 
initiatives were taking place in Turkey, Singapore, and the U.K., and 
NFC-enabled phones were introduced in Canada.
---------------------------------------------------------------------------
     \3\ Near Field Communication or NFC is a short-range wireless 
proximity technology that uses radio frequency to enable two-way 
communication between devices. NFC chips are embedded in mobile phones 
to enable contactless ``tap and go'' payments.
---------------------------------------------------------------------------
    Several new mobile payment services were introduced within the last 
3 years that could have a major impact on mobile payments in this 
country. In 2009, a new attachable card reader that plugs in to a 
smartphone was introduced, enabling small merchants to accept credit 
and debit cards. In 2011, a number of companies and industry 
partnerships announced mobile/digital wallet solutions utilizing NFC or 
cloud technology.
    Mobile payments have been referred to as the ``next payments 
revolution'' by some industry participants. As mobile wallet 
technology, built upon the NFC contactless chip and secure element \4\ 
for improved security and convenience, appeals to a broader array of 
consumers, and as merchants, banks, payments systems participants, and 
technology and telecommunications providers derive increased revenue or 
lower costs as a result of broad adoption, mobile payments should 
significantly change domestic and global payments practices.
---------------------------------------------------------------------------
     \4\ Combination of hardware, software, interfaces, and protocols 
that enable secure storage and use of credentials for payment, 
authentication, and other services.
---------------------------------------------------------------------------
Why the Federal Reserve System Convened the MPIW
    The Federal Reserve strives to foster the safety and efficiency of 
the Nation's payment systems. We monitor the evolution of retail 
payments through a variety of means, including a triennial Retail 
Payments Study \5\ and an annual Survey of Consumer Payment Choice. \6\ 
Of particular interest has been the migration of retail payments from 
traditional to emerging platforms, including the evolution of mobile 
banking and payments.
---------------------------------------------------------------------------
     \5\ http://www.frbservices.org/communications/
payment_system_research.html
     \6\ http://www.bos.frb.org/economic/ppdp/2011/ppdp1101.htm
---------------------------------------------------------------------------
    When FRB Boston began to research mobile banking and payments, our 
goal was to better understand how the industry was evolving, the 
factors that would motivate interaction and cooperation between mobile 
carriers and U.S. banks, the major barriers to adoption, and the impact 
of mobile payments on consumers in the U.S. payment system. We had seen 
mobile payments evolving more quickly in other parts of the world and 
wanted to understand why progress in the U.S. was slower. In late 2009, 
the large U.S. banks were developing mobile banking solutions, and 
regional and small banks were beginning to assess their business cases 
for mobile banking, but the concept of using a mobile phone to make a 
purchase was just surfacing. \7\
---------------------------------------------------------------------------
     \7\ Banks had shown significant interest in the previous 3 years, 
but many preferred to be fast followers, not leaders. Most banks, 
except the very large, were moving slowly, waiting for others to 
demonstrate the viability of mobile payments. Only 1,000 of the 
approximately 17,000 banks offered mobile banking in the U.S. at the 
end of 2009. However, 40 percent of U.S. consumers used online banking. 
Many stakeholders believed that in 2010 and 2011 there would be 
significant momentum leading the financial services industry to become 
more involved in mobile (banking and payment) services. They noted, 
however, that many smaller U.S. banks and credit unions look to their 
existing third-party core deposit processors to deliver solutions 
without significant upfront cost.
    Contactless cards, introduced several years ago in the U.S., were 
not successful and did little to generate demand for mobile payments. 
Poor marketing and education may have contributed. Many cardholders 
received contactless cards but were unaware that they had them or how 
to use them and did not know whether merchants they frequented accepted 
contactless payments.
---------------------------------------------------------------------------
    In conversations FRB Boston had with bankers and payments experts 
in 2009, we heard that they were concerned with fragmentation and lack 
of communication among key stakeholders, particularly mobile carriers, 
about the direction of mobile payments in the U.S. Industry 
participants suggested that the Federal Reserve facilitate a 
conversation among a diverse group of mobile payment stakeholders. 
Realizing that mobile payments would impact consumers in new ways, we 
wanted to ensure that all stakeholders adequately addressed issues 
related to consumer protection and security. Additionally, mobile 
carriers, which had limited understanding of banking and payment 
systems, would have an important role in the evolution of mobile 
payments, which introduced new coordination issues. Lastly, we believed 
that mobile payments, correctly implemented, could create new 
efficiencies in payments and possibly create new, cost effective, 
alternatives for the unbanked and the underbanked. As a result, the 
Federal Reserve hosted the first meeting of the MPIW in January 2010, 
to facilitate discussion on the evolution of mobile retail payments in 
the United States.
Objectives of the MPIW
    The overarching goal of the Federal Reserve in convening the MPIW 
was to encourage growth and innovation in the mobile payments market 
while minimizing risk to consumers and the payment system. The Federal 
Reserve believed it was important to gain an industry perspective to 
determine what barriers existed to the proper evolution of this market 
and whether we could help eliminate these barriers. We also wanted to 
explore how we might collaborate on issues of mutual interest. Thus, 
the objective for the first meeting was to have the experts inform and 
educate us, and to engage in an open cross-industry dialogue.
    Many of the organizations represented at the meeting were already 
involved in mobile payment initiatives in Asia, Africa, and Europe. In 
the U.S., a variety of very limited NFC contactless pilots were 
underway that enabled contactless payments initially on credit and 
debit cards and then mobile phones, but none with any lasting 
commercial availability. The industry was struggling to define a 
direction for mobile payments because of conflicting business models 
and strategies, and a lack of demonstrated consumer demand.
    The main objectives for the group were to (1) gain a mutual 
understanding of the evolution of mobile retail payments in the U.S.; 
(2) provide a forum for participants to assess challenges, find points 
of mutual value, share ideas, and build consensus in a nonbinding, free 
market manner; and (3) identify possible opportunities for future 
collaboration to help build critical mass for the success of mobile 
payments in the U.S.
What the MPIW Has Completed to Date
    Recognizing the diversity of industries in the MPIW, subsequent 
meetings attempted to level set the group by covering each 
organization's initiatives relative to mobile payment plans, and 
perspectives on the benefits and barriers to implementation. 
Participants identified as benefits of mobile payments:

    The ability to reduce fraud using an encrypted contactless 
        mobile platform.

    Potential merchant cost efficiencies gained by processing 
        mobile payment transactions considered more secure than card 
        transactions because of the use of dynamic data versus static 
        magnetic card data, and reducing potential costs associated 
        with PCI (Payment Card Industry) security standards compliance.

    Consumer convenience and value using a mobile wallet 
        containing multiple payment methods stored securely in the 
        mobile device, along with loyalty cards, virtual coupons, and 
        discounts customized to reach different demographic cohorts 
        determined by location-based, real-time capabilities of mobile 
        technology.

    The ability to use a mobile phone to provide financial 
        services to the unbanked and underbanked consumer segments.

    Despite the benefits, participants identified a number of barriers 
that have impeded the growth of mobile payments, including:

    Lack of consumer demand, driven by the availability of many 
        safe alternative payment choices in the U.S. and few 
        differentiating factors or substantial benefits that consumers 
        can see yet from mobile payments.

    Lack of NFC-enabled smart phones. This obstacle may be 
        partially addressed as several handset manufacturers have 
        committed to making more NFC-enabled phones in 2012.

    Lack of a standard business model (bank-centric, carrier-
        centric, partner- or nonbank-centric), creating market 
        fragmentation and limits mass adoption.

    Small percentage of merchant terminals that accept 
        contactless NFC payments today. The capital investment in 
        point-of-sale equipment for contactless technology is 
        expensive, so merchants have been reluctant to make investments 
        until they are certain of the direction in which the market is 
        headed. They must now also factor in the implementation of EMV 
        technology in the U.S., given the recent Visa/MasterCard 
        mandate of compliance beginning in 2013. \8\ However, this 
        mandate may encourage faster implementation of NFC as part of 
        the EMV implementation, or at least provide a deadline for 
        compliance.
---------------------------------------------------------------------------
     \8\ EMV is a global standard for credit and debit payment cards 
based on chip card technology, taking its name from the card schemes 
Europay, MasterCard, and Visa, which developed it. The standard covers 
the processing of credit and debit card payments using a card that 
contains a microprocessor chip at a merchant payment terminal. The 
transactions are referred to as ``chip and PIN'' because PIN entry is 
usually required to verify the customer is the genuine cardholder. The 
EMV standard has been implemented in most developed countries, other 
than the U.S. In August 2011, Visa announced a phased EMV migration 
plan for the U.S. In January 2012, MasterCard announced its own EMV 
adoption program. Both programs incorporate similar incentives and 
timelines designed to encourage migration by processors and acquirers 
by April 2013, and retailers by mid-2015 (2017 for automated fuel 
dispensers).

    Uncertain revenue models and lack of collaboration. Two NFC 
        mobile wallet providers are aggressively seeking merchants to 
        participate in their programs, and offering incentives for 
        eligible consumers to use their mobile phones to pay for 
        purchases. These commercial trials test new revenue models and 
        partnerships to determine whether collaboration among 
---------------------------------------------------------------------------
        stakeholders is successful.

    Participants also identified other barriers, such as the 
        uncertainty regarding who owns the customer relationship (banks 
        or mobile carriers), lack of global standards, and unclear 
        regulatory direction as hindering the growth of the market.

    Building on the identified benefits and challenges, the MPIW 
discussed the need for a roadmap to develop a high-level framework for 
the U.S. mobile ecosystem. This roadmap would include best practices 
and industry standards to manage the technology, security, settlement 
risk, and customer requirements at different points in the value chain. 
The MPIW also wanted to understand the roles of regulators for mobile 
payments and the applicable regulations. The MPIW then worked to define 
the principles essential to addressing the barriers and ensuring a 
successful mobile payment ecosystem in the U.S. Participants agreed in 
general with the principles related to mobile security, 
interoperability, and consumer protection, although there was not 
unanimous support on all details. These principles formed the basis of 
a white paper on the future of point-of-sale mobile payments in the 
U.S., Mobile Payments in the United States Mapping out the Road Ahead, 
published in March 2011. \9\ Although written by the Federal Reserve, 
it reflected the general thoughts of the MPIW. These foundation 
principles are summarized below:
---------------------------------------------------------------------------
     \9\ http://www.bos.frb.org/bankinfo/firo/publications/
bankingpaypers/2011/mobile-payments-mapping.htm

    Creation of an ``open mobile wallet'' that supports 
        multiple payment options (credit, debit, bank account, prepaid/
        stored value, etc.) stored in a secure element in the phone, 
        with broad payment and merchant marketing value options, such 
        as rewards, coupons, and loyalty programs, enabling consumer 
---------------------------------------------------------------------------
        choice.

    Use of NFC technology for contactless mobile payments at 
        point-of-sale, along with enabling secure mobile applications. 
        NFC must be based on industry standards, capable of supporting 
        all payment methods and networks, and operable globally and in 
        multiple venues (e.g., retail, transportation, ATM).

    Clearing and settling payments through existing channels 
        (credit, debit, prepaid, ACH, mobile), but open to new 
        channels. Existing payment mechanisms are the necessary 
        foundation for the mobile payments platform to allow for mass 
        adoption and consumer choice. New payment channels should be 
        permitted but must be interoperable with the existing clearing/
        settlement system.

    Deployment of dynamic data authentication (DDA) as part of 
        the security and fraud mitigation program for card-based mobile 
        payment transactions. DDA generates a unique one-time 
        cryptogram for each transaction, which is verified by 
        interaction between the encrypted information on the chip and 
        the network server when the transaction is authorized. Using 
        contactless chip technology for mobile payments can reduce 
        fraud because even if payment card information is stolen it 
        cannot be used to make counterfeit cards or fraudulent online 
        transactions.

    Development of mobile payment standards for the U.S. based 
        on international standards and an industry-supported 
        certification process to ensure domestic and global 
        interoperability. The MPIW discussed potential gaps in 
        standards for rules and best practices, and possible existing 
        banking standards or rules that could be applicable to mobile 
        phones with some modification. The payments business has well-
        defined groups that set standards, such as the American 
        National Standards Institute and NACHA. Who would promote the 
        adoption of the standards by the mobile payments industry is an 
        open issue. Participants suggested that the U.S. consider 
        working with existing mobile standards bodies, such as GSMA, 
        GlobalPlatform, and NFC Forum, as appropriate, to identify gaps 
        in coverage, and develop globally interoperable standards.

    Clarity of regulatory responsibilities among bank and 
        nonbank regulators needs to be established early on, with input 
        from the mobile stakeholders. While current regulations and 
        rules may cover underlying payment methods, there is confusion 
        because multiple regulatory agencies have responsibility for 
        different aspects of payments and wireless transactions. 
        Industry participants urged bank and nonbank regulators, such 
        as the Federal Communications Commission, the Federal Trade 
        Commission and the Consumer Financial Protection Bureau, to 
        collaborate to define the regulatory environment for all the 
        participants.

    For example, data privacy was a major concern. Complexities arise 
        when different parties begin to share data. The potential 
        marketing value of customer data when tied to mobile payments 
        is significant. Data must be managed carefully to avoid 
        potential abuse and unauthorized access to mobile payments data 
        (e.g., transaction data, location-based data, etc.).

    Trusted Service Managers (TSMs) should manage and control 
        the provision of secure elements in the mobile phone to control 
        risk and ensure interoperability between mobile platforms. 
        Although a broader role for the TSM was mentioned, the MPIW 
        believed it was too early in the mobile payments evolution to 
        consider this option.

    Several major initiatives occurred after the paper was published in 
March 2011. First, the Federal Reserve and MPIW members began 
discussing the basic principles at payment industry conferences, and 
with payment trade groups, individual organizations, and regulators to 
collect feedback and escalate issues.
    Second, to get input from a broader group of stakeholders, we 
invited several merchants, a prepaid card provider, debit card 
networks, a global mobile standards body, and consumer-focused 
organizations to the July 2011 MPIW meeting. The merchants raised 
several issues. They remain concerned about their business case--
processing costs, investment in terminal upgrades, and cost of PCI 
compliance. Merchants would like to collect marketing data that will 
enable them to offer loyalty programs, customized coupons, and merchant 
rewards that provide consumers with a better shopping experience and 
increase sales. Because of the large capital investment, they would 
like to see a roadmap that clearly illustrates the industry direction 
for mobile payments, including mobile wallets.
    Third, we created a sub-group to identify security pros and cons 
related to retail mobile payments that use contactless NFC (SIM, micro 
SD and embedded chip) or cloud technology. FRB Boston plans to publish 
a report of the findings later this year.
Current Status of the U.S. Mobile Payments Landscape
    The volume of mobile Internet and remote purchases (m-commerce) is 
still small, but growing as the number of mobile applications 
increases, and more consumers own smart phones (about 45 percent 
adoption in the U.S. currently). As consumers have more opportunities 
to receive mobile coupons, discounts, rewards and location-based 
offers, the incentives to use mobile payments will further increase.
    NFC contactless technology is being implemented in conjunction with 
several mobile wallet solutions at retail point-of-sale locations; 
however, alternatives to NFC do exist. QR codes \10\ are in use at a 
few retailers for prepaid mobile purchases. Cloud technology, where 
payment credentials are stored on a secure file server that 
communicates with the merchant terminal for payment, rather than in a 
secure element on the physical mobile phone, is another emerging 
alternative. In the current mobile market, some of the large players 
continue to invest in NFC, others are developing wallets in the cloud, 
and still others are covering all bases by providing mobile services 
for both NFC and cloud. It is feasible that these technologies will 
coexist in the mobile payment ecosystem.
---------------------------------------------------------------------------
     \10\ For mobile payments, QR codes are two-dimensional barcodes 
that can be read by smartphones with a mobile application to pay for 
purchases or receive mobile coupons.
---------------------------------------------------------------------------
    Nonbanks are substantially influencing the evolution to mobile 
payments. In 2011, several commercial partnerships and joint ventures 
were announced for retail mobile wallet payments. Additionally, an 
online payment platform announced plans to enable brick-and-mortar 
merchants to accept payments from its wallet accounts. The initial 
offering uses a mobile phone number, not a mobile phone. Several new 
entrants to the payment system are enabling small merchants to accept 
card payments using their mobile phones with a plug-in device and a 
mobile application, while others serve as intermediaries to handle 
payments for digital content billed directly to mobile carriers.
    Some smartphones are being used for functions previously performed 
on personal computers. These devices became a game changer because they 
provided consumers with an interface to the Web and many new 
applications. Consumers demonstrated their desire to use their 
smartphones for multiple functions, which led to even more new 
applications. The smartphone helped to build consumer experience and 
prepare the environment for mobile payments.
Next Steps
    The Federal Reserve will continue to facilitate the dialogue among 
MPIW participants and other stakeholders and monitor progress in the 
evolution of mobile payments. The next MPIW meeting is scheduled for 
April 2012. This meeting, which will include bank and nonbank 
regulatory agencies, will focus on issues related to security, privacy, 
and consumer protection, and respective oversight responsibilities. 
Future MPIW efforts will focus on education that is needed to help 
consumers understand steps they can take to protect their mobile 
financial data, including using passwords to lock their devices to 
prevent access to sensitive data, mitigation tools that allow for 
remote device deactivation and wiping of data, and alerts of suspicious 
activity.
    The Federal Reserve will continue to conduct research to better 
understand consumer needs, behaviors, and adoption plans related to 
mobile payments. In addition, the Federal Reserve plans to work with 
industry participants to identify potential gaps in security and fraud 
prevention, and potential mitigation strategies for the different 
mobile payment technologies (NFC versions and cloud). We plan to 
encourage the mobile stakeholders to work together to define the 
respective responsibilities of the various parties (e.g., the phone, 
mobile carriers, processors, banks, and settlement systems) to ensure 
robust end-to-end security, and to develop security rules and standards 
for eliminating or appropriately mitigating risks for mobile payments.
Conclusion
    Collaboration among mobile industry stakeholders, the Federal 
Reserve, and interested Government agencies through the MPIW has helped 
to educate diverse participants on different views and concerns around 
mobile payments, and awareness of the need for collaboration in certain 
areas, such as security and standards. Going forward, the MPIW will 
continue to provide a forum to discuss issues and barriers as they 
arise with an objective of more timely resolution. The MPIW enables 
proprietary innovation to occur, while promoting a shared framework for 
interoperability. Finally, working with mobile carriers, banking and 
payments industry participants, and Government regulators, the Federal 
Reserve hopes to help mobile payments in the United States evolve in an 
efficient and safe manner and provide a convenient payment option to 
all consumer segments.
    Thank you again for inviting me to appear today. I am happy to 
answer any of the Committee's questions.
                                 ______
                                 
               PREPARED STATEMENT OF SANDRA F. BRAUNSTEIN
    Director, Division of Consumer and Community Affairs, Board of 
                Governors of the Federal Reserve System
                             March 29, 2012
    Chairman Johnson, Ranking Member Shelby, and Members of the 
Committee, thank you for inviting me to appear before you today to talk 
about consumers' use of mobile financial services.
    The evolution of new technologies that enable consumers to conduct 
financial transactions using mobile devices has the potential to affect 
their financial lives in important--but as of yet, not fully known--
ways. For this reason, the Federal Reserve has been monitoring trends 
and developments in mobile financial services. By ``mobile financial 
services,'' I am really talking about two categories of activities. The 
first we call ``mobile banking,'' which is using your mobile device to 
interact with your financial institution, mostly doing things you could 
also do through more traditional means, like check your account balance 
or transfer money between accounts. The second we call ``mobile 
payments,'' which we define as making purchases, bill payments, 
charitable donations, or payments to other persons using your mobile 
device with the payment applied to your phone bill, charged to your 
credit card, or withdrawn directly from your bank account.
    Beyond banking and payments, mobile devices have the potential to 
be useful tools in helping consumers track their spending, saving, 
investing, and borrowing, and in making financial decisions. Such 
technologies also hold the potential to expand access to mainstream 
financial services to segments of the population that are currently 
unbanked or underbanked. That said, the technologies are still new, and 
important concerns, such as consumers' expressions of unease about the 
security of these technologies, must also be addressed for consumers to 
feel confident adopting these new services.
    To further our understanding of consumers' use of, and opinions 
about, such services, the Federal Reserve commissioned a survey late 
last year. Nearly 2,300 respondents completed the survey. This survey 
is among the first to integrate questions about using mobile devices 
for shopping and comparing products along with questions about using 
mobile devices for banking and payments. On March 14, 2012, the Federal 
Reserve released a report, based on these responses, titled ``Consumers 
and Mobile Financial Services.'' \1\ My testimony today will draw from 
this report, which is attached to my written testimony.
---------------------------------------------------------------------------
     \1\ The report is available at www.federalreserve.gov/econresdata/
mobile-device-report-201203.pdf.
---------------------------------------------------------------------------
    Nearly 9 out of 10 adults in the United States have a mobile phone, 
and two-fifths of those phones are so-called ``smartphones'' with 
Internet connectivity. Among all mobile phone users, one out of five 
has used their phones to conduct some banking activity in the last 12 
months. Those users with more traditional mobile phones, or so-called 
``feature phones,'' access bank information via text messages, while 
smartphone users access their bank information by downloading their 
bank's application or via the bank's Internet site. Younger consumers, 
those below age 29, have readily adopted mobile banking, and make up 
almost 44 percent of all consumers surveyed who use such services. 
Adoption rates of mobile banking also differ by racial and ethnic 
background, with Hispanics and non-Hispanic blacks making up a 
disproportionate share of those who use mobile banking services. The 
most common transactions performed by users of mobile banking were 
checking account balances or checking recent transactions. Transferring 
money between accounts was another common transaction.
    Of those consumers who had not adopted mobile banking, the primary 
reason given was that they felt their banking needs were being met 
through more traditional means. Security concerns were the second most-
cited reason for not using mobile banking. Specifically, consumers 
expressed concerns about hackers gaining access to their phones and 
exposing their personal financial information. A little more than one-
third of all mobile phone users reported that they do not know how 
secure mobile banking technology is for protecting their personal 
information, while an additional one-third rated the technology as 
unsafe. Nevertheless, among those consumers with any type of mobile 
phone, but who are not currently using mobile banking, one out of ten 
expects to be using it within the next year.
    In addition to mobile banking, we asked about mobile payments, 
which I described earlier. Mobile payments are not yet as prevalent as 
mobile banking; one out of eight respondents reported making a mobile 
payment in the previous 12 months, and usually this involved paying a 
bill online via their mobile phone. Mobile payments are 
disproportionately used by consumers under age 45 and by Hispanics. 
Consumers who are not currently using mobile payments responded that 
they were concerned about the security of the technology, did not see 
any benefit from mobile payments, or found it easier to pay in other 
ways--for example, with cash or with a credit card.
    Consumers who are ``underbanked''--that is, those who have a bank 
account but who also use an alternative financial service provider such 
as a check casher, payday lender, auto-title lender, or payroll card--
make significant use of mobile banking and mobile payments. Among this 
group, nearly three out of ten have used mobile banking, primarily to 
check their account balances. The underbanked are more likely than the 
general population to use mobile payments, with one out of six using 
payment services on their mobile devices. Those consumers who are 
unbanked also report using mobile financial services, generally in 
conjunction with a general purpose prepaid card or payroll card.
    Let me give you a few examples from the report of how consumers 
reported using mobile financial services to make financial decisions. I 
stated earlier that the most frequent use of mobile banking was to 
check account balances. Of those consumers who use mobile banking, more 
than two-thirds reported that they checked their account balance or 
available credit before making a large purchase. Moreover, among the 
consumers that reported doing this, nearly six out of ten reported that 
they had decided not to buy an item because of the amount of money 
available in their account. As another example, some consumers reported 
setting up a text alert from their bank if their account balance was 
getting low; among those using this service, five out of six reported 
taking some action--transferring money into the account with the low 
balance, reducing spending, or making a deposit into the account--in 
response to receiving an alert. Consumers also reported using their 
mobile devices to browse product reviews or get pricing information 
while shopping.
    More details on consumers' use of mobile financial services are 
available in the report. Staff members in the Division of Consumer and 
Community Affairs expect to conduct additional analysis of the data in 
the months ahead. This should round out our understanding of these 
initial findings. For instance, some of the differences that we see 
based on ethnic or socioeconomic factors may be better understood when 
we examine how such factors interact with other characteristics of the 
respondents. We also anticipate that we may conduct periodic updates of 
the survey to monitor consumers' experiences as the technology and 
business practices evolve.
    Thank you again for inviting me to appear before you today. I would 
be happy to answer any questions you may have.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

         RESPONSES TO WRITTEN QUESTIONS OF SENATOR KIRK
                   FROM SANDRA F. BRAUNSTEIN

Q.1. Now that the Federal Government will be participating in 
the Automated Clearing House to distribute Government benefits 
like social security, growth trends for electronic payments 
should accelerate at an even faster pace going forward than the 
double-digit increases we have seen for the past few years. 
Please describe your perspective of role the Federal Reserve 
should play in regulating and facilitating electronic payments 
in the post- Dodd-Frank world, with an emphasis on how the 
Federal Reserve can contribute to maximizing the economic 
benefits of new technology.

A.1. Federal Government benefits have for decades been provided 
through automated clearing house (ACH), or ``direct deposit,'' 
payments to beneficiaries' accounts at depository institutions, 
and for many years the vast majority of benefit payments have 
been made in this manner, rather than by check. Making the 
payments electronically is generally less expensive, faster, 
and more secure than making them by check. For example, 
delivery of paper checks to benefit recipients may be delayed, 
and the checks, once received, may be lost, misplaced, or 
stolen.
    In December 2010, the U.S. Treasury issued a rule to 
increase further the usage of electronic payments for the 
disbursement of Government benefits. The rule requires anyone 
applying for benefits on or after May 2011 to receive all 
payments electronically via direct deposit to a deposit account 
at a depository institution or via a prepaid card. Treasury has 
contracted with a commercial bank to make Direct 
Express' Debit MasterCard' prepaid card 
accounts available to recipients who will not be receiving 
benefits via direct deposit; these cards can be used like other 
debit cards, and funds that recipients receive through the card 
are FDIC insured. There is no cost to sign up for the card and 
no monthly fee, although there are fees for some optional 
transactions (such as making more than one ATM withdrawal in a 
single month). The Direct Express' card enables 
benefit recipients who do not have bank accounts to avoid fees 
associated with cashing benefit checks. Recipients currently 
receiving benefits via checks will be required to switch to an 
electronic payment method by March 2013.
    Also in December 2010, the U.S. Treasury issued a rule 
establishing requirements that apply to the delivery of Federal 
payments to prepaid cards other than the Direct 
Express' card. Under the rule, a prepaid card is 
eligible to receive Federal payments only if the card account 
is Federally insured, the card is not attached to a line of 
credit or loan agreement under which repayment from the account 
is triggered upon delivery of the Federal payments, and the 
issuer of the card provides the cardholder with all of the 
consumer protections that apply to a payroll card account under 
Regulation E (12 CFR part 1005).
    With respect to benefits that are received on a Direct 
Express' card or prepaid card meeting Treasury's 
requirements, Regulation E (12 CFR part 1005), which implements 
the Electronic Fund Transfer Act of 1978 (EFTA), limits a 
recipient's liability for unauthorized electronic fund 
transfers out of the recipient's benefit account (e.g., if the 
card is lost or stolen). The Dodd-Frank Act transferred the 
Board's rule-writing authority with respect to most consumer 
protection laws, including most of the EFTA, to the Consumer 
Financial Protection Bureau. Under Regulation E, cardholders 
who dispute a transaction within 2 business days of learning of 
the loss or theft of their card cannot be held liable for more 
than $50. Those who dispute a charge within 60 days of an 
account statement reflecting the unauthorized transfer cannot 
be held liable for more than $500. Finally, the regulation 
provides consumers with specific error-resolution rights in the 
case of an unauthorized transaction.
    The Nation's retail payment system is becoming increasingly 
electronic, largely reflecting consumer preferences. The 
Federal Reserve continues to promote the safety and efficiency 
of the Nation's payments system through the Reserve Banks' role 
as providers of payment services and the Board's regulatory 
role. In addition, the Federal Reserve will work cooperatively 
with the private sector to identify and remove barriers to 
innovation and efficiency. And, finally, when appropriate, the 
Federal Reserve will act as a catalyst to greater efficiency, 
safety, and accessibility within the payments system.

Q.2. Sweden, the first European country to circulate bank note 
currency in 1661, is at the forefront of the move to a cashless 
economy. Its aggressive move to electronic transactions has 
resulted in a dramatic drop in robberies of banks and 
securities trucks and shrinkage of the ``tax gap.'' Has the 
Federal Reserve quantified the costs reductions and economic 
benefit derived from migrating to mobile/Web payments?

A.2. The cost reductions and economic benefits derived 
generally from migrating paper-based payments to electronic 
payments have been supported by theoretical analysis and some 
empirical verification. For instance, the Federal Reserve Bank 
of Philadelphia issued a 2003 working paper showing that the 
shift from paper-based payments to electronic payments and from 
branch offices to ATMs may result in an annual costs savings of 
1 percent of the gross domestic product. \1\ Over a 10-year 
period, the Federal Reserve has reduced the cost of per-item 
processing by one third through the electronic clearing of 
paper checks.
---------------------------------------------------------------------------
     \1\ ``Cost Savings From Electronic Payments and ATMs in Europe'', 
August 2003, Working Paper No. 03-16, at http://www.frbatlanta.org/
filelegacvdocs/epconfhumphrey.pdf.
---------------------------------------------------------------------------
    For mobile payments specifically, the benefits in relation 
to costs are uncertain. The United States has a well-developed 
and efficient payments system and enabling mobile payments 
requires investments by the consumers' banks, merchants, and 
others. Research, however, also suggests that the long-term 
benefits to society of having a convenient, effective mobile 
wallet with complementary services that go beyond mobile 
payments (for instance, the ability to receive targeted ads and 
promotions and to monitor and manage account balances from any 
location) could be significant.
    In terms of the example of Sweden's move to a ``cashless 
economy,'' it may be helpful to provide some perspective from 
Sweden's central bank, the Riksbank. The Riksbank reports that 
cash and cards are the dominant payment methods used in Sweden 
today at the point of sale. The Riksbank data show that cash 
usage has decreased since the 1950s, but that trend has been 
driven by an increase in card-based payments; neither e-money 
nor mobile payments are yet well established in Sweden. In 
addition, the decline in bank robberies in recent years has 
been driven primarily by changes in technology and operations. 
Specifically, the amount of cash in the bank offices has been 
reduced and replaced by deposit machines and automated teller 
machines. Also, the shrinkage of the tax gap has been affected 
by recent legislation that requires companies to have certified 
cash registers and to offer customers a receipt, which makes 
cheating on cash accounting much more difficult. Carriers have 
taken actions to increase safety, including GPS systems in cars 
and cash bags, improved ink security systems in vehicle safes 
and cash bags, personnel training, and stricter screening of 
cash transporters. Despite these actions, armored carrier 
robberies have increased. The Riksbank believes that the cash 
usage will continue to decrease but that cash nevertheless will 
continue to be a prominent means of payment for the foreseeable 
future. The impact of new methods of payment, such as mobile 
payments, on the future demand for cash in Sweden is uncertain.

Q.3. The ``Consumers and Mobile Financial Services'' report 
issued by the Board of Governors in March 2012 concludes that 
the consumers' doubts about the security of mobile financial 
transactions impede the growth of this new technology. What 
concrete recommendation would you make to improve mobile 
security for financial stakeholders as well as consumers? At 
the same time, what steps should be taken to assure that 
privacy rights are protected? Please identify all stakeholders 
that need to be considered, and all regulatory agencies that 
will be involved.

A.3. It is important that multiple stakeholders involved in a 
mobile payment transaction share responsibility for ensuring 
mobile payment security and protecting consumer privacy rights. 
Stakeholders include mobile carriers that sell and enable 
mobile phones for payments and oversee the handset and chip 
manufacturers' security requirements, financial institutions 
that issue debit and credit cards and/or hold consumer bank 
accounts that are accessed from the mobile wallets, card 
networks (debit, credit, and prepaid), mobile solution 
providers, merchants, and consumers. This nascent market would 
benefit from mobile stakeholders jointly developing 
technological standards and guidelines that support different 
mobile payment technologies and alternatives to prevent attacks 
on mobile payment data and facilitate the development and 
implementation of consistent, integrated security measures. For 
example, mobile stakeholders should collaborate to develop an 
effective mobile payments security program that applies 
appropriate security measures and tools. Such a program could--

    Include a simple customer security toolkit showing 
        consumers how to protect their mobile devices, mobile 
        wallets, and payments data by using antivirus software 
        to ensure the applications downloaded are safe from 
        viruses and malware; creating passwords for login and 
        mobile wallet access; loading software that enables the 
        phone to be remotely wiped, locked, or deactivated if 
        lost or stolen; and detecting and reporting fraud or 
        other security breaches.

    Recommend implementation of appropriate security 
        tools for different mobile technologies, including the 
        use of end-to-end encryption for any mobile payment 
        transaction stored on the phone, remotely on a file 
        server, and when data are in transit over the wireless 
        network to protect consumer personal data (bank account 
        and card numbers and passwords).

    Create a certification process and standard 
        procedures to safely set-up mobile phones and wallets, 
        including certifying vendor applications before they 
        are loaded into mobile wallets and certifying wallets 
        before they are put into the secure container in the 
        phone. Certification and testing will help to ensure 
        that data processed are encrypted and safely stored, 
        and that applications are virus and malware free.

    From a privacy perspective, mobile stakeholders should 
pursue jointly developing best practices that identify, 
standardize, and build controls that protect consumer data on 
mobile phones and address transparency and choice. Smartphones 
enable mobile payment apps to capture a broad range of user 
information automatically, including a consumer's geolocation, 
phone number, contact list, call logs, unique IDs, and other 
data stored on the device. In addition to protecting against 
security breaches, industry could develop business practices 
for using and sharing this data, within applicable statutory 
and regulatory requirements. As initial steps, it could be 
helpful to review the Federal Trade Commission (FTC), Mobile 
Marketing Association (MMA), and other privacy guidelines 
developed to help protect consumer privacy in the mobile space, 
with emphasis on transparency, disclosures, consumer choice, 
and education. \2\ It also could be helpful to inventory best 
practices in the United States and globally to ensure that they 
include strong privacy protections that encompass the entire 
mobile stakeholder community and address transparency, consumer 
education, and consumer choice. Consumers should understand 
their rights and obligations when they make mobile payments, 
especially with multiple parties involved in a mobile 
transaction. Mobile payment companies also should give 
consumers the ability to restrict using or sharing any 
information that is not necessary to complete a transaction.
---------------------------------------------------------------------------
     \2\ In May 2012, the FTC issued a report on Protecting Consumer 
Privacy in an Era of Rapid Change, which identified best practices for 
businesses to protect consumer privacy and give them greater control 
over the collection and use of their personal data and urged mobile 
providers to work toward improved privacy protections, including 
disclosures. In December 2011, the MMA published its Mobile Application 
Privacy Policy Framework, which addressed privacy issues and data 
processes of many, but not all, mobile applications.
---------------------------------------------------------------------------
    Further analysis of existing laws may be needed to ensure 
that consumers are adequately protected. A legal framework 
exists to address the payment activities of insured depository 
institutions--collectively, ``banks.'' This framework includes 
consumer protection statutes, such as the Gramm-Leach-Bliley 
Act's privacy provisions, the Electronic Fund Transfer Act 
(EFTA), and the Truth in Lending Act, as well as the bank 
supervisory process. To the extent that nonbanks are involved, 
whether and the degree to which Federal or State statutes and 
rules are applicable depends on the nonbank's role in the 
transaction and the specific provisions of the particular 
statute or rule. Due to the different types of service 
providers (bank and nonbank) and the wide variety of payment 
arrangements that are in place and under development, a number 
of regulators may have authority over various aspects of mobile 
payment transaction, including the Federal bank regulators, the 
Consumer Financial Protection Bureau, the Federal Trade 
Commission, the Federal Communications Commission, the Treasury 
Department's Financial Crimes Enforcement Network, and State 
agencies. However, given the fast-paced nature of changes in 
this area and the potential for significant improvements in 
consumer financial services through mobile payments, further 
fact-finding would aid that analysis and would be helpful to 
ensure that any legislative or regulatory proposals do not 
stifle the very innovations that would benefit consumers 
overall.
    It is important that mobile payment stakeholders and public 
agencies take steps to develop coordinated programs for 
consumer education and awareness related to securing mobile 
payments and protecting consumer privacy. For example, the 
Federal Reserve Bank of Boston Payments staff will continue to 
work with mobile payment stakeholders through the Mobile 
Payments Industry Workgroup to help facilitate such security 
and privacy initiatives. \3\
---------------------------------------------------------------------------
     \3\ The Mobile Payments Industry Workgroup represents major mobile 
payment stakeholders, including mobile carriers, banks, card networks, 
payment processors, Internet payment providers, mobile chip 
manufacturers, mobile solution providers, merchants, and mobile and 
payment trade associations.

Q.4. In its 2011 Annual Report of Competitive Market 
Conditions, the FCC cited forecasts that more than half the 
Nation will use smart phones to conduct numerous banking 
transactions by 2015; among consumers between the age of 18 and 
35, over three-quarters of them will bank by mobile device. Do 
---------------------------------------------------------------------------
you agree with the FCC projections?

A.4. Smartphone usage is increasing rapidly in the United 
States. The Board's recent Consumers and Mobile Financial 
Services survey found that just under 40 percent of Americans 
between the ages of 18 and 35 were smartphone users in December 
of 2011. Smartphone users are much more likely to use mobile 
banking than other mobile phone users: among those consumers 
between the ages of 18 and 35, 56 percent of smartphone users 
had used mobile banking in the past 12 months compared to 11 
percent of nonsmartphone users. \4\ As more and more consumers 
have smartphones and the number of financial institutions 
offering mobile banking and mobile payment services increase, 
it is reasonable to assume that the proportion of the 
population that use these services will also increase. However, 
although Federal Reserve and industry data can help us 
understand directional trends, it is more difficult to project 
the specific future penetration rate for these mobile financial 
services.
---------------------------------------------------------------------------
     \4\ Pursuant to the data collected in the Board of Governors of 
the Federal Reserve System Consumers and Mobile Financial Services 
survey.

Q.5. According to surveys within the ``Consumers and Mobile 
Financial Services'' report, the 11 percent of the adult 
population classified as ``underbanked'' are more dependent on 
mobile services than the general population; almost two-thirds 
of ``underbanked'' pay bills with their mobile phones to pay 
bills, compared to less than half of all mobile phone users. In 
the final words of this report, ``The prevalence of mobile 
phone access among minorities, low-income individuals, and 
younger generations creates the possibility of using mobile 
technology to expand financial inclusion.'' Since 23 of the top 
25 banks offer mobile banking, should we modify regulation of 
community development and investment initiatives to include 
expansion of mobile services, accompanied by security protocols 
---------------------------------------------------------------------------
and consumer awareness programs?

A.5. The manner in which traditionally underbanked consumers 
may be accessing mobile financial services is an interesting 
aspect of the report. Because the technology and business 
models are so new and still evolving, it is unclear to what 
extent mobile services may ultimately complement, augment, or 
supplant more traditional means of delivering financial 
services to consumers, including consumers without banking 
relationships and those who are banked but also use alternative 
financial services. The Federal Reserve will continue to 
monitor this aspect of the marketplace. Given the still-
evolving nature of the technology, it may be too soon to 
consider statutory or regulatory changes. Changes such as those 
you suggest may be warranted in the future if they would be 
effective to expand financial inclusion through the offerings 
of mobile products and services.
              Additional Material Supplied for the Record
    MOBILE PAYMENTS IN THE UNITED STATES: MAPPING OUT THE ROAD AHEAD

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


 DEVELOPING THE FRAMEWORK FOR SAFE AND EFFICIENT MOBILE PAYMENTS--PART 
                                   II

                              ----------                              


                         TUESDAY, JULY 10, 2012

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.
    The Committee met at 10:02 a.m., in room SD-538, Dirksen 
Senate Office Building, Hon. Tim Johnson, Chairman of the 
Committee, presiding.

           OPENING STATEMENT OF CHAIRMAN TIM JOHNSON

    Chairman Johnson. Good morning. I call this hearing to 
order.
    Today's hearing is the second in a series of hearings that 
will examine the mobile payments marketplace. Building on the 
information collected at the first hearing, this hearing will 
focus on the benefits of mobile payments to consumers and 
businesses as well as the obstacles to adopting this new form 
of payment. As discussed at our first hearing, this Committee's 
jurisdiction extends over all financial services and payment 
systems regardless of the company that delivers the service.
    Today's panel of academics is at the forefront of mobile 
payments research. Each has spent much time studying this topic 
either through an economic or legal lens. They will discuss the 
benefits of mobile payments including, among other things, 
enhanced data privacy and fraud protection, consumer 
convenience, expanded access to mainstream financial services 
for the underbanked, merchant cost savings, and streamlined 
marketing and promotion opportunities.
    Additionally, we have asked them to discuss obstacles to 
adopting mobile payments. Some potential barriers to adoption 
are levels of consumer awareness, information security, fraud 
and privacy concerns, compatibility of business models, 
development of industry standards, deployment costs for 
merchants, and regulatory uncertainty.
    The bottom line is that as the mobile payments system 
evolves, it is important for this Committee to understand how 
they work in order to provide proper oversight so that these 
payments can be secure and convenient. I look forward to 
today's testimony.
    I want to remind my colleagues that the record will be open 
for the next 7 days for opening statements and any other 
materials you would like to submit.
    Now I will briefly introduce the witnesses.
    Michael Katz is a professor of economics at the University 
of California, Berkeley, and the Sarin Chair in Strategy and 
Leadership.
    Sarah Jane Hughes is a university scholar and fellow in 
commercial law at the Maurer School of Law at Indiana 
University.
    And Thomas Brown is an adjunct professor at the University 
of California, Berkeley School of Law.
    I thank you all again for being here today. I would like to 
ask the witnesses to please keep your remarks to 5 minutes. 
Your full written statements will be included in the hearing 
record.
    Mr. Katz, please proceed.

   STATEMENT OF MICHAEL L. KATZ, SARIN CHAIR IN STRATEGY AND 
 LEADERSHIP, PROFESSOR OF ECONOMICS, UNIVERSITY OF CALIFORNIA, 
                            BERKELEY

    Mr. Katz. Chairman Johnson, thank you for inviting me to 
appear before you today to talk about mobile payments.
    As everybody knows, America's consumers are increasingly 
connected via smartphones, tablet computers, and other mobile 
devices. A lot of people have predicted that this is going to 
lead to a revolution in how people pay when they go into a 
bricks-and-mortar merchant. And, in particular, what people are 
focusing on is near-field communication, which is a technology 
that allows your phone to communicate with the merchant's 
point-of-sale device so that you can swipe your phone the way 
people today swipe credit and debit cards.
    I disagree with those who think it is going to 
revolutionize payments. Just to put it in short, near-field 
communications is about communications that happens at the 1- 
or 2-foot level when you are actually at the checkout. But I 
think the really interesting and exciting developments here are 
really about what happens when the consumer is in the 
neighborhood of the merchant, because your mobile phone gives 
the merchant a way to know that you are there because of 
location-aware services and then to reach out to you and 
encourage you to come into the merchant.
    So I think there is going to be a revolution in mobile 
payments that is going to spring from smartphones and tablets, 
but that revolution is not going to be in the way we pay, but 
it is going to be in the way that merchants interact with their 
customers.
    Let me step back for a moment and ask how we are going to 
get from where we are today to where I think we are going.
    Today, merchants and consumers already have access to a 
wide range of options. They have got cash and checks, credit 
and debit cards. These options are easy to use, they are widely 
accepted, and, importantly, they are trusted. Moreover, most 
consumers already have established relationships with payment 
service providers, and merchants have made substantial 
investments in equipment, systems, and training to support 
existing payment services. So if new payment services based on 
smartphones and tablets are going to compete successfully, they 
are going to have to offer merchants and consumers additional 
value when compared with current options. Cool technology alone 
is not going to be enough.
    Now, from the merchant perspective, mobile payments will be 
attractive if they do one of two things, and ideally both: one 
would be to lower the merchants' costs of completing 
transactions, say by charging lower fees to the merchants or 
somehow speeding up the checkout process; the other benefit, 
and the one I want to focus on because I think it is 
potentially much larger, is attracting additional consumer 
patronage.
    So how will mobile payment services attract customers to 
bricks-and-mortar merchants? Survey research shows that what 
consumers want are payments that are widely accepted, are easy 
to use, and are trustworthy. So how do mobile payments stack up 
against the competition?
    When it comes to paying at bricks-and-mortar merchants, the 
extent of acceptance is a weakness rather than a strength. 
Indeed, mobile payment services face a chicken-and-egg problem. 
Specifically, a merchant does not want to bear the expense of 
changing its checkout process to accommodate a new payment 
service if there are few consumers who use that service. 
Similarly, a consumer does not want to sign up for the payment 
service if very few merchants accept it. But, of course, if 
everybody waits for everybody else to join the new payment 
service first, it is never going to get off the ground.
    Now, there are several potential solutions to the chicken-
and-egg problem, but all of them rely on one common underlying 
factor: There has to be some source of benefit that makes it 
worthwhile to invest in overcoming the chicken-and-egg problem. 
So we are back to looking for a source of consumer value.
    Now, an NFC-enabled digital wallet can be more convenient 
and possibly easier to use than a conventional wallet filled 
with multiple payment cards. But it should be noted that we are 
not going to be able to give up our conventional wallets 
anytime soon because we still need our wallets to carry our 
driver's license, insurance cards, and things like that. Once 
those go digital, we may have a different situation, but right 
now we do not.
    Moreover, we have to ask ourselves: Is it really that much 
easier to swipe your phone than to swipe a smart card? So I 
believe in the short run that ease-of-use benefits are going to 
be too limited to be a significant driver of adoption.
    So that leaves trust as a source of value. Security and 
privacy are two elements of trust. Consumer surveys show, 
unfortunately, that people question the security of mobile 
payments, and indeed mobile payment systems do have points of 
vulnerability, such as the radio interface, that card-based 
systems do not. Moreover, through the use of malicious code 
downloaded through apps or Web browsing, a smartphone can be 
compromised without the attacker's having to attain physical 
proximity. Consequently, security is not going to be a positive 
driver of mobile payment adoption anytime soon. And, 
unfortunately, things do not look a lot more promising for 
privacy. Consumer surveys show that many consumers are worried 
that mobile payment companies will collect too much information 
and that they are going to misuse that information.
    So if we come up short on ubiquity, ease of use, and trust, 
where is the value that is going to drive these things? I think 
the answer is, as I said at the beginning that the way 
merchants are going to use the capabilities that mobile phones 
bring and mobile payments do, is to collect vast amounts of 
information about consumers, analyze that information to 
develop predictions of consumer behavior, and then use that 
information and the ability to communicate with their customers 
to deliver personalized, real-time, context-specific messages 
to encourage consumers to come into the store.
    Let me close by just giving an example of the possibilities 
you could have with this. You could have a coffee retailer get 
an alert from a service provider saying, you know, here is one 
of your regular customers. Normally by 10:30 she buys a cup of 
coffee. However, today it is 10:45, she still has not bought a 
cup of coffee, but we notice she has just left her office. Do 
you want to send her a message encouraging her to come into 
your retailer that is three blocks away? The retailer could 
check its store, find out that it is not very crowded, check 
the fact it is a hot day, and send a message to the consumer 
saying if you come into our store in the next 30 minutes, we 
will give you 20 percent off on an iced coffee. That is an 
incredibly powerful potential marketing tool, and that is where 
I think the real benefits and the real power of mobile payments 
are going to lie. I think we will see NFC in the future, but it 
is really going to be something that is an extension of 
existing payments. It is not the revolution.
    Thank you.
    Chairman Johnson. Thank you, Mr. Katz.
    Ms. Hughes, please proceed.

 STATEMENT OF SARAH JANE HUGHES, UNIVERSITY SCHOLAR AND FELLOW 
 IN COMMERCIAL LAW, MAURER SCHOOL OF LAW, UNIVERSITY OF INDIANA

    Ms. Hughes. Senator Johnson, thank you so much for the 
invitation to be here. Other Members of the Committee, I 
appreciate this opportunity.
    Dr. Katz has already raised a few of the issues that I 
would have covered, and I had broken my prepared remarks down 
into five points that I thought offered benefits and five 
points that I thought changed compliance costs or otherwise 
imposed some obstacles to the adoption of mobile payments by 
merchants. So I may edit my remarks in order to take advantage 
of what Dr. Katz has already given to the Committee, but the 
Committee has my full statement.
    I would also like to flip from the end of my remarks a 
point that I want to be certain to make, and that is that, in 
thinking about regulating mobile payments, I think it is 
important to recognize that this is probably not a one-
solution-fits-all-possible-providers situation. So that the 
banks, the telecom providers, the app providers, intermediary 
payments processors, and merchants all may have the need for 
certain protections and rights, and the customers in dealing 
with them along this pathway of multiple players in a single-
payment transaction. The disparities in the roles that they 
play in mobile payments could be recognized in suitable forms 
of regulation, but it is vital that we not create a situation--
and we may have it now--where one form of regulation drives 
people into unregulated silos or channels of opportunity or 
where they can go to silos that are less regulated and save a 
lot of compliance costs. So that if you are going to regulate, 
you need to think about how to do it in a way that does not 
reward a certain group of players at the expense of merchants 
and consumers and competition in general.
    Now, returning to the five or at least an edited version of 
the five pros and the five expenses. Dr. Katz has already made 
the case for mobile payments possibly being quick and having 
certain functionality, and I agree with him. I think that there 
is a second-level point, and that is, taking mobile payments 
has a particular potential benefit to small business owners 
because it allows them to collect sums from consumers, and this 
may help them expand their roles in the economies. This may be 
particularly true for small-dollar payments as opposed to 
large-dollar payments, and I think that it is also true that 
trust plays a factor.
    In the cab coming here today, I noticed the cab driver's 
willingness to talk about paying for a $2 cup of coffee but his 
reluctance to think about making a $200 car note payment with a 
mobile device at this point. So we will see how this expands.
    The third is that there is a lot of talk about mobile 
payments helping merchants deter fraudulent charges--and the 
customer as well--because each of them gets a real-time signal. 
That may or may not be the case, but it is something for us to 
think of as a potential benefit.
    I agree with Dr. Katz that there are huge opportunities, 
indeed perhaps the most important opportunities, to build 
customer loyalty, to do geolocation in individually directed 
marketing to customers, that those are far ahead of anything 
that traditional payments have had to offer.
    We also have something Dr. Katz did not talk about: 
merchants' abilities to reach consumers who do not have 
checking accounts--they are unbanked--or those who are in areas 
where there are relatively few banks and where access to an ATM 
machine may be more scarce than it is in major metropolitan 
areas. I spent some of my childhood in Missoula, Montana. I 
spent some of my childhood in Butte, Montana. My mother was 
born in North Dakota and spent some of her childhood. It is a 
long way to an ATM in some parts of this country. In 
Bloomington, Indiana, it is not, but in other places it is a 
really long way, especially to a branch of a financial 
institution these days.
    The unbanked and underbanked use smartphones right now to 
make certain kinds of payments because it helps them have 
access to the marketplace that people who live in metropolitan 
areas already enjoy.
    So Dr. Katz has talked about the fact that mobile payments 
have interception risks and malware problems and all of those 
things, that they allow harvesting of information, but they do 
not relieve merchants of the costs of compliance with 
chargebacks, with other security costs, of payment data, 
integrity concerns, and by that I mean protection against 
alteration, replication, or misdirection of payments, of the 
time to explain to consumers the kinds of issues involved in 
making mobile payments if the consumer is not familiar, and 
they do not talk about the added risks that the banking 
industry is concerned about of many more people being able to 
access and maintain consumer deposit or checking account 
information.
    My last point is one that your invitation specifically 
asked to have addressed, which is that taking mobile payments 
will require merchants, and others in the process, to have to 
think about whether they are supposed to comply with privacy 
laws, with record retention laws, and with laws that are 
designed and regulations that are designed to deter and detect 
money laundering and terrorist finance, including dealing with 
countries we are not supposed to deal with, and specially 
designated nationals who are kingpins in the drug industries or 
gun running and the like.
    With that, Mr. Chairman, thank you.
    Chairman Johnson. Thank you, Ms. Hughes.
    Mr. Brown, you may proceed.

STATEMENT OF THOMAS P. BROWN, ADJUNCT PROFESSOR, UNIVERSITY OF 
               CALIFORNIA, BERKELEY SCHOOL OF LAW

    Mr. Brown. Thank you, Chairman Johnson, Ranking Member 
Shelby, and Members of the Committee. I very much appreciate 
the opportunity to come and address the subject of mobile 
payments with two distinguished colleagues in academia, 
Professor Katz and Professor Hughes.
    Like Professor Katz, I believe that mobile payments are 
going to revolutionize the way commerce takes place, and like 
Professor Katz, I do not believe that that is a revolution that 
will begin at the point of sale in brick-and-mortar stores. 
Rather, I believe that mobile technologies are changing the way 
people accept payments fundamentally.
    It used to be a really complicated thing to have the 
opportunity to accept payments. Today, anybody pretty much 
anywhere can get a mobile reader in a little packet like this, 
download an app, plug the device into their phone, and accept 
payment cards on a mobile device. All of the misery associated 
with complying with the contractual process imposed by the card 
networks and the banks has been largely eliminated. This is a 
fundamental change in how consumers and merchants have the 
ability to interact.
    Most payment applications from a consumer perspective--and 
I have two that have been around for a while: cash, which I am 
sure most people here are familiar with; and payment cards, 
which I suspect most people are also familiar with--are, from 
the standpoint of a consumer, mobile. Most of us carry our 
wallets wherever we happen to be, and in those rare instances 
where we do not have our wallet, we tend to notice it and try 
to find it.
    The really profound change associated with mobile payments 
is that we now carry point of sale devices with us at all 
times. This is bringing lots and lots of merchants into the 
electronic payment infrastructure square into it, and others 
have signed up--literally millions of informal merchants--to 
accept electronic payments. That is one important change.
    The other change is how it is affecting how established 
merchants interact with their customers. Professor Katz talked 
about the interaction with customers in the store or near the 
store. Now, instead of having to check out at the point of 
sale, we can make our purchases in the aisle. We can also make 
purchases outside of the store. One of my favorite mobile 
payment applications is the Apple Store app, not to be confused 
with the App Store, which you can also download and access 
through the Apple Store app. It turns your mobile device into a 
mobile checkout. So I can be outside of the Apple Store, 
identify purchases that I want to make, make the purchase 
through my mobile device, take the item off the shelf when I 
show up at the store, and walk out without ever having to 
present a payment credential at the point of sale.
    These changes are what is truly revolutionizing commerce, 
bringing together industries that we used to think of as 
entirely separate--telecommunications, financial services, and 
retailing.
    What are the implications? Well, this revolution raises a 
number of different questions. The first--and it is a natural 
one--is: this is new, so we must have to regulate it. The 
second is concerns about privacy because, obviously, all of 
these transactions involve the flow of information, and we know 
or we have a sense that these mobile devices gather a lot more 
information about us than other ways that we are used to 
engaging in commerce. And then, finally, there are questions of 
compatibility, and let me try to briefly address all three of 
these.
    With respect to existing regulation, let me assure the 
Committee: the payment industry, and the mobile payment piece 
of it, is heavily regulated. It is heavily regulated both at 
the Federal level and the State level. A mobile payment 
provider confronts some very important choices about how they 
offer their products. They can obtain licenses at the State 
level, or they can contract with an existing chartered 
institution who will sponsor their payment application.
    But those are just table stakes. If you then want to offer 
that product to consumers, you confront a long list of Federal 
and State requirements. I am not going to go through all of 
them, but we are all familiar with them, hopefully: TILA, the 
EFTA, the Bank Secrecy Act, OFAC. Offering a consumer financial 
services product in this country is a very complicated 
proposition. We do not need new rules.
    To the extent that we want to decrease barriers to entry 
and increase innovation, I would suggest that Congress attend 
to the complicated regulatory and licensing issues that exist 
at the State level. Whatever benefit might exist from State 
licensing is completely eliminated by having each State license 
every payment provider in the United States.
    Second, privacy. Professor Katz uses a wonderful example of 
somebody who goes to a coffee store and then misses their daily 
appointment and receives an offer. Well, it does not take a 
huge leap of imagination to think through an example that might 
make us a little uncomfortable, which is, instead of receiving 
an offer from the cafe that you generally visit, you receive an 
offer from the doughnut shop across the street that you have 
never visited. Although we might like the first kind of offer, 
I think the second offer seems a little creepy. That creepiness 
instinct tends to vent itself in wanting to prevent people from 
sharing information. I want to suggest that that is not the 
answer, and the reason can, I think, be found in a couple more 
hypotheticals. Instead of imagining somebody missing their 
appointment in the city and receiving an offer from someplace 
across the street, let us suppose that the person is in a new 
city, and they receive an offer from a merchant who says, ``We 
know that you like Blue Bottle Coffee back home in San 
Francisco. Why don't you try Elixir in Philadelphia? We think 
you will be happy.''
    The first offer might make us feel a little uncomfortable; 
the second offer, maybe not so much. And regardless of how 
concerned we are about the extent to which one offer seems 
creepy and the other does not, restricting the sharing of 
information, which tends to be the framework that we use for 
most privacy legislation in the United States, does not prevent 
the offer from being made. It simply encourages the firms to 
merge or to integrate.
    If people cannot share information that is then used to 
support mobile payment applications, what that leads to is 
firms combining under a single roof. So, if the doughnut store 
owner and the coffee store owner are owned by the same person, 
then you can receive the offer, but not if they are separate. I 
think instead of focusing on sharing, we should focus on 
consequences.
    And that leaves me just a little bit of time to discuss 
compatibility. This is a very complicated subject. I will not 
go into it in detail. I will say compatibility problems can be 
a concern. They might not be a concern. There is no one-size-
fits-all solution to them. Fortunately, we have a legal 
framework in the United States that addresses these issues 
quite well in the antitrust laws.
    Thank you. I am more than happy to answer any questions 
that you might have.
    Chairman Johnson. Thank you for your testimony.
    As we begin, I will ask the clerk to put 5 minutes on the 
clock for each Member.
    Mr. Katz, what is the biggest obstacle to widespread 
adoption of mobile payments by consumers and merchants? And how 
can it be overcome?
    Mr. Katz. I think there are two levels at which to answer 
that. I think at one level the biggest obstacle is the lack of 
real value right now given that we in the United States have so 
many payment instruments that work extremely well. We have very 
well developed credit and debit markets, so we have tough 
competition. And so where that shows up, I think, is really 
this chicken-and-egg problem, that everyone wants to wait to 
see everybody else get onboard with the system. And there are 
solutions to that, as I mentioned, so let me just say a couple 
words about it.
    One of the things that will help, as Mr. Brown was saying 
or touched on, is compatibility, and I think we will see 
compatibility in point-of-sales devices. I think once we get 
onboard with that and see point-of-sales devices that work both 
with mobile phones but also with existing smart cards and work 
with the Visa and MasterCard systems in particular, I think 
then we will see merchants start adopting these things, and 
that will give us a path going forward.
    Chairman Johnson. Ms. Hughes, how would you expect small 
merchants to be affected by widespread adoption of mobile 
payments? Are mobile payments providers likely to compete in 
cost with existing payment providers to the benefit of small 
businesses?
    Ms. Hughes. Mr. Chairman, I think the small business 
providers are already beginning to realize some of the benefits 
of mobile payments. Ice cream shops, people who have 
transactions, many transactions--coffee shops, doughnut shops--
of $10 or less are seeing the application such as the one Mr. 
Brown suggested--I am borrowing your prop--where the reader is 
on the phone or where it is possible to tap the phone in close 
proximity to another reader and have the information be shared.
    The costs of using a system such as the one Mr. Brown 
mentioned, Square, is considerably lower than what is happening 
in a comparable transaction using a credit card or debit card 
rail right now. I am on the board of a tiny nonprofit, and last 
year, because of our interest in trying to save costs, we 
switched to Square, and we reduced our average transaction 
charge by about 1.05 percent per transaction. So, in other 
words, instead of paying about 3.75 percent in interchange fee, 
our end, for the transaction, we paid about 2.7 percent for the 
transaction.
    The other way in which this helps small businesses, it 
helps artisans and craftsmen, it helps farmers at farmers' 
markets, places where they do not often have electrical support 
for their credit card processing machine, but they do not want 
to just use plain old paper credit card slips because they cost 
more to process, and the amounts of the sales are often not 
enough to support the fee that will be charged in the 
traditional debit and credit modes.
    So there are cost savings, to which Mr. Brown alluded in 
his remarks, and I thought quite well, but without the 
specificity of the example that I have just offered for this 
purpose.
    Chairman Johnson. Mr. Brown, when a consumer makes a mobile 
payment, what information is collected and what is the 
information used for? With whom is the information shared, and 
do consumers have a say? Should there be limits on the 
information that is collected and how the information is used? 
That is a mouthful.
    Mr. Brown. It is, and I notice we only have 2 hours for the 
hearing.
    [Laughter.]
    Mr. Brown. I am not going to try to answer it in all of the 
detail. It is a question that goes to the heart of what is 
happening with mobile payments, and let me try to answer it by 
identifying a couple of different ways in which mobile payments 
happen.
    Professor Katz has talked a little bit about NFC 
applications. The most familiar is the Google Wallet that you 
can sort of wave at and tap on a phone to execute a payment in 
a brick-and-mortar environment. I have talked a little bit 
about the mobile devices and mobile shopping cart. So these are 
two sort of archetypes for these kinds of transactions, and the 
information that is collected and processed in connection with 
these transactions is different.
    When the mobile phone is being used simply to replace the 
swipe from a payment card, for all intents and purposes, the 
only information that is being passed among the parties to the 
payment itself--so merchant, processor, network, issuing bank--
is the information associated with authorizing and settling 
that payment.
    When the mobile device is being used as a shopping cart, so 
we're essentially taking a payment application and combining it 
with the ability to fulfill purchases, there is a lot more 
information that may be hosted or held by various participants 
in the chain associated with the delivery of that experience to 
the customer.
    So what does that mean? We can take Amazon as an example. 
Amazon has a mobile Web site that you can visit on your mobile 
device and through which you can make a purchase. We often 
think of Amazon as the merchant associated with those 
transactions, that is, that Amazon actually owns the good that 
it is providing to the consumer. In fact, Amazon acts as a 
platform for a number of small merchants who are selling 
through the Amazon mobile Web site. And when you make a payment 
to Amazon, Amazon processes that payment and then delivers it 
to the merchant.
    Amazon as the processor and platform in that example often 
hosts the shopping cart information and then uses that to, 
among other things, make recommendations when you visit the 
Amazon platform.
    So the short answer to the question about what information 
is taken and how it is used is there is no single answer, but 
hopefully those two examples give some sense of the 
differences.
    Do consumers have a say? This is a very interesting 
question. And the answer is, for the most part, when you are 
using the mobile device as a shopping cart, with Amazon, with 
Apple, with most of the other mobile shopping cart examples 
that I can think of, the terms of service from a consumer 
perspective with respect to the use to the consumer do have a 
provision that explained to the consumer, at least in some 
sense, how the host or provider of that service can use the 
consumer's information.
    I think that then leads to the next question. What rules 
exist with respect to the enforcement of the promises that are 
made? And should there be regulation with respect to the 
collection of the information? So let me talk about enforcement 
first. And the answer is yes, we actually have an enforcement 
mechanism for that. That is largely what the FTC has done in 
its privacy enforcement efforts. There was an article in 
today's Wall Street Journal about an enforcement action 
currently pending before the Commission related to Google and 
Google applications that subvert or go around the privacy 
provisions that are built into the Apple app store. So this 
provides an example of how existing law is being used to police 
consumer expectations with respect to how the information is 
being used. But this is a very complicated set of issues.
    Chairman Johnson. Senator Merkley.
    Senator Merkley. Thank you, Mr. Chairman, and thank you to 
all of you for your testimony.
    I wanted to start, Professor Hughes, with your point about 
how mobile payments can help the unbanked and the underbanked, 
and specifically if you could share any more thoughts about how 
we make sure that mobile payments become a pathway to financial 
services that are healthy, if you will, and supportive to this 
underbanked or unbanked community versus being a pathway to 
predatory practices that we have seen plenty of times in other 
venues.
    Ms. Hughes. That is a very interesting question. Thank you. 
The adoption of smartphones by underbanked persons is one of 
the most interesting phenomenon in this whole space because 
many people who are underbanked do not--they are either 
underbanked because they live in locations where there are not 
very many depository institutions from which to choose or they 
do not really have enough money to sustain an account or they 
have lost the privilege of having one.
    The unbanked are in a similar situation, but they may never 
have had a checking account because they could never afford it 
or because they have come to the United States from places 
where the banking system was not well trusted.
    As a result, smartphone technologies replace two very 
important functions in a contemporary American resident's life: 
access to the Internet and access to financial services. Those 
are so powerful forces in our economy at this point that it is 
very important to protect, as you have suggested, access and to 
hope that access will be on terms and conditions that respond 
to needs and are not unfair or deceptive in the way in which 
they are applied.
    The cost issues for the consumer after you acquire the 
device that you are going to use--the tablet, the smartphone, 
or whatever--may be very similar from the consumer's 
perspective to the cost that the consumer would have if the 
consumer had to go and get dollars, had a credit card, which 
they may not have because sometimes those take large up-front 
fees or deposits or things that these consumers may not have.
    So just as it looks to us like we process checks at par but 
the costs are really embedded in the system, the costs here are 
embedded in the system. And with credit and debit transactions, 
they may, in fact, be buried.
    So the consumer may or may not incur more costs, but if you 
think of the time savings of not having to go to the ATM, not 
having to carry cash, assuming that you have an ATM to go to, 
not paying a fee to cash a check if you were paid by check or a 
fee to get your money out of your payroll card account if you 
have been given a payroll card account, the opportunity to load 
your payroll into your mobile device and use it as a 
replacement access mode like a check or a credit or a debit 
card for monies that you may have on deposit other places are 
all enormous.
    It is a huge marketplace. There are at least 30 million 
adults in this country who do not have adequate bank access. I 
think the number is considerably larger than that, but the 
figures I see talk about at least 30 million. Some have 
projected as many as 50 million people in the country who do 
not have access to banking accounts.
    Senator Merkley. Thank you, Professor, and I will not ask 
you more on this. I will just note that we have plenty of 
challenges with, for example, prepaid debit cards that then 
have all sorts of hidden fees. You acquire a balance, and you 
pay $20 if you use the card for the first time. You pay $20 if 
you use it. Every month you pay $20, or whatever. It is 
continuous fees. And I can see those being very hidden, even 
more hidden, if you will, in the context of an electronic 
platform, and we could end up with a world that expands with 
very expensive costs to working people. And we also have the 
potential for solicitations for payday loans that are 300 
percent interest, 500 percent interest, where it is, you know, 
click here and the first thing you know you have got a very 
expensive loan that you did not have a full sense of that you 
might have if you had to go to a brick-and-mortar location and 
discuss it.
    So it is just kind of a thought that we should have that in 
the back of our mind as this powerful new frontier--as we enter 
it.
    I want to switch gears a little bit to Professor Brown, and 
if I understood your comment correctly, you were arguing 
against any restriction on the sharing of information between 
groups that collect that information on consumers, arguing that 
it simply encourages, if you will, a horizontal ownership 
structure. My first kind of reaction to that was a little bit 
of doubt about the argument you were making in that if I have a 
company that I am dealing with that I can check out their 
privacy policy, I have at least some instrument as a consumer 
to pick and choose ones that have a privacy policy. But if 
there are simply no restrictions on their sale of my 
information, I have lost any ability to control that or to 
respond as a consumer to the different offerings from different 
folks. If I could just get a little more sense from you on 
this.
    Mr. Brown. Sure. What I want to emphasize is that I think 
with respect to privacy and information security, we should 
focus on bad consequences, identify those, and think of ways 
that we can minimize their potential for arising and minimize 
the potential that the party that is in the least position to 
avoid them ends up bearing the consequence.
    So let me give you some examples of this. The Do Not Call 
list is an example. The caps on liability to consumers for 
unauthorized transactions under Reg E and Reg Z are other 
examples of this.
    With the Do Not Call list, many of us do not want to 
receive calls that interrupt our dinner, and this is a totally 
natural thing. We do not like to get them in the Brown 
household either. Those calls originate not because my 
telephone information is collected and shared by merchants, but 
because my telephone number can be auto-dialed by somebody. I 
am allowed then to identify my number as a number that should 
not be auto-dialed. That is a focus-on-consequence approach. 
Reg Z and Reg E do much the same. With Reg Z, if there is an 
unauthorized transaction on my credit card, my liability is 
capped at $50 when I provide notice to the credit card company. 
As a consumer, once my information is out there, there is not 
much that I can do to prevent somebody else from obtaining it 
and then using it in a fraudulent manner. So I am not what we 
would call in the common law, the least cost avoider. There are 
other people in that payment stream--the merchant, the network, 
the bank that issued the card, the merchant that subsequently 
accepts my information--who are all in a better position to 
avoid that transaction than me.
    Senator Merkley. I see your point, and you are arguing in 
favor of the equivalent of do-not-call-type strategies that, 
regardless of who has the information, which is a powerful tool 
for consumers.
    Mr. Brown. Right, because I think focusing on sharing just 
leads us into things that end up not helping people. Gramm-
Leach-Bliley is the best example. We get these long notices 
every year that no one reads, and we think that we are 
protecting people's privacy interest, but, all we are really 
doing is giving a subsidy to the post office--which may itself 
be useful but is not necessarily advancing the privacy 
interests or this creepiness concern.
    Senator Merkley. I do think the post office is happy about 
that.
    [Laughter.]
    Mr. Brown. Yes.
    Senator Merkley. Thank you.
    Chairman Johnson. We will proceed to a second round.
    Mr. Katz, I will ask you the same question as I asked Mr. 
Brown. When a consumer makes a mobile payment, what information 
is collected and what is the information used for? With whom is 
the information shared? And do consumers have a say in it?
    Mr. Katz. So as Mr. Brown was saying, that is indeed a 
complicated question and a more complicated answer. Let me 
amplify a few of the things he said.
    The actual payment transaction does not necessarily provide 
any additional information at all compared to a traditional 
credit card transaction. But one of the things that could 
really change things when we are talking about mobile is that 
there is a lot of other information that goes along at the same 
time that you typically do not have with a credit card.
    So, for example, although you can infer the customer's 
location from where he or she used a traditional card--and, in 
fact, Visa has a system now that does that and sends you a 
message because Visa knows where you are using your creditor. 
With mobile payments and GPS-enabled phones, there is way more 
ability to track people.
    But I think in all of this, it is not so much the change 
that there is going to be more information collected. Credit 
card companies have unbelievable amounts of information about 
us today. In fact, unfortunately, I went through something 
where someone in my family had stolen something from us and run 
off to another State, somebody we had been taking care of. We 
ended up determining who our friends were that we did not know 
existed before, what State she had run off to, where she was 
living, how she had gotten there because we had a trail of gas 
station receipts. We were able to build a really detailed 
picture of this person's life, and this was something that 
happened 15 years ago using credit card information.
    So the information is already out there. I think what is 
really different is that the ability to do data mining, to do 
big data analysis, to actually process and use all the 
information, I think that is really what is changing, not so 
much what is being collected but the ability of companies to 
process and to use it.
    Now, that said, I mean, we are getting ever more, because 
of people being connected with cell phones, people being on, 
you know, various social networks. But as I say, the 
information is out there.
    How it is used? It is used in a lot of different ways. That 
is certainly something that is changing and evolving. But as I 
say, it is going to be increasingly used to target marketing 
messages and deals and special offers that are personalized to 
the consumer.
    In terms of consumers' control over it, I am all in favor 
certainly of having a legal framework that gives consumers the 
ability to take control if they want to. I suspect that most 
consumers are not going to want to take control and that what 
we will see, which I think we have a history of in the United 
States, is consumers voicing a lot of concerns about privacy, 
but then when they learn that they can get, you know, 10 cents 
off on a Big Mac if they give up their privacy, they will give 
it up.
    So I think it is a challenging issue. We can give consumers 
a lot of tools to protect the information. I am rather 
pessimistic whether consumers will make use of those tools.
    Chairman Johnson. Mr. Brown and Ms. Hughes, what 
protections do consumers have if fraudulent, unauthorized, or 
inaccurate mobile payments are made to their account? What 
types of disclosures do consumers receive about risks 
associated with fraud and theft and the protections they have? 
Mr. Brown, let us start with you.
    Mr. Brown. This is another question that can be complicated 
based on the different archetypes for executing these 
transactions. If we take the two examples that I gave before--
and there is actually a third where the transfer is more like a 
remittance, but I am just going to exclude that and talk about 
the prepaid wallet and the sort of credentialing Google Wallet-
type structure.
    With the mobile wallet on the Google model, where it is 
just a credentialing device, the protections and the 
disclosures that the consumer receives are those that are 
associated with whatever payment device the consumer has loaded 
into the wallet. I have a credit card here, so Reg Z would 
apply. If it is a debit card, Reg E would apply. Consumers 
Union has identified some real border cases where there is some 
question as to whether the particular instrument would be 
covered, but those I would characterize as real edge cases.
    When you move into a mobile wallet--a stored-value-type 
product--the way I tend to think of it, and the way most of the 
providers of those services disclose the consumer protection, 
is that the wallet itself is covered by Reg E. That means that 
if I use my mobile wallet that is then backed up by a backup 
funding source and I end up in a dispute with the recipient of 
the transaction, that the transfer from my account to the 
recipient's account--Dwolla operates a system along these 
lines--would be protected by Reg E.
    Typically, if you look at the terms of service associated 
with the providers of services like this--Dwolla is one, PayPal 
is another--you will see an outline of the protections that the 
consumer receives. Bill-to-mobile services raise some 
additional issues, and bill-to-mobile services on the whole 
generally disclose to consumers what the risks are. But there 
are some questions as to whether the coverage originates under 
the EFTA or the Truth in Billing Act and some additional State 
laws. So that is a short answer.
    Chairman Johnson. Ms. Hughes, do you have anything to add?
    Ms. Hughes. Well, I would certainly agree with Mr. Brown 
that there are sufficient protections under Reg Z and Reg E 
right now. I think there may be some confusion to resolve 
through education with consumers about which of those are 
applying to which transactions. That is a big issue in my mind. 
And I do also agree with him that bill-to-mobile, which is 
basically both a matter of contract and a matter of the Truth 
in Billing Act, may add a layer of confusion to consumers that 
needs to be addressed through consumer education. I think this 
whole area could benefit from consumer education.
    But I do think that we want to ensure that there are 
adequate and readily available and easily understood means for 
addressing payment alteration. That is what I said when I 
talked about payment data integrity, the possibility of a 
replication of a payment, that is, somebody who makes the 
payment more than once with only one authorization for the 
purpose. And, in addition, oddly enough, and the further the 
consumer is away from the merchant, the possibility of 
misdirecting a payment is an issue that is going to come up. 
Somehow I am going to misdial that phone number. I guarantee 
you I am going to misdial that phone number, but that is a 
different problem.
    So I think that there are areas where additional work would 
be helpful. I think that instead of additional disclosures at 
this point, I would favor very enhanced education, but I would 
be willing to assist if disclosures come up in framing what I 
think would be appropriate disclosures.
    Mr. Brown. Can I add to that?
    Chairman Johnson. Yes.
    Mr. Brown. I think Professor Hughes makes an important 
point that I want to amplify with respect to disclosures. I 
think when we talk about disclosures, we are maybe talking 
about two different things at the same time, and it is helpful 
to separate them.
    On the one hand, there is information that is available 
about services. In some ways, that is what I think of as the 
disclosure. Consumers, by and large, are not the audience for 
that information. They tend not to page through the long terms 
of service associated with these services. That is information 
that academics, the FTC, and researchers make use of. Consumer 
Reports can evaluate different services and provide and educate 
consumers about which ones might be better and which ones are 
worse.
    There is a separate issue about what gets communicated to 
consumers and when, and I think when we merge these two issues, 
we lose something, because I think a lot of times consumers are 
not particularly interested in getting long disclosures at the 
point that they are deciding to sign up for the service. They 
are deciding to sign up for the service because they want to 
complete some transaction--they want to do something. And 
reading a long disclosure is just not part of what they are 
excited about in wanting to complete that transaction.
    So I think we should be careful to distinguish these two 
points, so maybe thinking about what information people should 
make available publicly about dispute rights versus what 
information needs to be disclosed to the consumer when they are 
signing up for the transaction or when they are engaging in a 
particular transaction.
    Chairman Johnson. One last question relative to information 
security for the entire panel. Some experts claim that mobile 
payments are more secure than traditional payments while others 
claim that they pose additional threats to consumer safety and 
privacy. In your opinion, which side is right? Or are both 
sides right? Mr. Katz, let us begin with you.
    Mr. Katz. I guess being an academic contrarian, maybe I 
would say both sides are wrong.
    [Laughter.]
    Mr. Katz. What I mean by that actually is the following: I 
think a lot of the debates are actually not about mobile, even 
though people act as if they are. So one of the things 
proponents of mobile being more secure--one of the points they 
will make is, well, we can have two factor identification and 
we can use biometrics. Well, actually, as I understand it, the 
best way to do biometrics is not to use somebody's cell phone. 
The best way to do it is to have the customer either say here 
is who I am or use a phone or use a traditional payment card, 
just something to say here is who I claim I am, and then have 
the merchant access the data base to check what biometric 
information the customer should then provide, and the merchant 
to have the equipment that--you know, let us do retinal scans. 
The merchant should control the retinal scan. Why should I 
trust somebody's iPhone if he comes in and says, oh, yeah, I 
just did a retinal scan on Mike Katz, he is Mike Katz. I mean, 
the merchant is going to want to use its own equipment.
    So I think all this stuff about biometrics which I often 
hear associated with mobile really is not about mobile. And I 
think there is a lot of that that goes on.
    I think the answer is that we could make the systems a lot 
more secure than they are, but it is a question--in both mobile 
and traditional payments, and it is really a question of cost, 
and the industry has made the judgment to date that it is 
cheaper to deal with the fraud that occurs and just, you know, 
bear that than to try to have systems that are harder to tamper 
with.
    Now, that said, I think that at least initially we are 
going to see the mobile systems are going to be less secure. 
And in terms of something about privacy, I noticed on the Web 
site of a company whose name I will not mention, but there were 
products that featured prominently in this hearing today, that 
company, it turns out--when you sign up with them, if you pay 
and you use this great service where you can pay using a 
merchant's mobile phone, if the merchant types the merchant's 
email address into the mobile phone, when you pay, anything you 
do in the future, the receipt goes to the merchant, not you. 
So, for example, if you pay your taxi driver and your taxi 
driver types his address into the mobile phone when you pay, 
the next time you go to the supermarket or something and use 
that service, the receipt goes to the taxi driver. That is not 
high-quality privacy. That is not something that has to be 
inherent in a mobile system, but it is something we see in the 
one.
    And so I think what we are going to see is the following: I 
think what is really exciting about mobile and what is going on 
is it is bringing new players in the industry who are bringing 
in various forms of innovation, a lot of which has nothing to 
do with the mobile stuff. So with Square, coming in and 
charging lower fees to merchants, that is not because of the 
mobile part. It is because they have decided to aggregate small 
businesses' business and then go to Visa and MasterCard and get 
a lower rate. Basically, they have engaged in merchant service 
fee arbitrage.
    Now, is it a coincidence that Square is doing that at the 
same time that they are bringing out this new innovative 
payment reader? I think, no, it is not a coincidence. The 
technology let a new company come in with new ideas, but a lot 
of the new ideas people are bringing in are not really about 
mobile.
    So what I would say is that the technology has created 
opportunities, it is bringing in new players, those new players 
are then bringing in a whole lot of new ideas and innovations, 
often which are not really tied to mobile. So it is a great 
thing, but I think we want to be careful about tying too much 
of that to mobile. I would say that even with the underbanked. 
I mean, I think--I do not understand actually what mobile does 
for the underbanked that you could not do already beyond--and I 
understand this is how the underbanked do use mobile, that they 
can check real-time balances all the time. But, of course, I 
can use--I could have a mobile app to check real-time balances 
even if I never made a mobile payment in my life.
    So on all of these things, I think it is really important 
to separate out which part is mobile and which part is 
innovation, because if we try and tie them too much together, 
it just may give us the wrong perspective.
    I should turn things over to my fellow panelists.
    Chairman Johnson. Ms. Hughes, what do you think?
    Ms. Hughes. Well, I think Professor Katz has given us a 
very provocative possibility to imagine, and I am inclined to 
agree that many of these innovations have very little to do 
with mobile. They are just payments innovations or great 
arbitrage opportunities.
    But I would make one simple point, and that is that the 
more people who have their hands on data based on the 
experience of the last few years in particular, the more 
opportunities there are for the introduction of malware or 
interception of payment data. As I mentioned earlier, the 
banking industry is quite concerned about this and about 
possibly weak incentives for some of these people who are not 
quite at the merchant and not quite at the bank not to have 
strong enough protections in their own systems.
    When we have events such as happened with Global Payments 
not so long ago, a processor, we realize that the more people 
that have hands, the more problems could happen. Now, that is 
not unique to mobile. The thing that might be unique to mobile 
is an enhancement of the number of players in any particular 
payment transaction. That could be problematic.
    Chairman Johnson. Mr. Brown.
    Mr. Brown. I guess I will play the contrarian and be a 
little optimistic on this point. Although I think it is 
possible to identify some potential downsides, as Professor 
Katz and Professor Hughes have done on the information security 
issue, I think it is also important to recognize that the 
transition from traditional form factors for payments to mobile 
and the emergence of some of these new technologies that mash 
up payment functions with other commercial functions introduce 
both new data that people can analyze to produce better 
outcomes with respect to risk and fraud and, second, make it 
easier to introduce dynamic data into the payment 
infrastructure.
    The issue that creates the risk associated with credit card 
fraud is that the data on the card, both the physical 
manifestation and what is visible on the mag stripe, is static, 
not dynamic. So once it is obtained, it can be used in some 
circumstances to generate a transaction at another merchant. 
That is an issue with how the data currently resides.
    When we make the transition to a mobile device, we have the 
opportunity to introduce dynamic information, and we can do it 
in a way that is easier. As Professor Katz would point out, if 
we are really concerned about dynamic data, can't we do it with 
mag stripes? And the answer is yes, though no one is. This 
inflection point provides an opportunity to introduce new data 
that has the potential to make retail payments even more secure 
than they already are, which, frankly, if you look at the 
reported fraud numbers on the major payment card systems, is 
pretty remarkably secure under the existing infrastructure.
    Chairman Johnson. I would like to thank our witnesses for 
their very interesting testimony.
    The Committee will continue its series of hearings on the 
development and adoption of mobile payments in the fall.
    This hearing is adjourned.
    [Whereupon, at 11:04 a.m., the hearing was adjourned.]
    [Prepared statements supplied for the record follow:]
                 PREPARED STATEMENT OF MICHAEL L. KATZ
    Sarin Chair in Strategy and Leadership, Professor of Economics, 
                   University of California, Berkeley
                             July 10, 2012
    Chairman Johnson, Ranking Member Shelby, and Members of the 
Committee, thank you for inviting me to appear before you today to talk 
about mobile payments.
    America's consumers are increasingly connected via smart phones, 
tablet computers, and other mobile devices. Many people have predicted 
that the use of near-field communications (or NFC), a technology which 
allows consumers to pay by swiping their phones rather than their 
credit or debit cards, will revolutionize consumer payments at bricks-
and-mortar merchants. I disagree. I believe the changes associated with 
NFC and so-called digital wallets will be evolutionary, not 
revolutionary. There will be a revolution resulting from the ubiquity 
of smart phones and tablets, but that revolution will manifest itself 
in the ways merchants manage their relationships with their customers.
    Today, merchants and consumers already have access to a wide range 
of payment options, including cash, checks, and various payment cards. 
These options are easy to use, widely accepted, and trusted. Moreover, 
most consumers already have established relationships with payment 
service providers, and merchants have made significant investments in 
equipment, systems, and employee training to utilize these payment 
services. In order for new payment services based on smart phones and 
tablets to compete successfully, these services will have to offer 
merchants and consumers additional value in comparison with current 
options. Cool technology alone will not be enough.
    Merchants will be attracted to mobile payments if those services 
either lower the merchants' costs of completing transactions or attract 
additional consumer patronage. How will mobile payment services attract 
customers to bricks-and-mortar merchants? Surveys demonstrate that 
consumers want payment services that are widely accepted, easy to use, 
and trustworthy. So how do mobile payments stack up against the 
competition?
    When it comes to paying at bricks-and-mortar merchants, the extent 
of acceptance is a weakness, rather than strength. Indeed, mobile 
payment services face a chicken-and-egg problem. Specifically, a 
merchant does not want to bear the expense of changing its checkout 
process to accommodate a new payment service if there are few consumers 
who use that service. Similarly, a consumer does not want to sign up 
for the payment service if there are few merchants who accept it. But 
if everyone waits for everyone else to join first, the new service will 
never get off of the ground. There are several potential solutions to 
the chicken-and-egg problem but all of them rely on a common underlying 
factor: there has to be some source of benefit that makes it worthwhile 
to invest in overcoming the chicken-and-egg problem. So we are back to 
looking for the source of consumer value.
    An NFC-enabled digital wallet can be more convenient and possibly 
easier to use than a conventional wallet filled with multiple payment 
cards. It is worth observing, however, that most of us are going to 
have to carry conventional wallets anyway, at least until drivers' 
licenses and insurance cards and the like also go digital. Moreover, is 
it really that much easier to swipe your phone than a smart card? In 
the short run, ease-of-use benefits appear to be too limited to be a 
significant driver of adoption.
    That leaves trust as a source of value. Security and privacy are 
two critical elements of trust. Consumer surveys reveal that many 
consumers question the security of mobile payments, and indeed mobile 
payment systems do have points of vulnerability, such as the radio 
interface, that card-based systems do not. Moreover, through the use of 
malicious code downloaded through apps or Web browsing, a smart phone 
can be compromised without the attacker's having to attain physical 
proximity. Consequently, security is not going to be a positive driver 
of mobile payment adoption any time soon. Things do not look more 
promising in terms of privacy. Consumer surveys reveal that many 
consumers worry that mobile payment companies will collect too much 
personal information and that that information will be misused.
    If ubiquity, ease of use, and trust all create too little value to 
drive widespread adoption of mobile payments, what will? I believe the 
answer lies in the very information that consumers worry will be 
misused. The widespread adoption of smart phones and other mobile 
devices with increasing capabilities has made it possible to collect 
detailed data about where consumers are and what they are doing. This 
information can be analyzed to predict consumer behavior and used to 
generate personalized, context-specific, merchant-to-consumer 
communication delivered in real time. The ability to predict consumer 
behavior and send such targeted messages is a very powerful marketing 
tool that will be worth tens of billions of dollars annually to 
merchants.
    A hypothetical example illustrates some of the possibilities. A 
mobile payment app might alert a coffee retailer at 10:45 a.m. that a 
person who on most days purchases a cup of coffee by 10:30 is just 
leaving her office and has yet to visit a coffee shop today. Taking 
into account the summer heat and the fact that the retailer is not very 
crowded right now, the retailer could send an email or text message to 
the consumer offering a 20 percent discount on an iced coffee if she 
comes into the store three blocks away in the next 30 minutes. In 
summary, information and communication lie at the heart of the coming 
mobile payment revolution.
    Mobile payments represent the convergence of three industries: 
telecommunications, banking, and Web services. This industry 
convergence is going to lead to complex regulatory convergence as well. 
The interplay of economy-wide antitrust policy and privacy regulation 
with the sector-specific regulatory regimes for banking and 
telecommunications is going to be problematical for the industry. It 
may also confuse consumers and given them false senses of security and/
or risk. However, properly implemented, regulation could foster well-
placed consumer trust and, thus, promote the adoption of mobile 
payments. Given the importance of information and the complexity of the 
issues involved in regulating the collection and handling of it, public 
policy concerns regarding privacy will loom large for years to come.
    Thank you again for inviting me to appear before you today. I would 
be happy to answer any questions you might have.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                PREPARED STATEMENT OF SARAH JANE HUGHES
University Scholar and Fellow in Commercial Law, Maurer School of Law, 
                         University of Indiana
                             July 10, 2012
    Mr. Chairman, Ranking Member Shelby, and honorable Members of the 
Committee, I am pleased to be invited to discuss mobile payments 
generally, and the benefits and risks that mobile payments offer to 
merchants and other users in the marketplace. \1\
---------------------------------------------------------------------------
     \1\ My prepared remarks and any remarks I may make in response to 
your questions reflect only my own views and do not necessarily reflect 
the views of the Trustees of Indiana University or the Maurer School of 
Law.
---------------------------------------------------------------------------
    Mobile payments are among the most innovative payments options 
emerging across the world. They enable person-to-person and person-to-
business payments using flip phones and text messaging (SMS) in less 
developed countries. In the developed States, where banking systems and 
telecom networks are more regulated, mobile payments are emerging as a 
handy means of making small-dollar payments in the person-to-person and 
person-to-business markets. Perhaps even more importantly in the United 
States, they are enabling the unbanked and under-banked to make 
payments at lower risk and cost than some of the other payment options 
they may have.
    Sponsors of mobile payments services vary significantly in size, 
the breadth and scale of the services offered, and the extent of 
Federal or State regulation to which their businesses generally, and 
their payments services in particular, are subjected. Supervision and 
enforcement also differ significantly.
    Mobile payments providers and developers of special mobile payments 
applications are attracting significant sums in capital investments, 
which suggest promising business models.
    Nationwide merchants such as Starbucks were early adopters of 
mobile payments options for their businesses. Paying for a coffee or a 
snack could be completed before the foam on a specialty drink 
disappeared. Speedier payments, however, can be associated with 
business decisions to lower security safeguards--at least in the credit 
and debit industries.
    Other merchants in the United States--including plumbers and 
participants in farm markets and craft shows, and increasingly 
nonprofit organizations--are beginning to use mobile payments to take 
payments from their retail customers. These may be small transactions 
for a pound of field tomatoes, medium-sized transactions for the 
plumber's house call, or larger payments such as recurring utility, car 
finance or mortgage payments. But, unlike Starbucks where larger-dollar 
purchases are probably rare, nonprofit organizations can take 
contributions or sell quantities of tickets that are much larger in 
dollar terms using mobile payments options. Small-dollar and larger-
dollar transactions may present different risks for merchants, 
consumers, mobile payments providers, and the financial institutions 
that hold the funds sent or received via mobile payments.
    So far, we have not heard much about larger-dollar payments being 
made for recurring purposes, such as mortgage payments or car finance 
installments, but there is little to stop that from happening from a 
technical or legal perspective. For these types of payments, banks have 
expressed concerns about the security of underlying banking account 
information in the hands of relatively new entrants to the payments 
industry. \2\
---------------------------------------------------------------------------
     \2\ Statement for the Record from Robert C. Hunter, Deputy General 
Counsel, The Clearing House Association, L.L.C. to The Subcommittee on 
Financial Institutions and Consumer Credit of the House Committee on 
Financial Services, June 29, 2012 [hereinafter ``The Clearing House 
Association, June 29, 2012 Letter''].
---------------------------------------------------------------------------
    Your letter of invitation laid out many possible topics for 
witnesses to cover. I will focus my remarks on benefits and costs to 
merchants who take or might take mobile payments, and also to the other 
regulatory and enforcement issues their participation in payments may 
present. In some cases, the different issues that consumers and 
merchants have in the marketplace for mobile payments may converge; on 
others, they may diverge. I have identified five areas in which mobile 
payments are likely to benefit our economy and why they are so 
attractive to merchants, and five areas in which mobile payments 
present new concerns that may need to be regulated or harmonized and 
otherwise may require new enforcement approaches. In creating these 
lists, I made no assumptions about how regulation will evolve.
    Turning first to potential benefits of mobile payments, I have five 
topics to cover and have provided one or more examples to illustrate 
the range of issues that may arise.
1. Taking mobile payments is quick and functional.
    Mobile payments--whether utilizing existing credit or debit card 
interchange services or ``rails'' or the services of telecom or other 
providers--have the potential to help the owners of small businesses, 
small nonprofit organizations, and farmers and artisans who bring their 
goods to farmers' markets and craft shows collect payments from their 
retail customers.
    Mobile payments are speedy: they take only a few seconds to 
process. They operate without expensive and bulky equipment. They do 
not require a heavy specialty card reader. (The ``reader'' for Square, 
for example, is only about an inch square and the connector fits into 
the plug on the seller's smart phone or tablet.) Small merchants using 
smart phone apps also can take checks from their retail customers, 
using a feature called ``remote deposit.'' No doubt, Members of the 
Committee have seen ads from USAA and other financial institutions for 
remote deposits for the service members, veterans, and their dependents 
and families who USAA serves.
    In addition, mobile payments, as replacements for magnetic-stripe 
credit and debit cards, may enable merchants in the United States to 
skip the impending transition from mag-stripe to chip-and-pin cards and 
the new readers that chip-and-pin technologies require. Mobile readers 
may be less expensive than chip-and-pin systems.
2. Taking mobile payments helps small business owners collect smaller 
        sums due from retail customers and may help to expand the 
        economy.
    Two of the leading mobile payments services providers, Square and 
Intuit, count among their merchant customers thousands of small 
business operators (such as plumbers) and nonprofit organizations (who 
take mobile payments for tickets sales and for contributions from 
supporters). The less time these merchants have to spend at tellers' 
windows or in line for the ATM, the more time they have to help 
customers, fixing leaking showers or providing services to the 
community. Thus, mobile payments may help smaller businesses maximize 
their productivity and add to the economy's health.
    Mobile payments also help merchants at farmers' markets and craft 
fares make sales they otherwise might not--if the consumer involved has 
to stop and find an ATM machine before completing the purchase.
3. Taking mobile payments may help merchants deter fraudulent charges 
        at the point of sale.
    At two conferences in which I participated earlier this year, 
speakers explained in great detail why mobile payments were safer for 
consumers than payments with traditional plastic credit and debit 
cards; they paid less attention to whether they would be safer for 
merchants as well.
    Unlike a tangible plastic credit or debit card whose credentialing 
and verification protocols--the account number, expiration date, 
customer name, and security code printed on the card itself--remains 
constant, mobile payments offer a more dynamic set of credentials that 
includes the mobile device's location at the time of the payment 
transaction and the ability of the mobile device to generate a unique 
identifier for every payment transaction. Dynamic credentialing is one 
feature that will help merchants--and consumers--avoid fraudulent 
charges.
    Some mobile payments providers such as Square offer merchants 
another credentialing device--a real-time opportunity to match the face 
of the person offering to make the mobile payment with the face shown 
on the mobile device, or with the same merchant's record of the face of 
the person who last used the same mobile device to make a payment. Some 
consumers won't want merchants to store their photos for later 
purposes, but many probably won't care.
    In addition, the geolocation of using the mobile device for 
``proximity'' payments adds a security layer. Geolocation gives 
merchants--as well as processors and providers--an extra level of 
confidence that the mobile device from which the payment instruction or 
order is emanating is in fact the proper one. \3\
---------------------------------------------------------------------------
     \3\ The degree to which counterfeiting of mobile payments 
technology becomes an issue is yet unknown.
---------------------------------------------------------------------------
    Dynamic credentialing, including facial recognition possibilities 
and geolocational information, offers potentially greater safety in 
payments than the more static tangible plastic cards on which we have 
relied for the past 35 years or more.
    The full-scale dynamic credentialing I have described--without 
going into detail about the technologies that support it, primarily 
because they are proprietary technologies in part--may not apply as 
functionally if the mobile device is being used to make a payment 
outside of the merchant's own store. Thus, ``remote'' mobile payments 
could raise some of the same fraudulent charge issues that merchants 
currently face in ``card-not-present'' transactions today in the credit 
and debit card payment spheres.
    We do know that the card industry has created a payment application 
data security standard (PA DSS), much like its relatively successful 
PCI DSS set of security standards (for payment cards). But PCI DSS is 
not an ironclad solution to fraud risks from data interception or 
otherwise, as we learned from the episodes that TJX, Hannaford 
Brothers, and Global Payments experienced. Each of those companies had 
been PCI DSS compliant, but none were the nanosecond following the 
security breaches they suffered. And, once a retailer or processor 
falls out of compliance, it must reprove its security procedures to 
qualify again.
4. Taking mobile payments offers merchants opportunities to build 
        customer loyalty through mobile-based rewards programs, 
        geolocationally based or individually directed advertising, and 
        other information about customers derived from the payment 
        transaction that can be re-used.
    In contrast to traditional tangible plastic credit and debit cards 
that carry only basic credentialing and payment information, mobile 
payments offer merchants potential means of communicating with 
customers that can help merchants build customer loyalty and promote 
special offers.
5. Taking mobile payments allows merchants to reach consumers who do 
        not have demand deposit accounts or their equivalents or credit 
        cards.
    With estimates of the number of unbanked adults in the United 
States upwards of 30 million households [check most recent figure--FTC 
or FRB March, 2012], merchants who take mobile payments may get 
customers who otherwise would have to pay in cash. \4\ Unbanked 
consumers, particularly recent immigrants, often have smart phones 
instead of traditional computers and use smart phones--via mobile 
payments and mobile banking--to make payments to retailers and 
creditors.
---------------------------------------------------------------------------
     \4\ Not having to handle cash or checks is a benefit to merchants 
all of itself in terms of accounting and fraud losses and speeds 
merchants' ability to get the proceeds of transactions into their bank 
accounts and forward to suppliers, landlords, and other creditors.
---------------------------------------------------------------------------
    Unbanked persons' adoption of mobile payments adoption is a means 
of reducing their dependence on cash and cash equivalents such as money 
orders, and may serve as the basis for reducing their costs of 
participating in the retail economy and reducing the risks associated 
with carrying cash.
    Now turning to possible risks or costs merchants (and consumers) 
may experience when taking mobile payments, we will see some overlap 
between risks present in credit and debit card transactions and risks 
in mobile payments. New risks also may arise.
6. Taking mobile payments may not be free from interception risks or 
        from malware applied to the data streams along the path 
        maintained by app providers, intermediary processors, and the 
        ultimate payor (such as the financial institution or telecom) 
        that have affected the credit card industry, and thus may pose 
        security risks similar or additional to those in the current 
        payments marketplace.
    Mobile payments providers emphasize the greater security at the 
point of sale that mobile payments can provide over credit or debit 
cards, for the reasons I have mentioned above. What is less discussed 
is a possibility, if not a probability, that because the payments data 
and accompanying transaction data potentially move through more hands 
on their path to the ultimate payor, there is a greater likelihood of 
data interception (through war-driving interception as the data move 
from the mobile device to the merchant, and from the mobile device to a 
processor and then to the payor and then to the merchant--depending on 
the manner in which the payment is processed) or through malware 
introduced along the path. More simply put, the more participants in 
payments processing the greater the number of opportunities for 
interception or the application of malware.
7. Taking mobile payments and harvesting more consumer information from 
        these payments transactions places more personally identifiable 
        information in the hands of merchants and the payments system 
        participants downstream from merchants--and imposes on them 
        more extensive, and possibly different data-protection 
        responsibilities than they formerly may have had.
    Among the counterweights to the benefits merchants may gain from 
having more information about their customers and targeted, inexpensive 
means of communication with them about merchants' offers, merchants 
will find compliance responsibilities they may not have anticipated. 
The more participants in the mobile payments processing path, the 
greater the number of potential harvesters and holders of personally 
identifiable information and purchase histories.
    The value of these data harvests features at least as prominently 
as the shares of available direct income from marketing the software 
and processing the payments is likely to offer--at least in the United 
States where payments processing had been become increasingly efficient 
(as with checks) or already has been regulated by Congress (debit card 
interchange and some credit card fee limitations).
    Some of these participants are not familiar with Federal and State 
privacy protections or with requirements of Gramm-Leach-Bliley's Title 
V (Privacy) and the Federal Safeguards Rule, of the Fair Credit 
Reporting Act and the Federal Disposal Rule, or with the Children's 
Online Privacy Protection Act (COPPA) \5\ and the COPPA Rule. \6\ Some 
participants will not be covered by either of the first two Acts or 
rules, but probably are already covered by COPPA and its rule. Having 
suitable supervision from Federal and State regulators and suitable 
enforcement resources to protect individuals and this nascent industry 
from bad publicity is an important goal.
---------------------------------------------------------------------------
     \5\ 15 U.S.C. 6501-6506 (2010).
     \6\ 16 C.F.R. Part 312 (2010).
---------------------------------------------------------------------------
    The State of New Jersey recently entered into a settlement with a 
mobile app creator whose target audience was children. \7\ The action, 
brought in the United States District Court for the District of New 
Jersey, alleged that 24 x 7 Digital, LLC, and its owners Mark Yamashita 
and Rei Yoshioka, ``collected, maintained, and transmitted to a third 
party, personal information about children'' in violation of COPPA and 
the COPPA Rule. Among the elements of relief to which the defendants 
agreed was the destruction of the children's personal information--
including the information they transmitted--within five days of the 
entry of the order.
---------------------------------------------------------------------------
     \7\  Chiesa v. 24 x 7 Digital, LLC, et al., Civ. No. 2:12-cv-03402 
(Jun. 26, 2012) (consent decree and order for injunction and other 
relief).
---------------------------------------------------------------------------
    An additional issue with data collected, stored, and transmitted 
involves its treatment in a future bankruptcy proceeding of the 
collector, storage operator, and recipients. The Committee may recall 
the public furor over the fate of children's data in the early days of 
Internet commerce involving an online children's toy store and a 
company called DoubleClick, and the tussle over whether the children's 
personal information--as part of the debtor's ``customer lists'' was 
eligible to be auctioned for the benefit of the debtor's general 
creditors.
8. Taking mobile payments does not necessarily relieve merchants of 
        problems with charge-backs for fraudulent charges or other 
        costs associated with data security problems.
    As the Clearing House Association recently explained to the House 
Committee on Financial Services' Subcommittee on Financial Institutions 
and Consumer Credit, banks ``are usually required to absorb fraud 
liability and always absorb the cost of recredentialing [the consumer] 
regardless of whether they had any connection with the underlying 
breach that compromised the data.'' \8\
---------------------------------------------------------------------------
     \8\ The Clearing House Association, Letter of June 29, 2012, supra 
note 2, at 1, 2, 5.
---------------------------------------------------------------------------
    Another aspect of this issue is that merchants will be dealing with 
more players in the payment than they may be accustomed to, and this 
broader array of counterparties means more contracts to negotiate and 
monitor. Contracts will assign settlement times, charge back rules, 
transactional limits, and costs. Providers may reserve the right to 
change the terms of these agreements frequently, and may or may not 
tolerate patterns of behavior that are less than fully compliant with 
the contracts' provisions. Merchants lose eligibility to participate 
(as happens upon occasion in the credit and debit payments industries) 
and have little ability to be restored to participation in their new-
found payments tools.
9. Taking mobile payments does not relieve merchants of responsibility 
        for payment data integrity or for postpayment data security, 
        and, because of the growing number of payments systems 
        participants, may increase time needed to explain payments to 
        customers, increase fraud risks, and also may create new risks 
        for institutions that hold funds and facilitate settlements.
    This heading subsumes two subgroups of issues. The first relates to 
payment data integrity. Merchants need tools to prevent interference 
with the data stream so that a payment of $10 remains a payment of $10 
as it moves through processing.
    The second relates to postpayment data security at merchant's own 
locations and in their databases. Merchants need to safeguard data 
while the payment is being processed and for whatever time needed to 
respond to charge-backs, etc. They also need to dispose of the data 
properly and safely after it is not needed for any particular purpose 
or ultimately not needed to comply with applicable records retention 
requirements imposed by Federal or State Governments.
    Data integrity (safeguards against alteration or replication of the 
sums the consumer intended to pay and the merchant wanted to receive) 
is important is all payments transactions. We have relatively elaborate 
rules for checks, credit and debit cards, and funds transfers 
(wholesale and retail) to protect data integrity and resolve disputes. 
For consumer transactions with credit and debit cards, Federal law 
provides error resolution and liability limits.
    We also want to provide for postpayment data security. Will the 
same standards that apply to storage of credit card information post-
transaction/payment apply to mobile payments? Will merchants be 
required to store personally identifiable information related to the 
purchase separately from the payment transaction information? Will all 
intermediaries who can collect and maintain data be subject to the same 
obligations--whether from Federal or State laws?
10. Taking mobile payments may--but may not--require merchants to 
        adjust their compliance with Federal statutes, regulations, and 
        executive orders pertaining to the deterrence of money 
        laundering or prohibitions against doing business with concerns 
        from designated foreign States or with ``specially designated 
        nationals''--individuals who are connected or suspected of 
        being connected with drug or arms trafficking or support of 
        terrorism--for purposes of compliance with the panoply of laws 
        and executive orders enforced by the Department of the 
        Treasury's Office of Foreign Assets Control.
    I have left for last the law enforcement issues on my list. Mobile 
payments offer a new set of opportunities to money launderers and those 
who would fund terrorists. Their person-to-person payments capacities 
and their speed and ease of transport are factors. Their abilities to 
disintermediate payments or to layer payments through multiple sets of 
hands are significant enticements for money launderers. Of these 
issues, speedy processing/settlements and disintermediation are the 
most problematic.
    These laws are notoriously hard to enforce and preparing compliance 
plans for businesses eager to comply is a huge industry for law firms 
and consulting companies. Merchants hate these compliance 
responsibilities for their complexity and the effort required to train 
their rotating staffs.
    Payments disintermediation generally, and perhaps the more so for 
mobile payments, is likely to make it harder for Federal agents and 
local law enforcement to spot problems in local markets. 
Disintermediation in mobile payments also may hinder enforcement of AML 
and terrorist-finance control laws and agreements domestically and 
globally.
    Sellers who take mobile payments also may have compliance 
responsibilities--as will providers and processors--with State safety 
and soundness registration and examination regimes for money services 
businesses and with State privacy and data security breach laws.
    In closing, I have focused my remarks on domestic transactions and 
payments in which merchants in the United States and consumers here 
participate. Cross-border transactions and the payments associated with 
them raise other issues--issues that add significant dimensions to 
certain of the issues I have mentioned, with issues pertaining to 
charge-backs and error-resolution rules at one end of the spectrum, 
network and device compatibility in the middle, and issues pertaining 
to taxation and deterrence and identification of money laundering or 
terrorist support--given the wide array of providers and the 
technologies or business models they may deploy--at the opposite end.
    Banks and consumers are justifiably concerned about broader access 
to customers' account information and the enticements that these data 
present to hackers, and even petty thieves. Consumers are justifiably 
nervous about the security of any personal information they convey to 
merchants through mobile devices and their geolocational tracking 
properties. Consumers are justifiably concerned about who will have 
access to their personal information and payment account information as 
it travels, perhaps especially about how much third-party (and 
Government) access there will be to it.
    In terms of the future of regulation of mobile payments, we may see 
self-regulation, the existing mix of State and Federal regulation and 
enforcement--or even some regional compacts such as those that spear-
headed interstate banking in the 1980s, additional Federal regulation 
or enforcement, or even a cross-border or multinational regulation and 
enforcement scheme. A first task is to determine whether the different 
silos of providers--banks and other financial institutions (as defined 
by various Federal laws), telecom providers, mobile app developers, and 
payments intermediaries who are in none of those industries--should be 
regulated under a common set of expectations and requirements, or 
should be regulated according to the role they play in mobile payments.
    Thank you again for the opportunity to be with you today. If you 
have questions about this statement or would like to discuss the issues 
I have discussed further, please contact me.
                                 ______
                                 
                 PREPARED STATEMENT OF THOMAS P. BROWN
  Adjunct Professor, University of California, Berkeley School of Law
                             July 10, 2012
    Chairman Johnson, Ranking Member Shelby, and Members of the 
Committee, thank you for inviting me to appear before you today to 
discuss mobile payments. \1\
---------------------------------------------------------------------------
     \1\ I am appearing today in my capacity as an adjunct professor at 
Berkeley Law School. In my private practice, I have represented and 
currently represent a number of clients that participate in the mobile 
payments industry. The opinions expressed in today's testimony are my 
own and may not represent those of my firm or my clients.
---------------------------------------------------------------------------
    Historically, innovation in the payment industry has not been a 
subject of public interest. I attribute this relative disinterest to 
the fact that recent innovation in the payment industry has been 
invisible to consumers. For more than a quarter of a century, the basic 
mechanics of engaging in a payment transaction have not changed even 
for payment cards, the newest of our payment technologies: approach 
point of sale, select card from wallet or purse, hand card to cashier 
(or swipe the card yourself), and wait for a message that the 
transaction has been authorized (or declined). Although industry 
participants can rightly claim that they have radically transformed the 
process of authorizing the transaction in the past three decades, most 
consumers don't see it this way. \2\
---------------------------------------------------------------------------
     \2\ See, Thomas P. Brown, ``Keeping Electronic Money Valuable: The 
Future of Payments and the Role of Public Authorities'', in Moving 
Money: The Future of Consumer Payments 127, 132-133 (Robert E. Litan 
and Martin Neil Baily eds., 2009).
---------------------------------------------------------------------------
    The phrase ``mobile payments'' elicits a different reaction. People 
are genuinely excited about mobile payments. Some of this excitement 
stems from the eye-popping valuations that some providers of mobile 
payments have reported to the technology press. But much of it appears 
to flow from anticipation that the mash-up of mobile with payments will 
bring a bit of magic to the point of sale. Waving a phone just seems 
cooler than swiping a plastic card.
    Although I look forward to the day when I no longer have to carry 
plastic or paper to buy things, we should not, in my view, measure the 
success of mobile payments by the speed with which waving replaces 
swiping. Existing payment technologies work very well in traditional 
retail environments. In fact, one might say that they were made for 
each other. The retail environments that Americans experience most 
often--multilane retailers, gas stations, quick-service restaurants--
were designed to take full advantage of the virtues of existing payment 
mechanisms (primarily speed at the point of sale). And mobile payment 
technologies will not soon displace the well entrenched incumbents.
    With that said, the bundle of technologies that we generally label 
``mobile'' is rapidly transforming the payment industry. Mobile devices 
are being turned into Point Of Sale (POS) systems. This is enabling 
millions of new merchants to accept electronic payments. It is also 
rapidly changing how existing merchants engage their customers inside 
and outside of traditional retail environments. These changes hint at 
the potentially radical ways in which mobile payments will change how 
people shop, buy, sell, and pay for goods and services. It is 
possible-- though not certain--that mobile payments will further 
undermine the distinctions between financial services companies, 
retailers and communications providers. But these really are just 
hints. At this point, it is impossible to say with any real confidence 
how mobile payments will affect banks, payment companies, merchants and 
customers. It is also far too early to pick winners (or losers) among 
the many mobile payment technologies and companies now emerging.
    In my view, lawmakers should be wary of claims that mobile payments 
need to be further regulated, particularly in the areas of information 
security and privacy. The payment industry, including the mobile 
payment piece, is already heavily regulated. New layers of regulation 
could easily stifle innovation and benefit some providers at the 
expense of others. And any new laws or regulations directed at the 
burgeoning mobile payment industry should be developed on the basis of 
a concrete understanding of the laws and regulations now in place.
    With that preface, I will describe the existing regulatory 
framework for the payment industry, discuss what's truly new about 
mobile payments, and address potential issues related to consumer 
privacy and compatibility.
Existing Regulatory Framework
    Participants in the mobile payments space already face substantial 
costs associated with complying with the existing regulatory regime. 
Firms that want to enter the business typically confront a choice 
between obtaining licenses on a State-by-State basis or working under 
the regulatory authority of a chartered financial institution. And once 
that threshold is crossed, firms in the payment industry shoulder a 
long list of compliance obligations.
    Generally speaking, a firm that wants to enter the payment business 
faces a stark choice: find a suitable regulated chartered partner 
(i.e., a bank or other depository institution) or obtain licenses from 
all 50 States as a money services provider. The first option brings the 
mobile payments provider under the indirect supervision of the State 
and Federal agencies responsible for regulating the chartered partner 
(e.g., FDIC or OCC). This option also carries costs associated with 
revenue-sharing and compliance, although some compliance costs and 
responsibilities may be shared with the chartered partner. The second 
option brings the mobile payments provider under the direct supervision 
of various State entities. It also brings with it the initial burden of 
acquiring State licenses--potentially a multiyear process with 
associated fees and costs that can easily exceed a million dollars. 
Annual maintenance costs for State licensing can also be significant.
    Beyond this choice, firms in the payment industry must comply with 
a long list of laws and regulations. Regulation of consumer financial 
services is complicated. Payments companies--mobile payments included--
are typically bound by Federal law providing consumers with recourse in 
the event of a disputed charge. \3\ Firms that rely on a stored value 
purse to support their payment applications may be required to 
implement Customer Identification Programs and to report suspicious 
transactions to the Federal Financial Crimes Enforcement Network 
(FinCEN). \4\ Firms that support international payments must scrutinize 
their operations for compliance with the requirements laid down by the 
Office of Foreign Assets Control (OFAC). Firms that store customer bank 
account or other payment account data are also subject to State laws 
governing notification to customers and State entities when that 
personal information is compromised. \5\ Finally, although the full 
scope is still being fleshed out, the Consumer Financial Protection 
Bureau has supervisory authority over certain ``covered persons,'' 
including nonbanks. \6\
---------------------------------------------------------------------------
     \3\ For example, for mobile payment transactions involving credit 
cards, Regulation Z, which implements the Federal Truth in Lending Act, 
limits a cardholder's liability to $50 for unauthorized charges. 12 
C.F.R. pt. 226.12(c). Likewise, the Federal Electronic Fund Transfer 
Act provides similar limitations on liability for unauthorized debit 
card charges. 15 U.S.C. 1693g(a).
     \4\ All federally regulated banks are required to have a written 
CIP pursuant to section 326 of the USA PATRIOT Act.
     \5\ At this time, 46 States, the District of Columbia, Puerto 
Rico, and the Virgin Islands have enacted such statutes. The National 
Conference of State Legislatures publishes a comprehensive list, 
available at http://www.ncsl.org/issues-research/telecom/security-
breach-notification-laws.aspx.
     \6\ See, 12 U.S.C. 5514(a)(1)(C).
---------------------------------------------------------------------------
    One potential way to reduce costs is to eliminate the requirement 
that an entity must be licensed by all 50 States to operate nationally. 
There is no apparent benefit, from a prudential standpoint, of such a 
fragmented regulatory regime. This is not to say that licensing itself 
has no value--as in the banking industry, some supervision likely helps 
ensure that mobile payment companies can meet their obligations to 
consumers. This value becomes diluted, however, when that mobile 
payments company must contend with the overlapping, but not identical, 
regulatory requirements across the 50 States. In other contexts, State-
regulated entities are able to ``passport'' a single State license 
across all 50 States, so that compliance with that individual State's 
regulations suffices to allow those entities to do business nationwide. 
\7\
---------------------------------------------------------------------------
     \7\ For example, under the Federal Secure and Fair Enforcement for 
Mortgage Licensing Act (SAFE Act), 12 U.S.C. 5100 et seq., mortgage 
loan operators enjoy uniform licensing standards nationwide, either 
through their home States' participation in the Nationwide Mortgage 
Licensing System and Registry or by those States' establishing 
individual systems that comply with certain Federal standards.
---------------------------------------------------------------------------
Potential Benefit: The Mobile Point of Sale
    Although most of the conversation surrounding mobile payments 
focuses on the possibility of using mobile phones instead of plastic 
cards to initiate transactions, mobile's initial impact on the payment 
industry has been felt on the receiving side of the transaction. 
Existing forms of payment are mobile at least from the perspective of 
the consumer (i.e., with rare exceptions, our wallets and purses follow 
us wherever we go). Until recently, however, electronic payment systems 
were limited to environments that could be reached by fixed line 
communication systems. Advances on the mobile front are releasing this 
constraint.
    The transformation of mobile devices into Point Of Sale (POS) 
systems is taking place on a number of fronts:

    Mobile devices have enabled millions of informal merchants 
        to accept electronic payments. With an app and a small 
        (generally free) device that plugs into the mobile device 
        (known as a ``dongle''), artisans, contractors and farmers now 
        accept payment cards from their customers instead of cash.

    Mobile devices are changing how people shop. By equipping 
        sales associates with tablets and smart phones and sending 
        those associates onto the store floor, traditional retailers 
        are turning the entire retail environment into the point of 
        sale. Customers can make purchases in the aisle, rather than 
        waiting to pass through the check-out line.

    Some retailers are using their customers' mobile devices to 
        extend the point of sale outside the store. They are allowing 
        customers to use their mobile devices to make purchases on 
        their mobile phones (and tablets), go to the store, take the 
        item off the shelf, and walk out of the store without ever 
        having to present a payment card to a sales associate.

    Mobile devices are rapidly changing how people purchase 
        information goods like books, music, movies and software. 
        Again, the mobile device is the point of sale. Consumers use 
        their own tablets and smart phones to access digital 
        marketplaces, purchase books, songs, apps, etc., and read, 
        listen to and use those goods.

    The transformation of the consumer's mobile device into a primary 
point of contact between the merchant and the consumer may have a 
dramatic effect on retail commerce. People tend not to share their 
mobile devices in the same way that they share laptops and personal 
computers. This creates the opportunity for merchants to create 
customized offers for consumers. Most offers currently take the form of 
discounts, location based offers and fairly basic extensions of 
traditional loyalty programs (e.g., buy nine coffee drinks and get the 
tenth free).
    This evolution in payment technology may make it possible for 
restaurants and other small retailers to employ some of the dynamic 
pricing techniques that have been reserved to large-scale travel 
businesses. Outside of the travel industry, customers in most retail 
environments confront a single set of prices. Although different 
customers may be willing to pay very different prices for essentially 
the same service, it is difficult for traditional retailers to 
distinguish one customer from another. As merchants use mobile payment 
technologies to engage more directly with their customers, they may 
begin to employ some of the same strategies used by airlines, hotels 
and car rental companies to maximize traffic in their stores and 
restaurants, setting lower prices for some customers and higher prices 
for others. The extension of dynamic pricing strategies from the 
Nation's airlines to the corner store may not be universally hailed.
Mobile Payments and Privacy
    In order to customize experiences for particular customers, the 
merchant (or payment provider) must have access to information about 
those customers. For example, imagine a restaurant owner trying to 
craft an offer to attract new customers to her restaurant. Our 
hypothetical restaurant owner would likely want to reach out to those 
customers whose spending habits indicate that they like to eat out but 
who have never eaten at her restaurant. But the restaurateur would 
likely want to limit the offer to customers who live in the local area, 
excluding from the scope of the offer tourists and people traveling 
though the area on businesses. Such distinctions immediately implicate 
concerns about consumer privacy.
    The legal and regulatory framework that governs the collection and 
use of information regarding consumers is complex and fragmented. 
Regulatory requirements vary by industry. Financial institutions and 
affiliated third parties, for example, face one set of requirements 
under the Gramm-Leach-Bliley Act. \8\ Credit reporting companies face 
another set of requirements under the Fair Credit Reporting Act. \9\ 
Health care providers face another set of requirements under the Health 
Insurance Portability and Accountability Act's (HIPAA) Privacy Rule. 
\10\ Federal law also imposes specific restrictions on the sharing of 
information about certain kinds of purchases. \11\ Special rules apply 
to certain kinds of information, and the rules can vary depending on 
the manner in which the information is held at the time of disclosure. 
Communications in transit receive a different set of protections, for 
example, than information at rest. \12\
---------------------------------------------------------------------------
     \8\ 15 U.S.C. 6801 et seq.
     \9\ 15 U.S.C. 1681 et seq.
     \10\ See, HIPAA Privacy Regulations, 45 C.F.R. pt.160.
     \11\ For example, information regarding video or video game rental 
or sale records is protected from disclosure pursuant to the Video 
Privacy Protection Act, 18 U.S.C. 2710.
     \12\ ``Electronic communications,'' meaning any transfer of 
information through electronic means, are generally protected from 
disclosure under the Federal Electronic Communications Privacy Act 
(ECPA), 18 U.S.C. 2510 et seq., Title I of the ECPA, known as the 
Wiretap Act, protects electronic communications while in transit. Title 
II of the ECPA, known as the Stored Communications Act, protects 
communications held in electronic storage.
---------------------------------------------------------------------------
    No single agency is responsible for administering Federal privacy 
law. The FTC has shown the most consistent interest in the subject, 
though the Department of Justice gets involved, too, particularly when 
a third party obtains information by illegal means. The prudential 
agencies have historically been responsible for ensuring that the 
financial institutions that fall within their purview adhere to the 
requirements of Gramm-Leach-Bliley. Dodd-Frank has further complicated 
this picture by severing responsibility for supervising adherence with 
GLB's privacy requirements from responsibility for supervising 
adherence to its information security and disposal requirements. \13\
---------------------------------------------------------------------------
     \13\ The Dodd-Frank Act amended Title V of the Gramm-Leach-Bliley 
Act to grant rulemaking authority under Sections 502-509 of that Act to 
the Consumer Financial Protection Bureau (CFPB).
---------------------------------------------------------------------------
    State laws add another level of complexity. A number of States 
purport to limit the information that can be collected from consumers 
in connection with certain types of transactions. California law, for 
example, forbids merchants from, as a condition of sale, requiring or 
requesting personal identification information from consumers who use a 
credit card at a point of sale, \14\ and the California Supreme Court 
has defined a zip code to be personal identification information. \15\ 
And, as noted above, 46 States have enacted laws requiring that 
consumers receive notice if certain information is obtained by a third 
party.
---------------------------------------------------------------------------
     \14\ Cal. Civ. Code. 1747.08(a)(1)-(2).
     \15\ Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 
(2011).
---------------------------------------------------------------------------
    Private law also plays an important role in this area. The major 
card networks restrict the uses to which transaction data can be put. 
Visa's Operating Regulations prohibit a merchant from disclosing a 
cardholder account number, personal information, or other Visa 
Transaction Information to any entity other than a registered third 
party agent, the acquirer, or the acquirer's agent, and that such 
disclosure must be made for the sole purpose of (i) assisting the 
merchant in completing the initial merchant transaction, or (ii) as 
specifically required by law. The payment card networks, through the 
PCI Council, also regulate how merchants and other participants in the 
payment card systems may store information related to payment card 
transactions.
    This complex suite of laws does not advance a single policy 
objective. Much of Federal privacy law is based on the principle that 
consumers should receive notice and choice with respect to the use of 
information about them when that information is being used for 
marketing purposes. As some commentators have observed, it is far from 
clear that consumers actually want to receive such notices. \16\ Other 
aspects of Federal privacy law are directed at protecting consumers 
against misuse of data that relates to them. The Do Not Call Registry 
and the liability caps for unauthorized transactions under Regulation Z 
and Regulation E fall into this category. \17\ Moreover, to the extent 
that privacy laws attempt to enable consumers to shield their 
identities from mobile payment providers or other financial 
institutions, they work at cross purposes with Federal banking law, 
which as noted above requires firms to collect enough information about 
their customers to report suspicious transactions.
---------------------------------------------------------------------------
     \16\ See, e.g., J. Howard Beales, III & Timothy J. Muris, Choice 
or Consequences: Protecting Privacy in Commercial Information, 75 U. 
CHI. L. REV. 109, 113 (2008) (``Few consumers actually take the time to 
read [GLB notices], understand them, and make a conscious choice about 
whether to opt out of information sharing that is not a matter of 
statutory right for the financial institution.'').
     \17\ See id., at 118-20 (explaining that the Do Not Call list 
addressed the problem of unwanted calls at home by focusing on the 
consequence--the call--rather than access to the information necessary 
to produce the call--the consumer's phone number).
---------------------------------------------------------------------------
    This complexity should lead lawmakers and regulators to take 
particular care before creating new laws under the privacy banner. Most 
efforts to protect consumer privacy interests simply make it more 
costly for firms to collect information from consumers and to share 
that information with other firms. But information sharing is not a 
concern per se, and the focus on sharing tends to distract attention 
from the problems that give rise to the concern about sharing in the 
first place--the misuse of sensitive information and the failure to 
take care against the exposure of sensitive information to malicious 
third-parties.
Compatibility
    This leaves the question of compatibility. Of the issues on today's 
agenda, this is the most complex and nuanced.
    Compatibility (or incompatibility) issues can arise at many 
different levels. My iPhone is not, for example, compatible with my 
aunt's Android device. My phone has a different operating system from 
hers, and it connects to one telecommunication network--Verizon--while 
hers connects with another--AT&T. My device supports some applications 
that hers does not. In this sense they are incompatible. But in another 
sense, they are deeply compatible. Even though the phones are different 
in many ways, I can use my phone to call or send emails and texts to 
hers. If we both have accounts with PayPal or Dwolla, I can use my 
phone to send her money.
    As mobile technologies grow in importance as platforms for the 
exchange of value, compatibility issues are likely to arise. Every 
mobile payment application may not work in every environment. 
Starbucks, for example, may choose to keep its mobile payment 
application separate from that offered by Peet's. But incompatibility 
issues at that level should not be a source of concern. Indeed, the 
decision to offer a closed loop payment product may reflect regulatory 
distinctions as much as anything. \18\
---------------------------------------------------------------------------
     \18\ See, e.g., 31 C.F.R. pt. 1022 (FinCEN's final rule relating 
to prepaid access).
---------------------------------------------------------------------------
    With that said, concerns about the interoperability of different 
mobile payment applications cannot be dismissed entirely. Both the 
telecommunications industry and the payment industry have borne witness 
to significant battles over network access and compatibility. \19\ And 
those issues may surface again. Antitrust authorities in Europe are 
currently reviewing a proposed payment joint venture in the U.K. in 
part due to such concerns.
---------------------------------------------------------------------------
     \19\ See, e.g., MCI Commc'ns Corp. v. Am. Tel. & Tel., 708 F.2d 
1081 (7th Cir. 1983); United States v. Visa U.S.A., Inc., 344 F.3d 229 
(2d Cir. 2003).
---------------------------------------------------------------------------
    But--and this is a perspective informed as much by my background as 
an antitrust lawyer as a student of the payment industry--these issues 
are sufficiently nuanced that they are not susceptible to a one-size-
fits-all solution. Issues of compatibility and interoperability need to 
be evaluated on a case-by-case basis. Firms may, as in the Starbucks 
example above, have good reason for rendering their payment 
applications incompatible with the applications offered by others. But 
they may not, and in some instances, incompatibility can be a cause for 
public concern. Fortunately, antitrust law provides a well-developed 
framework for analyzing these issues as they arise on a case-by-case 
basis.
Conclusion
    This is an exciting time for the payment industry. Emerging 
technologies are creating opportunities for financial institutions, 
merchants and consumers to reinvent commerce. This innovation is taking 
place against the backdrop of a very complex regulatory regime, and 
although it is possible to imagine ways in which the regulatory burdens 
facing firms in the area could be reduced (particularly in the area of 
State-by-State licensing requirements), this emerging industry does not 
appear to need any new regulation.
    Thank you again for inviting me to appear today. I am happy to 
answer any of the Committee's questions.
