Adapt laws to allay mobile payments privacy fears - Berkeley researchers

Americans overwhelming reject mobile payment systems that track their movements or share identification information with retailers, and legislators should considering tweaking credit card laws to address their concerns, say researchers at the University of California, Berkeley.

  0 2 comments

Adapt laws to allay mobile payments privacy fears - Berkeley researchers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In a paper, the university's Chris Hoofnagle, Jennifer Urban and Su Li argue that the fast-developing mobile payments landscape could bring many benefits to consumers; potentially reducing transaction fees, increasing convenience, and even improving security.

However, a major obstacle to adoption is getting merchants on board and convincing them to build infrastructure at the point-of-sale. The best way to do this may be by using mobile payment systems' new capabilities for the collection and use of consumer personal information.

With card transactions, the parties - merchant, card network and bank - all receive different, incomplete information. But mobile payments systems could change this, giving merchants personally-identifiable contact information from consumers and card networks access to data on what people have been buying.

This would provide the various players with a more comprehensive and detailed dossiers about consumer; for example, making it easier for merchants to build customer databases without resorting to loyalty cards, say the researchers.

In addition, some of the new players in the payments market - such as Google, Facebook and PayPal - already appear to have designed their systems to collect purchase data. Currently there are no rules stopping these giants using the information for research and marketing or even sharing it with third parties such as advertisers.

This raises privacy issues that Americans seem to find troubling, according to a survey of 1200 households carried out for the paper. Asked whether they thought that phones should share information with stores when they visit and browse without making a purchase, 96% object to the idea, with 79% stating that they would "definitely not allow" it.

Meanwhile, 81% object to the transfer of their telephone number to a store where they purchase goods, with the same percentage unwilling to share their home address and 67% not even prepared to hand over an e-mail address.

The Berkeley researchers suggest that these concerns could be addressed by adapting existing laws. Since the early 1990s California's legislature, through amendments to the Song-Beverly Credit Card Act, has prohibited merchants from even requesting personal information from customers carrying out credit card payments.

"Given our finding that consumers overwhelmingly reject the collection of personal information at the point of sale via mobile payment systems, we think that the Song-Beverly model should be updated to cover payments systems as well as merchants at the point of sale," argues the paper.

The team emphasises that information could still be shared with merchants but that it would be in the hands of the customers, who could opt-in on a per-transaction basis.

The paper concludes: "The broad agreement we found among Americans that they value privacy at the point of sale, suggests strong support for a modified version of Song-Beverly at the federal level. This would ensure that all Americans' expectations for privacy in their point-of-sale data are respected, and that payments systems operators and merchants alike have one, uniform regulatory model for handling point-of-sale information."

Read the paper here:

Download the document now 763.7 kb (PDF File)
Sponsored [Impact Study] 2024 Fraud Trends in Banking, Insurance, and Beyond

Comments: (2)

Tim Tyler

Tim Tyler Product Manager at Misys

Opt-in is key here. From the reserach that I have been involved in, consumers are happy to "check-in", but reject being "tracked". Services that wish to take advantage of context, i.e. location/activity etc need to be conscious of this. We have seen in the past how publicly people voice their concerns when something goes too far in the direction of Big Brother, such as the iOS location tracking issue from last year. Conversely, the ongoing growth in location based services driven by check-in demonstrates that people are willing to share personal information when it is of benefit to them - but not continuously (which is what mobile phone tracking would do).

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

While developing an LBS mobile app for the US market that automatically logs the smartphone user's location several times a day - to help respond to residency tax audits several years down the line - we came across consumer behavior traits that parallel those mentioned in Tim T's comments above. In fact, some of our users didn't even want their location to be recorded - let alone they being tracked - at pre-defined times like, say, when they were on vacation. All of them insisted upon password protection of the continuously updating location-versus-time log file. Telling them that their data was anyway protected by their phone's lockscreen password didn't work!

Not sure how changing the laws would help. I remember the consumer furore caused last year when some Californian retailers insisted upon the cardholder's zip code before accepting a card payment. 

[Webinar] Unifying Card Programmes: The cost-reduction imperativeFinextra Promoted[Webinar] Unifying Card Programmes: The cost-reduction imperative