Apple Pay is already available to many iPhone users, but the iWatch, which allows consumers to buy things with little more than a wave of the wrist, could significantly accelerate adoption among Apple customers and retailers. Assuming, that is, that users warm to the new payments technology enough to get over fears about stolen accounts. They should. Smartphone-based payments are typically more secure than credit cards. Why is that? [Read more…]
Most cell phone and tablet users can purchase digital goods and charge them to their monthly bill or prepaid phone account. But they may not get the protections they need to limit their financial liability if something goes wrong with the transaction. The protections consumers receive will vary depending on their wireless carrier’s policies and what?s in their cell phone contract, according to a new analysis by Consumers Union.
“Consumers using mobile payments should get the same strong protections they currently enjoy when they make purchases with a credit card or debit card,” said Michelle Jun, senior attorney for Consumers Union, the nonprofit advocacy arm of Consumer Reports. “But we found that consumer rights can vary widely between wireless carriers and the protections carriers claim to provide are often nowhere to be found in customer contracts.”
In May 2011, Consumers Union called on the top wireless carriers to strengthen their contracts to protect consumers in the event that their phone is lost or stolen or if a merchant makes a billing mistake or the customer is not satisfied with a purchase. The consumer group urged the carriers to provide the same strong protections guaranteed by law when consumers use a credit card or debit card. In addition, Consumers Union pressed the companies to provide consumers across the country with the same protections California phone customers are entitled to receive as a result of regulations issued by the state’s Public Utilities Commission (PUC).
Since May, Consumers Union has been in communication with representatives from AT&T, Sprint, T-Mobile, and Verizon Wireless to find out how they handle disputed mobile payment transactions. All four carriers maintain that they provide ample protections for consumers.
However, Consumers Union found that the protections these carriers provide fall short of what consumers get when they use credit cards and debit cards or when California consumers report a disputed charge on their phone accounts. In addition, many of the protections that wireless carrier representatives described to Consumers Union are not disclosed in customer contracts, making it difficult to know whether consumers can count on these safeguards when problems arise.
“As new mobile payment options become available, consumers are better off sticking to services linked to credit cards or debit cards, which come with strong protections required by law,” said Jun. “If wireless carriers want consumers to have confidence in direct carrier billing programs, they should strengthen their contracts with the protections consumers need.”
Below is a summary of the protections that Consumers Union analyzed and what is provided by the top wireless carriers:
Limit liability when phones are lost or stolen: A credit card customer’s liability is limited to no more than $50 for unauthorized charges. In practice, credit card issuers usually shield customers from any financial liability for fraudulent charges. Verizon Wireless? contract makes clear that its customers are not liable for charges related to a lost or stolen phone. Contracts for AT&T, Sprint, and T-Mobile protect customers from fraudulent charges made after a phone is reported lost or stolen but consumers may be on the hook for charges made before making a report.
Limit liability for disputed charges: If a billing error appears on a monthly credit card statement, there is no liability for the customer as long as the customer reports the error within 60 days. “Billing error” also includes a dispute with a merchant about the delivery or acceptability of goods or services. While all four wireless carriers insist they provide refunds for billing errors or when customers are unhappy with purchases, these rights are not clearly disclosed in their contracts.
Re-credit pre-paid customers within 10 days for disputed charges: After a consumer reports a fraudulent transaction involving a debit card, the bank must either complete its investigation within 10 business days or provisionally re-credit the consumer’s funds within that time. AT&T, Sprint, and T-Mobile indicated that they strive to provide prompt refunds but none guarantee in their contracts that pre-paid customers will get a provisional refund within ten days after reporting fraudulent charges. Verizon Wireless does not allow customers with pre-paid phone accounts to make mobile payment charges.
Give customers the right to withhold payments for disputed charges: California’s PUC rule gives phone customers in that state the right to withhold payment of disputed charges while an investigation is conducted and requires investigations to be completed within 30 days. Sprint’s contract indicates that customers don’t have to pay for disputed charges as long as they are reported within 60 days. AT&T said that it gives all customers the right to withhold payments during an investigation but its contract only discloses this right to Californians. T-Mobile discloses these rights for California customers but not for customers living in other states. Verizon Wireless’ contract allows customers to withhold payment for charges related to lost or stolen phones but it does not indicate that consumers have this same right for other kinds of disputed charges.
Enable customers to set a cap on mobile payment charges: The California PUC rule allows consumers to block third party charges on their accounts. All four wireless carriers allow customers to block third party charges but AT&T and Sprint do not disclose this right in their contracts. AT&T, Sprint and Verizon Wireless set their own dollar limits on allowable charges (AT&T has a $100 limit per month per line while Sprint and Verizon Wireless limit charges to $25 per month per line). AT&T enables consumers to set their own limits but charges $4.99 per line each month to do so.
For more details, see How Top Wireless Carriers Compare on Consumers Protections for Mobile Payments.
For Consumers Union’s mobile payment tips for consumers, see: Mobile Payments Tip Sheet: What Can Consumers Do Now
Source: Consumers Union
Earlier this month, T-Mobile announced that it will soon launch a new service that will enable its customers to purchase digital content using their smartphone, PC, or tablet and bill it to their phone accounts. T-Mobile’s announcement is just the latest development in emerging mobile payment services that raises concerns about whether consumers will be protected from fraud or merchant mistakes, according to Consumers Union, the nonprofit publisher of Consumer Reports.
“Mobile payment products promise a new, convenient way to pay but consumers could end up losing money if something goes wrong with their transaction,” said Michelle Jun, Senior Attorney for Consumers Union. “Consumers need to be protected in the event of a billing error or if the goods they order aren’t as promised or if they become victims of fraud. Mobile payment services like the one being launched by T-Mobile could put consumers at risk and fail to provide the protections they deserve.”
Read more, via Consumers Union.
As the use of mobile payments grows globally, so too does the risk of mobile payments fraud. Gartner, and other eminent research companies, predict that these services will be extremely attractive to fraudsters and those seeking vehicles for money laundering. According to Gartner, mobile payment services are expected to reach US$245 billion in value worldwide by 2014.
According to Neural Technologies, an appreciation of the fraud and risk threats posed by mobile payments can be achieved through understanding the various mobile payment products and services on offer, as well as the different technologies used to deliver them. [Read more…]
Mobile payments are being touted as the next big thing for consumers but could pose a financial risk when mistakes are made by merchants or if a phone is lost or stolen and used to make fraudulent charges. Consumers Union, the nonprofit publisher of Consumer Reports, is calling on wireless carriers to make sure consumers are protected from mobile payment fraud and mistakes by adopting strong safeguards in customer contracts.
In a recent report on mobile payments, the group highlighted how consumer protections vary widely for different mobile payment methods, how wireless carrier contracts fail to provide needed safeguards, and tips for consumers using mobile payments. Consumers Union has launched a Facebook campaign to encourage wireless carriers to adopt stronger contractual protections for mobile payments linked to wireless accounts.
“As more Americans start using mobile phones to make purchases, we need to make sure that consumer protections keep pace with all the new technological advances,” said Michelle Jun, senior attorney for Consumers Union’s Defend Your Dollars campaign. “Consumers shouldn’t have to worry that a lost or stolen mobile phone or billing error could turn into a costly financial headache.”
On May 23, 2011, Consumers Union sent letters to 18 wireless carriers urging them to strengthen their contracts so consumers using mobile payments are provided protections similar to those offered to credit card or debit card users. CREDO Mobile is the only wireless carrier that has responded to the letter to date. CREDO maintains that it provides ample safeguards, although Consumers Union believes its contract could be strengthened to more fully protect consumers.
Federal law currently offers protection to consumers in the event that their credit card or debit card is lost, stolen or misused. Credit cards provide the strongest protections that help limit a consumer’s liability, while debit cards provide some, but not all, of these protections. If mobile payment transactions are linked to credit cards or debit cards, then consumers are entitled to the same guaranteed federal protections that apply when a credit card or debit card is used directly in a transaction.
Unfortunately, mobile charges linked to other forms of payment don’t enjoy any of these legal protections. For example, if a mobile payment transaction is funded by a prepaid card or gift card, consumers are not entitled to any federal protections that limit how much money they can lose to unauthorized transactions or errors. If the payment service is provided directly by the wireless carrier and the charges appear on the customer’s cell phone bill, the product might escape consumer protections entirely unless the contract provides them. If the wireless carrier asks the consumer to make a prepaid deposit to cover future charges, protections also will be missing unless they are included in the contract.
Consumers Union reviewed the contracts of 18 wireless carriers to find out what kind of baseline protections they provided to consumers regardless of the kind of mobile payment method used to make charges:
- None of the wireless contracts provided protections for mobile payment transactions that are as strong as those guaranteed by law when consumers make purchases using a credit card or debit card. Consumers making mobile payments linked to wireless phone accounts, prepaid cards, or gift cards run the risk of losing funds to fraudulent or erroneous charges.
- 16 of the 18 wireless contracts require consumers to pay for charges resulting from merchant mistakes or other errors while an investigation of disputed charges is pending. One wireless contract did not address this issue. Consumers using mobile payments linked to credit cards have the right to withhold payments for all disputed charges, including merchant mistakes. Consumers using other forms of mobile payments, including those whose charges are linked to wireless accounts, would not have this same legal right.
- Only four of the 18 wireless contracts explicitly protect consumers from being held liable for disputed charges when a mobile device is lost or stolen. Consumers using mobile payments linked to credit cards and debit cards can limit their financial liability by promptly reporting a lost or stolen phone. Mobile charges linked to other forms of payment, including those billed to wireless accounts, do not receive these same legal protections.
- Seven of the 18 wireless carrier contracts explicitly require consumers to pay late fees if they decide to withhold payments for disputed charges. Consumers using mobile payments linked directly to wireless phone accounts would be subject to late fees if they failed to pay for disputed charges by the due date.
Consumers Union has called on wireless carriers to strengthen their contracts by adding a number of protections against unauthorized or erroneous mobile payment charges, including:
- Limit a consumer’s liability for unauthorized transactions to $50 when false charges are made due to a lost or stolen mobile device
- Limit a consumer’s liability for erroneous charges to a prepaid wireless phone deposit or a wireless phone bill
- Give consumers the right to have missing funds from disputed transactions re-credited within 10 business days
- Give consumers the right to withhold payment of any disputed charges while an investigation is pending and protection from penalties for withholding payment on these charges
- Enable consumers to set a cap on the dollar amount for mobile payments which can be directly made to wireless accounts
“Ultimately, the new Consumer Financial Protection Bureau will need to enact mandatory protections for consumers that cover all forms of mobile payments,” said Jun. “In the meantime, wireless carriers should provide strong mobile payment safeguards in their contracts so consumers don’t lose money to mistakes or fraudulent charges. Other mobile payment service providers should adopt similar protections.”
- Defend Your Dollars
- REPORT – Mobile Pay or Mobile Mess: Closing the Gap Between Mobile Payment Systems and Consumer Protections (PDF)
Source: Consumer Reports
ThreatMetrix, a provider of fraud prevention solutions that do not require personally identifiable information (PII), today announced the availability of the ThreatMetrix Cloud-Based Fraud Prevention Platform, which incorporates cookieless device identification and enhanced mobile authentication that makes it easy for banks, merchants, online businesses, payment gateways and payment providers to detect and screen for fraud. The comprehensive fraud platform helps companies fight online fraud during account creation, login authentication and payment authorization regardless of the device. With the growth of mobile commerce and mobile banking, there is a growing need for fraud solutions in this channel.
“The ThreatMetrix Cloud-Based Fraud Prevention Platform provides companies with the ability to authenticate payments, new accounts and returning customers online regardless of the device involved — be it a smartphone, personal or tablet computer — without requiring a forklift install of hardware or software,” said Reed Taussig, president and CEO, ThreatMetrix. “A smarter approach to device identification combined with aggregated fraud intelligence in the cloud allows customers to benefit from proactive protection without needing to share personally identifiable information.”
ThreatMetrix’s solution to cookieless device identification, called ThreatMetrix SmartID, goes beyond traditional device identification solutions by incorporating device fingerprint attributes instead of cookies, which can be wiped or blocked. ThreatMetrix SmartID, which incorporates unique TCIP/IP packet intelligence, cross correlates and scores device attributes and behavior with session and browser cookies to more accurately establish and authenticate a device identity.
“Using ThreatMetrix SmartID, ThreatMetrix provides the most effective first perimeter of defense for transaction security from cybercrime, hidden proxies, scripted attacks and cookie and browser manipulation by fraudsters,” said Taussig.
The ThreatMetrix Cloud-Based Fraud Prevention Platform
The ThreatMetrix Cloud-Based Fraud Prevention Platform includes several new features including:
- Enterprise Risk Engine: ThreatMetrix provides real-time contextual scoring based on device, customer and transaction attributes and historic analysis through a customer configurable rules engine. Default rules and algorithms will detect many anomalies such as hidden proxies, high-risk geographies, anomalous language and time settings, potential cookie wiping and blacklisted attributes. More advanced rules allow for correlation of other transaction data such as detecting multiple identities, payment accounts or shipping addresses used by the same device, or an unusually high volume of transactions from a device across the ThreatMetrix network. ThreatMetrix rules can be updated by analysts and activated immediately to respond to changing threats.
- Global Network Intelligence: ThreatMetrix customers benefit from anonymous and aggregated device and transaction behavior seen across the global ThreatMetrix network through both automated scoring as well as customizable fraud filters. The ThreatMetrix Cloud-Based Fraud Prevention Platform provides proactive protection that gets smarter with every customer and transaction without, requiring extensive manual input.
- Queue Management: Manual review of transactions is time consuming and expensive. To address this, ThreatMetrix allows for custom tuning of rules to reduce false positives, and also automated assignment of transactions to analyst queues by configurable rules. This enables analysts to focus on the highest risk transactions, based on score, transaction amount, or criteria such as geographical origin, for instance. When a transaction is reviewed, it can be marked as rejected/accepted to improve the ability of ThreatMetrix to score transactions through predictive scoring.
- Customizable Alerting: ThreatMetrix supports automated alert rules to notify an analyst by email when a transaction meets specified criteria. These alerts can be set based on risk, transaction or device attributes, or associated with specific fraud behavior. Alert content can be customized and linked directly back to the transaction for review.
- Online Portal and Dashboard for Transaction Monitoring and Link Analysis: In addition to a real-time API that immediately returns device identifiers, anomaly indicators and risk scores, ThreatMetrix provides an online portal to review past transactions. It includes a dashboard that shows recent high-risk transactions and trends, as well as advanced search capabilities to assist fraud analysts in finding related transactions and discovering links between suspicious activities.
- Bulletproof Security and Privacy Protection: ThreatMetrix provides advanced device identification technology to detect and alert based on suspicious device anomalies. For even more powerful fraud detection, transaction identifiers (such as an email address, payment account hash, phone number, etc.) can be passed to allow for more correlation. When provided, ThreatMetrix protects these identifiers with encryption and one-way hashing so the data is never exposed or shared. In addition, power role-based permissions and full auditing meet and exceed enterprise security compliance requirements.
ClairMail has announced a new mobile fraud management solution for Financial Institutions (FIs) and their customers to oversee and quickly respond to fraudulent transactions directly through the mobile channel. ClairMail’s Fraud Solution works with existing FI fraud systems and processes to help mitigate card, Direct Deposit Account (DDA), online banking and identity fraud by leveraging all the capabilities of the ubiquitous mobile device and the robust alerting and orchestration capabilities of the ClairMail platform.
ClairMail’s Fraud Solution is the first release of a family of business-level solutions that demonstrate how the mobile channel can power new mobile capabilities, products and packages across the entire enterprise while bolstering the value and return on investment the mobile channel brings to the institution. Mobile banking has largely been viewed as an extension of online banking, but by implementing a solution that is scalable across bank functions and products, like ClairMail’s Fraud Solution, FI’s can drive new fee-based services, reduce servicing and risk management costs, enhance customer loyalty and acquisition and increase mobile banking adoption.
“While more consumers are adopting mobile banking, the full value of the mobile channel has yet to be realized. Consumers and FIs will gain the most benefit when they can leverage the unique features of the mobile device,” said Pete Daffern, CEO of ClairMail. “Enabling consumers to monitor, respond and resolve fraudulent transactions on their mobile device not only deepens the relational trust between that customer and their bank, it reduces costs for everyone by reducing false positives and minimizing the cost and time of fraud resolution. ClairMail’s Fraud Solution demonstrates our continual commitment to leverage the unique attributes of the mobile channel to help financial institutions strategically grow their mobile initiative to meet customer demand and achieve profitability.”
Recent studies have shown that a huge percentage of fraud loss to both consumers and the bank happen in a relatively short time window following an intrusion. While ClairMail’s Fraud Solution compliments existing fraud systems, it takes fraud prevention further by enabling FIs to generate and deliver real-time, consumer-defined alerts that allow customers to monitor account spending and identify fraudulent transactions more quickly. In addition, ClairMail’s Fraud Solution extends existing fraud detection and mitigation processes by using timely two-way alerts and workflow orchestration to verify potentially fraudulent transactions, more quickly detect false positives and bring to resolution any potential fraud incident – all from the mobile device. ClairMail’s reporting capabilities also provide pertinent information as to which alerts are being responded to and which are not, furthering the customizability, relevance and cost-effectiveness for the FI.
ClairMail’s Fraud Solution leverages the alert and orchestration engines of its mobile platform:
- Lowers fraud risk and associated costs for both the bank and consumer through early detection of fraudulent activity using ClairMail’s alerting engine that delivers timely, actionable consumer or FI-driven alerts enabling consumers to instantly identify suspect transactions, respond, and resolve potential fraud incidents right from the mobile device. Alert escalation and workflow capabilities ensure that user commands on the mobile device and required communication with the institution’s back-end systems are coordinated as part of a single set of detection and resolutions processes.
- Reduces reputational risk and improves customer loyalty and acquisition by becoming a trusted partner with the consumer in the war against fraud and offering safer and more feature-rich card and bank services.
- Create product differentiation and new revenue opportunities by introducing new fee-based products, services and offers driven by consumer alert preferences.
“The mobile channel has become an essential tool for financial institutions to combat increasing fraud rates seen across the United States and Europe, providing the ability for customers to proactively detect and prevent fraud activity on their accounts,” said Julie McNelley, senior analyst at Aite Group’s Retail Banking practice. “ClairMail’s new mobile fraud solution demonstrates the growing importance for FIs to take a strategic approach to mobile banking – extending mobile capabilities across the organization to create new fee-based services and products, help increase profitability, mitigate fraud losses and enhance the trust and relationship between the FI and its customers.”