The Federal Trade Commission has released a report, “Paper, Plastic… or Mobile?” (agency pdf; archive pdf) on the growing use of mobile payments and what this means for consumers, including the privacy and security of their financial data. (Last month, the FTC released a report about mobile privacy disclosures.) In a news release, the FTC said:
The mobile payments arena is growing quickly, and the report notes that mobile payment systems can provide innovative and convenient options for consumers. But the report also notes three major areas of potential concern for consumers.
First, the report encourages companies to develop clear policies on how consumers can resolve disputes arising from a fraudulent mobile payment or an unauthorized charge. […]
The report also highlights the growing problem of mobile “cramming,” which occurs when third parties place unauthorized charges onto consumers’ mobile phone bills. The Commission discussed this issue in its previous comment to the Federal Communications Commission, and the FTC staff has announced a mobile cramming roundtable to be held in May. […]
Second, the report encourages industry-wide adoption of strong measures to ensure security throughout the mobile payment process. The report addresses ways sensitive financial information can be kept secure during the mobile payment process, such as through end-to-end encryption. […]
Third, the report highlights the need for companies in the mobile payment sphere to practice “privacy by design,” incorporating strong privacy practices, consumer choice, and transparency into their products from the outset. Doing so, the report notes, increases the likelihood of consumer trust in the mobile payment process.
The report also notes the privacy issues arising from the consolidation of consumers’ personal information in the mobile payment process. In a traditional credit card transaction, a merchant will have sensitive financial information about consumers, but will generally not also have their contact information and a record of their location. Mobile payment providers also potentially have access to a much larger cache of personal information stored on the consumer’s mobile device.