Contactless payment systems may literally be the wave of the future, but a coalition of consumer groups is urging caution to protect privacy and security when using the new technology.
Contactless payment systems allow you to make purchases by simply waving your mobile phone or credit card near a device that picks up a radio frequency and debits your credit card, debit card, gift card or mobile phone account. You’ve probably seen the Visa commercials featuring the payWave cards with customers happily partying and breezing through check-out lines.
Let’s not party so fast, says a coalition that includes members of the Consumer Federation of America, Consumer Action and Consumers Union (the nonprofit publisher of Consumer Reports magazine). The groups submitted comments to the U.S. Federal Trade Commission Friday. The FTC is hosting a town hall meeting on contactless payments July 24 at the University of Washington in Seattle to give payment industry executives, consumers and advocates an opportunity to discuss “Pay on the Go,” as contactless payments are often called, and how it may affect consumers.
“As is often the case, law and public policy have not kept up with innovations in technology and business to ensure that consumers can enjoy the benefits of contactless payment with the confidence that they have strong legal protections should problems arise,” the coalition’s statement says.
The groups acknowledge the advantages of contactless: faster transactions (especially for things like mass transit systems), less need to carry cash and change and convenience of keeping track of expenses and receipts.
However, their key concerns are:
Privacy. Unlike cash, contactless payments may allow marketers to track purchasing habits. Mobile phones enabled with contactless technology may provide information about the consumer’s location, which can also be used for marketing and profiling purposes. The consumer groups say people using contactless devices should be given clear notice of the potential for privacy intrusion. “Consumers should be able to make contactless payments without having their activities tracked except for payment processing and record keeping if that is their desire,” the statement says.
Security. The RFID technology used to transmit transactions can be intercepted by anyone with a reader. The consumer groups suggest requiring manufacturers to have password or PIN number security features so that if devices are lost or stolen no one but an authorized user can make purchases.
Dispute rights. Since contactless payments can be made through a variety of methods (credit card, debit card, gift card, directly from a bank account or via a mobile cell phone account), the consumer groups urge federal officials to level the playing field for consumers. Depending on the payment type, a consumer’s right to dispute billing errors or recoup lost or stolen funds varies greatly. Credit card payments offer the greatest consumer protections because cardholders are liable for up to $50 in losses. Debit cards, however, offer no such protection and consumers can lose the entire amount in their accounts. More banks, however, are starting to beef up debit card protections. The groups suggest a safeguard of placing a daily dollar cap on the amount of transactions processed on contactless devices.
They add: “The advent of contactless payment makes the need to harmonize consumers’ payment dispute rights to a uniformly high level of protection more urgent than ever before.”
See related: U.S. Bancorp tries contactless technology, Next generation multi-media credit card unveiled, Cell phone + credit card = Yak, wave, buy, Contactless credit cards floundering, Experts say RFID hacking easy, Wave for ride on NY-NJ public transit