both helpful
advertisement
Online and mobile payments & digital content products Chiang Mai April 3rd 2014 Robin Simpson Consumers International consumersinternational.org meeting of minds • ISO TC 68 financial services/SC7/WG10 on draft ISO 12812 mobile financial services; • most members industry stakeholders; inc. US federal reserve bank, Kenya central bank, European Payments Council; • OECD Consumer policy committee • mainly OECD CP agencies + CI + Business & Industry Advisory Committee • Both working on mobile payments • CI the only common member Draft standard ISO 12812 Mobile financial services; 5 papers: • General framework; • Security & data protection; • Financial application management; • Mobile payments to a person (P2P) • Mobile payments to a business (C2B) • Great debate over titles- what is a person? consumersinternational.org ISO: Key issues for CI • POCP: plain old consumer protection: contract terms, transparency, complaints/dispute resolution; • Liability for breaches of security- big debate across all papers: OECD work very helpful in support; • principles of data protection: across all papers; • Financial inclusion; CI invited to draft; • Abandoned/dormant assets; CI raised & agreed; • Good practices: transaction logs, pop-ups for billing notices, legal status of electronic receipts; facilities for visually handicapped; ISO: Lessons (1) • standards cannot legislate, but may become, or may support, legislation downstream; • Standards tend to be positive: promote good practice; laws tend to be negative: suppress bad practice; • Not possible to determine legal issue but to raise them, eg liability for security breaches; • What is basic to us (eg CP) may be new to others; • What is basic to them may be new to us: eg difference between mobile wallet and electronic purse? And in the cloud or in the phone? Lessons (2) • involve the members, they are the experts and give us legitimacy and real world experience; • ask the naïve question; eg how can tapping 2 phones together be a remote payment? • submit amendments in writing: makes it easier for the drafters; shows we are serious; forces us to be clear to ourselves and our members; • Be open-minded but aware; • check, check + check again; Next steps • Committee draft ballot during next 2 months; CI members can lobby national standards bodies; • WG 10 considers proposals for amendment; • Draft international standard in September; • CI members lobby NSBs again; (please!) • It still may fall due to widespread industry preference for restriction to matters of interoperability; • Standard published 2015; • Revision after 5 years; OECD: Consumer Policy Committee • Review of 1999 OECD e-commerce guidelines; • Future of Internet Economy: • Mobile/online payments common to both & signed off • Digital content paper to be finally agreed next week; • New & revised instruments: influence of policy guidance indicates ‘soft power’ of OECD; • CI participated in drafting guidelines on ecommerce, (1999); dispute resolution (2007); now m-commerce; Draft policy guidance on mobile and online payments 1. Information disclosure 2. Privacy 3. Security 4. Confirmation process 5. Children 6. Varying levels of protection 7. Fraudulent, misleading, unfair commercial practices 8. Dispute resolution and redress Definitive 2012 report - CP in online & mobile payments Transaction information • Accessibility and readability of payment-related information • Complexity of payment terms and conditions • Clarity and transparency of billing statements • Rather similar to ISO but much more detailed Privacy • • • • Privacy protection features: great debate Data collection limitations Express consent for sensitive data Standardized privacy disclosures and choice mechanisms OECD guidelines on privacy Principles drafted 1980 updated in 2013: • Collection limitation; • Data quality; • Purpose specification; • Use limitation; • Security safeguards; • openness; • Individual participation; • Accountability; Security • Timely and effective redress mechanisms when data is compromised; • liability policy: read across by ISO; • Development of minimum levels of protection; • Consumer education and awareness; • 2002 OECD security guidelines; emphasis on shared responsibility of ‘participants’; 2002 OECD security guidelines • • • • • • • • • Awareness; Responsibility: Response; Ethics; Democracy; Risk assessment; Security design & implementation; Security management; Reassessment; children • Great debate: children cannot enter contracts; • Tools for preventing or limiting charges; limitations and caps; • Advice and help to parents; • Children’s access to mobile payment can enhance their security in daily life; eg bus-fares, money for meals; OECD: Guidance on Digital products • Ongoing: agreement imminent; • Overlap with mobile & online payments: privacy, security, protection of children, dispute resolution; • Stronger elements on personal data protection; • Issue of technical locks; • Does not deal with intellectual property; What does CI want? UN guidelines • Data protection. OECD & ISO both helpful; • Technological neutrality of CP: both helpful; • Access to knowledge: technologically helpful in sense of promotion but legally neutral; • Technical locks: OECD helpful; • Interoperability: ISO helpful; • Dispute resolution: both helpful; • Contract terms, transparency, security: both helpful; • Liability: both very restrained but recognise the issue; Was it worth it? • Not yet finished but probably yes in both cases; • Well yes I would say that wouldn’t I? You would if you got to visit, Paris (several times), Boston, Barcelona, Bangkok, Chiang Mai. The ‘Paris was hell’ syndrome: the meeting was horrible and when and where is the next one? Of course I have to go. • More to do on intellectual property, technical locks, liability policy; CP in cash transfers & remittances; • Keep up the good work; rsimpson@consint.org consumersinternational.org
