By Lindsay Wise, The Sacramento Bee
http://www.sacbee.com/2013/03/18/5272860/mobile-wallet-technology-raises.html
WASHINGTON — Your smart phone
already serves as a portable office, media player, newspaper, GPS,
camera and social network hub. Now it can replace your wallet, too.
Imagine:
No more fumbling for credit cards or digging through your pockets for
loose change. The technology already exists to let you buy a grande soy
latte through your phone, simply by saying your name out loud at the
register.
As the number of neighborhood bank branches dwindles,
Americans increasingly use their mobile phones to manage money and shop.
Payments made via mobile devices in the United States are expected to
total $90 billion by 2017, a big jump from the $12.8 billion spent in
2012, according to Forrester, a research and advisory firm headquartered
in Cambridge, Mass.
Privacy advocates worry that the emergence of “mobile wallet”
technology will leave consumers more vulnerable than ever to identity
theft and invasive data collection.
“All of a sudden the mobile
phone is about to be transformed beyond a spy in your pocket to your
bank, your mortgage lender and your landlord,” said Jeffrey Chester, the
executive director of the nonprofit Center for Digital Democracy in
Washington. “In a way, it’s kind of a privacy tipping point, because one
single device knows wherever you go your geographic history, your
social media connections and your financial behaviors.”
One of
the most popular mobile payment systems, Square, enables sellers to
accept credit cards through a small device attached to a cellphone or
tablet.
Consumers who install the “Square Wallet” app on their
phones can pay for an item at participating businesses like Starbucks
without ever having to pull out their wallets – or even their phones.
Instead, they can just say their names to pay. A photo and the name of
the customer pops up at the register, and the cashier taps the picture
to authorize the sale, automatically charging the customer’s account.
Walla.by,
a cloud-based wallet app, allows consumers who input their credit card
information to see which card will get them the most rewards or cash
back for each purchase. The app also helps consumers take advantage of
special offers from banks and merchants.
PayPal, Google and other companies offer similar digital wallets.
Such
technologies offer convenience and real-time deals to consumers while
allowing companies to better track customer behavior and test marketing
strategies. Mobile payments already are widely used in many developing
countries, where cash is scarce and the technology allows people to
transfer money safely over long distances, avoiding theft and bribes.
But
in the United States, the Federal Trade Commission warned in a report
this month that these low-cost or no-cost mobile technologies come with
hidden costs and risks.
Advertisers, retailers, operating system
manufactures and app developers can use the data collected from mobile
devices to build more comprehensive consumer profiles, including
shoppers’ personal contact information, details of their purchases and
their physical locations, the report said.
The report also
points out that if shoppers use prepaid accounts, reloadable cards or
gift cards to pay for purchases via mobile, they won’t enjoy the same
federal protections afforded to credit and debit cards, which limit a
consumer’s liability in the event of fraud or unauthorized charges.
Although
some companies voluntarily agree to limit liability to $50, the
protections aren’t required, “and companies that provide them could
withdraw or modify them at their discretion,” the report stated.
Privacy advocates worry that consumer protection laws are lagging behind the technology.
“At
the end of the day, this is about exposing your financial behaviors to a
daisy chain of financial and other marketers who will have a very
detailed understanding of where you are, where you spend your time and
how you buy,” said Chester of the Center for Digital Democracy.
For
now, consumer protections for mobile payments aren’t really on
policymakers’ agendas, said Chris Jay Hoofnagle, director of information
privacy programs at the Berkeley Center for Law & Technology at the
University of California, Berkeley.
“The FTC knows about these
problems and it has written about them, but we’re very early in this
process and these types of data transfers are not noticeable to the
consumer, so one question is will the consumer ever object?” he said.
“Going to mobile payments – unless rules are put in place – will be zero privacy,” he said.
Hoofnagle
suggests modernizing a California law that prohibits brick-and-mortar
businesses from asking for personal contact information such as a ZIP
code and phone number from consumers who pay by credit card. The idea,
he said, would be to extend those protections to the digital space and
let consumers decide whether to permit the collection of their personal
data during mobile transactions.
As the popularity of mobile payments grows, companies’ privacy practices could face more scrutiny.
Google
Wallet recently came under fire when an Australian app developer
complained in a blog that Google was sending him the names, physical
addresses and emails of customers who bought his app on Google Play, the
company’s store for Android apps, games, music, books, movies and other
digital content.
In response to a letter of inquiry from
Democratic Rep. Hank Johnson of Georgia, Google said that it discloses
in its Google Wallet privacy notice “that we may share your personal
information with third parties as necessary to process your transaction
and maintain your account.”
Information such as name and email
address “is necessary for developers to issue refunds, reversals,
payment adjustments . . . and investigate chargebacks,” Google said in
its written response to Johnson.
Johnson remains concerned,
however. Google should do more to alert customers about the company’s
data-sharing policy at the moment when they make their purchases, the
congressman said in a statement. “A short notice stating the types of
personal information that Google shares with third parties and reasons
for sharing would provide users with greater transparency,” he said.
The
Google Wallet case is alarming because most consumers don’t expect that
their personal information will be sent to app developers whenever they
make a 99-cent video game purchase, said Ashkan Soltani, an independent
researcher and consultant specializing in consumer privacy and security
on the Internet.
“The fact that a random 22-year-old software
developer in the Ukraine that wrote the app in their bedroom gets your
name, address and email when you purchase an app will be surprising to
most people,” he said.
Privacy protections need to be updated to reflect today’s technology, Soltani said.
“From a policy perspective, we want to be careful that the mobile wallets don’t fall through the regulatory cracks,” he said.