The Consumer Financial Protection Bureau outlined guiding principles for protecting consumers as the private sector develops new faster payment systems.
These new systems are aimed at reducing “pocket-to-pocket” payment time between consumers and businesses or other entities. CFPB wants to ensure any new payment systems are secure, transparent, accessible, and affordable for consumers. The systems should also have robust protections when it comes to fraud and error resolution.
“Bake it in,” banks
“Companies developing new financial technologies should be building systems from the outset with consumer protections in mind,” said CFPB Director Richard Cordray in a written statement. “It is a lot easier to build something right from the start than it is to retrofit it. The CFPB will continue our work to help ensure that financial services marketplaces are safe and transparent for consumers.”
Currently, entities such as the Federal Reserve, NACHA, the Clearinghouse, and SWIFT are working on developing real-time or same-day payment systems that could be instituted in the U.S. The latest indications are that it will be several years before a practical system may be put in place.
As enumerated in its statement, CFPB’s consumer protection principles related to faster payment systems:
1. Consumer control over payments
Any new faster payment system must make it clear when, how, and under what terms consumers have authorized a payment. Each payment aligns with what consumers have authorized. Systems should enable consumers to put parameters on the payment, such as limiting the time period for which an authorization is valid, the amount, and the payee. Systems should also specify procedures for consumers to easily revoke authorization.
2. Data and privacy
When helpful to them, consumers are informed of how their data are being transferred through any new payment system, including: what data are being transferred; who has access; how that data can be used; and potential risks.
As appropriate, the systems allow consumers to specify what data can be transferred and whether third parties can access that data. When consumer data are collected, they are only used in ways that benefit consumers. The systems protect against misuse of the data associated with payment transactions.
3. Fraud and error resolution protections
Faster payments should be accompanied by robust consumer protections with respect to mistaken, fraudulent, unauthorized, or otherwise erroneous transactions. System architecture ensures that information is created and recorded to facilitate post-transaction evaluation. Systems provide mechanisms for reversing erroneous and unauthorized transactions quickly once identified. They also provide consumers with regulatory protections, such as Regulation E and Regulation Z, along with other appropriate safeguards.
Faster payments include real-time access to information about the status of transactions. This should include confirmations of payment and receipt of funds. Consumers also receive timely disclosure of the costs, risks, funds availability, and security of payments.
To ensure access and ubiquity, systems are affordable to consumers. Fees charged to consumers are disclosed in a manner that allows consumers to compare the costs of using different available payment options. For consumers using any system, fee structures do not obscure the full cost of making or receiving a payment.
Any new faster system is broadly accessible to consumers. To ensure access and usability, systems are widely accepted by businesses and other consumers. They permit consumer access through qualified intermediaries and other non-depositories, such as mobile wallet providers and payment processors, except to the extent necessary to protect functionality, security, or other key user values.
7. Funds availability
Faster payments bring with them faster guaranteed access to funds, which decreases consumer risk of overdraft and declined transactions due to insufficient funds. Consumers—not just depository institutions or third parties—should be primary beneficiaries of faster clearing and settlement.
8. Security and payment credential value
Systems have strong built-in protections to detect and limit errors, unauthorized transactions, and fraud. These protections safeguard against and respond to data breaches. System architecture and rules enable gateway institutions to offer consumers enhanced security protections.
Systems also limit the value of consumer payment credentials so that security breaches are of limited worth to fraudsters and minimally harmful to consumers. Credential value limits can be implemented with tokenization and other tools that impact the data transferred or stored in connection with payments.
9. Strong accountability mechanisms
These must enable curtailment of system misuse. The goals and incentives of system operators, participants, and end users align against misuse. Commercial participants are accountable for the risks, harm, and costs they introduce to payment systems and are incentivized to prevent and correct fraudulent, unauthorized, or otherwise erroneous transactions for consumers. Systems have automated monitoring capabilities, incentives for participants to report misuse, and transparent enforcement procedures.