Using apps for financial and payment services

Research conducted by information technology research and advisory company Gartner has predicted that total Global value of mobile payments will soar to $600bn worldwide by 2016¹. Businesses need to appreciate that payment and financial services regulation has kept up with technology and is generally medium neutral. In this article we explore some common themes.

What price security?

The slow but sure fragmentation of the payment provider market, the relentless march of new technology and the drive for market share is challenging the current status quo of “security first, convenience later”. Mobile devices and apps that incorporate Near Field Communication (“NFC”) technology (or similar) and can enable swipe payments at compatible terminals and person to person, are based around convenience of use. There is a natural wish to reduce the level of ‘speed bumps’ in the payment process, such as compulsory use of PIN numbers and passwords. However, payment providers should not lose sight of the fact that the Payment Services Regulations 2009 places the risk of unauthorised transactions on the payment service provider (in the absence of customer wrong doing or gross negligence in keeping their security details safe). Therefore, if little or no security is applied to certain types of payment transaction (for example smaller value amounts), the payment service provider is very much exposed to claims of unauthorised transactions.

The issue is that the more the e-money is presented as an alternative to cash, the more payment service providers need to remember that the risk of an unauthorised cash payment (i.e. theft) sits with the consumer, whereas the risk of an unauthorised e-money payment sits with the provider. In our view there is a balance to be drawn between creating a streamlined, user friendly process, whilst at the same time ensuring that process is sufficiently secure.

Are you a money remitter?

Customer demand for speed and convenience has led to a sharp rise in the number of online intermediaries who have developed apps that aggregate consumer purchasing activity onto a single platform, often focused on a particular community or offering particular deals. The technology provider that processes the payments taken through these sites and passes payment to the merchants who supply the goods could be the brand owner that runs the app, or a third party. These parties need to check whether in processing these payments it is carrying out ‘payment services’ as defined in the Payment Services Regulations 2009. One of the regulated payment services is ‘money remittance’, being the simple act of providing a service whereby money can be transferred from A, through B’s hands, to C. Without proper care ‘B’ could find itself carrying out a remittance service for which it needs a license. It is important to take account of these issues at the outset, when payment flows and merchant agreements are being considered, to ensure best use is made of exemptions or other parties who already have the correct licenses.

E-money

Many non-traditional financial services providers are seeking to operate alternative non-bank payment accounts through the offer of ‘e-wallets’, whereby in exchange for cash electronic value is issued that can be redeemed at a range of merchants or even through payment systems such as VISA or Mastercard. The concept is particularly suited to app technology, whereby an app interface can be used on the go to monitor and use the functionality of an e-wallet account. Mobile device operators and merchants need to be careful that they do not inadvertently find themselves issuing e-money without a license in connection with allowing customers to pre-fund app based accounts. Under the E-Money Regulations, there are two important exemptions from the activity of “issuing e-money”:

• The “limited network” exemption which applies where the e-money can only be used across a limited network of service providers for a limited range of goods and services; and
• The “electronic devices operator” exemption, which applies where an operator issues e-money to be used for payments executed using a mobile or other technology device and the goods or services purchased are delivered and used through that device - such as digital content. Provided the device operator adds value to that offering, such as through search or app functionality, an exemption is available. This exemption could cover most types of downloadable content to be used in apps, for example, digital maps, games or apps that enable the user to read content.

Sanctions for getting it wrong include criminal offences and significant fines, not to mention potential reputational damage and the cost of re-engineering products.

The above considerations are just a few examples of how apps can bring operators into the realm of financial services regulation. Other examples would include apps that advertise financial services products or services of third parties, or otherwise assist in making arrangements for users to consumer financial services. App developers and brand owners should be aware of the need to consider the extent to which the app might be performing a regulated activity in order to build compliance into the development, build and launch. The laws are not created specifically with apps in mind and often demand creative solutions from developers and their lawyers in order to navigate the red tape.

If you have any questions on this article please contact us.

Regulatory

Privacy & Cookie Policy

Terms of Use

© 2021 Taylor Wessing LLP