Legal Seminar, Denver, CO

071018 Discussion Draft

b. Regulation Z (12 CFR § 1026), now issued by the CFPB, regulates disclosure and advertising to implement truth in lending laws and other consumer protection measures. c. Regulation E also potentially governs debit and gift cards. d. Note that while laws provided consumer protection for fraudulent charges, limiting their exposure to $50 if there was timely disclosure, the card associations have generally done better than this – waiving all liability for consumer accounts. o Note how this promotes trust. No one in the payments industry makes money if the payment system is not utilized. o But also note that if consumers don’t bear the risk of fraud, it must be shifted elsewhere. (See below). e. Consumer protections for fraud and error help to make payment cards attractive. Charge-backs occur for technical reasons (such as an expired authorization), clerical (entry of an incorrect amount), quality (consumer claims breach), or fraud (identity theft or other unauthorized used). See Dabertin & Dubow, supra , at 31. Merchants or acquiring banks (i.e., those banks that establish the relationship with the merchant as their customer) f. Like other forms of payment, participating firms must comply with BSA/AML requirements to establish and maintain a written anti-money laundering program. Moreover, payment card associations maintain a “Member Alert to Control High Risk” (MATCH) list, which must be consulted when a new merchant relationship is established pursuant to card association rules. o Card issuers, payment processors, or acquiring banks can report merchants for inclusion on this list whenever they generate a high-rate of charge-backs from consumers, reflecting the possibility of fraud or other unlawful activities. o This private initiative thus supplements AML requirements otherwise imposed by law. See Dabertin & Dubow, supra , at 25-26. g. Data security standards provide another example in which private ordering initiatives within and between card associations impose security requirements by contract. For a detailed history, see Edward A. Morse & Vasant Raval, Private Ordering in Light of the Law, Achieving Consumer Protection Through Payment Card Security Measures , 10 D E P AUL B US . & C OMM . L. J. 213 (2012). o More recently, the imposition of EMV technology for card present transaction was also imposed by contract, with See Dabertin & Dubow, supra, at 27-28. o Some states have sought to shift liability for failure to comply with PCIDSS, thus using this form of private ordering as a form of public benchmark. h. Identity theft measures are also part of the regulatory landscape, as firms are required to proactively identify practices and patterns that could indicate identity theft. See, e.g., 12 CFR §§ 41, 222, 334, 364. C. Economic Incentives. Electronic payment systems involve two-sided markets, in which intermediaries offer benefits to participants. Unless both sides participate, there is no trading and not money to be made through the payment system.

11