• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

Mobile payments: technological, contractual and regulatory convergence

Mobile payments has been heralded as a growth area in technology, retail and financial services for some time now, but given all the hype it is surprising that the mobile payments market – such as it is – is only really in its infancy, and only just starting to produce workable solutions that meet consumers’ needs. There are multiple “mobile payments” solutions available but few of them have yet had much traction in a way that could be described as mass market, despite the best intentions and intervention of the European legislature.

However, things do now seem to be gaining momentum. Nine of the major banks have just launched Paym,[1] a service which allows anyone with an account at one of those banks to send money to another user of the service via a smartphone app using only the recipient’s mobile phone. Barclays pioneered the system with its Pingit app, launched in early 2012, but as excellent as the app was, and is, the concept behind Pingit has not really been able to take hold on a broader scale until now. [2]

Although it is early days, Paym has the potential to become the big bang moment for mobile payments in the UK – certainly as far as the banks are concerned. However, it would certainly not be right to think that the launch of Paym signifies that the game is won and over. Quite to the contrary, the mobile payments area is much bigger than this section of it: it is an area of convergence, of financial services meeting telecommunications, networks, software, consumer hardware and the full range of ways that a smartphone can collect and transmit data. As such, it is open to a whole range of new market entrants and innovative solutions which will broaden and diversify the payments sector.

This paper examines the key concepts in the area of mobile payments, the principal regulatory risks and pitfalls involved, and how these are likely to affect the partnerships that will need to be struck between different actors along each mobile payments chain. How the law applies to this sector, will necessitate detailed consideration as the sector develops.

What is a mobile payment

The term “mobile payment” is widely used and often misunderstood. At its heart, a mobile payment is any form of payment transaction that in some way involves a mobile phone. More specifically, the European Commission has defined mobile payments as “payments for which the payment data and the payment instruction are initiated, transmitted or confirmed via a mobile phone or device. This can apply to online or offline purchases of services, digital or physical goods”.[3] The term therefore covers a broad range of concepts, transaction types and technologies, each of which has different legal ramifications and a different place in the regulatory landscape.

The scope for innovation and development in this area is correspondingly broad, but currently the principal “payment models” of mobile payments are:

1.   Mobile at the point of sale. This involves paying for goods in a shop using a mobile phone, or some aspect of it, as the physical means by which the payment transaction is effected. Typically this will involve an NFC chip (“near field communication” – like an Oyster card or a contactless bank card) which is installed in, or attached to, the mobile phone. It may also involve a form of mobile wallet – a form of prepaid account or prepaid card which is stored on the phone (usually in an app) and can be debited using a combination of the app and the NFC chip or some other messaging technology that interacts with the merchant’s payment terminal (e.g. BLE, bluetooth etc.).

2.   Mobile as the point of sale. Here a merchant uses their mobile phone or tablet as a form of cash register, using technology such as Square, iZettle or “PayPal Here”. This usually involves a piece of hardware which can read payment instruments like credit cards, and interacts with the hardware of the phone and an app which credits a form of account which is held by the merchant. In the case of Square, for instance, a small credit card reader is inserted into the phone by the merchant, and when a payment is made by a customer by swiping the card through the reader, the reader interacts with the app in the phone to send the relevant amount to the merchant’s bank account.

3.   Direct carrier billing. This involves charges being added directly to a mobile phone bill. This is the simplest form of mobile payments and can include e.g. charges for ringtones.

4.   Closed loop mobile payments. This involves, for instance, a merchant setting up an app onto which funds are loaded, and those funds are linked to the relevant payment device e.g. a combination of the app and the NFC chip in the phone. Once those funds are used up, further funds can be loaded with a further card payment into the app. The most successful version of this to date is the Starbucks app, reported to have nearly 12 million active mobile users making 5 million transactions per week.[4] However, few other businesses have managed to emulate the success of this model.

5.   Mobile payment platform. This encompasses most of the other (relatively) viable forms of mobile payment, and really means any type of mobile-based payment platform, whether linked to a bank or a third party intermediary. It includes PayPal, Serve, Barclays Pingit and Paym. The majority of these platforms are simply mobile versions of the web-based version of the same service. Crucially, however – and this is a point to which we will return later – they use the phone itself as one of the authentication factors for access.

The one thing that unites all of these payment models is that each of them contains four elements:

  • a handset (“device”);
  • an account containing the user’s funds (“account”);
  • a means of communicating the user’s desire to transfer funds (“communication”);
  • a connection to the user’s funds account enabling the transfer to take place (“connection”).

Each of the above elements can take multiple forms depending on the payment model. For obvious reasons it is likely that the most successful participants in the mobile payments landscape will be those that already have one or more of the elements in place, thereby removing one of the barriers to entry and encouraging adoption.

Regulatory framework

There is currently no legislation which is specific to mobile payments or m-commerce, though mobile has been very much in mind in the drafting of the existing legislation, and there are plans within the European Commission to look at this area in more detail.

One of the interesting aspects of the mobile payments area is that it brings together both:

1.   legislation that has been designed to allow new participants from areas outside traditional financial services into the payments space; and

2.   other areas of regulation that were previously only tangentially related to financial services. By virtue of the very fact that new entrants do come from other sectors. This applies in particular to areas of regulation relating to consumers, telecoms and certain aspects of personal data (e.g. location data), which will constitute a regulatory overlay to the financial services core.

The interaction and potential conflicts between these areas is likely to require specific legislative attention as the market develops.

Payments-related legislation

The main pieces of legislation which affect mobile payments most directly at the moment are:

  • The Payment Services Regulations 2009,[5]  (“PSRs”), which are the UK implementation of the Payment Services Directive (“PSD”) 2007;[6]
  • The proposed Second Payment Services Directive (“2PSD”),[7]  which at the time of writing is being considered in the European Parliament;
  • The Electronic Money Regulations 2011,[8] (“2EMR”) based on the second E-Money Directive.[9]

Deciding which of these pieces of legislation will apply to a given situation depends entirely on the particular solution or payment model being implemented. Deciding to whom the legislation applies is a matter of working out exactly where each entity sits in the chain of actors involved in bringing each payment model into action, and whether its function in that chain is itself subject to regulation.

Before looking at the effects of these regulations below, the following is a brief overview of each piece of legislation.

Payment Services Regulations 2009

The core of the PSRs is that they provide a platform from which entities other than traditional financial services providers can become authorised as “payment institutions” which are allowed to provide and execute “payment services”, provided that those entities meet certain criteria. Payment services can also be provided by other “payment service providers”, a category which includes those authorised payment institutions but also credit institutions (e.g. banks, but not credit unions[10]), e-money issuers and central banks (which require no further authorisation). The PSRs apply to the payment services provided by all of them.

So, broadly speaking, a bank implementing a mobile payments solution is already permitted to provide payment services by virtue of its being a credit institution, and therefore needs no further authorisation under the PSRs; however, a mobile network operator that wishes to add payments to its roster of services would require authorisation.

What are payment services?

The definition of “payment services” is broad[11] but encompasses:

  • money remittance;the operation of payment accounts;
  • the execution of payment transactions though a payment card or a similar device; and
  • the execution of payment transactions where the payer’s consent is given using “any telecommunication, digital or IT device and the payment is made to the telecommunication, IT system or network operator” in the capacity of an intermediary between buyer and seller.[12]

Even when these definitions have been understood, though, the question of whether or not the PSRs will apply will still depend on the precise function of the relevant party. For instance, the PSRs do not apply to:

  • The activities of technical service providers that do not at any time hold the funds being transferred.[13] This is likely to be a significant exclusion for many of the participants in the transaction chain who provide purely technological support (including those that provide authentication, data processing and storage services).
  • Payment transactions executed “by means of any telecommunication, digital or IT device” where the operator of the same is acting as more than an intermediary i.e. is adding value in some way.[14]  This is known as the “value-add” exemption. This is currently an important exclusion as it potentially allows certain payment models to escape the need for authorisation/registration if they add some value to the transaction.[15] However, the proposed 2PSD redefines and restricts this exemption so as to create a more level playing field between different payment service providers. The application of the exemption is limited to €50 per transaction and €200 per month, meaning that the exemption will be far more difficult to apply to “normal” payment services.
  • Services based on instruments that can be used to acquire goods or services:
    • only on the issuer’s premises, or
    • under a commercial agreement with the issuer, either within a limited network of service providers or for a limited range of goods or services[16]

This is known as the exemption. The scope of “limited network” and “limited range” is far from clear, even though the perimeter guidance issued by the FCA seeks to establish some guidelines.[17] The proposed 2PSD seeks to apply a narrower definition of limited network, citing that the exemption under the first Directive had been used beyond its original purpose,[18] but even if enacted and implemented as proposed it is difficult to see how the new text adds much more clarity.[19]

Obligations under the payment services regime

If, having waded through the various parameters of what does and does not constitute a payment service, an entity finds that it is providing a payment service and that the PSRs do apply to it, it will have to comply with a number of obligations imposed by the PSRs. These are split as follows:

Authorised payment institutions: In general, payment institutions (i.e. non-traditional financial services and non-e-money issuers) must go through a process of authorisation,[20] and are subject to requirements regarding holding of capital[21], safeguarding of funds[22], record keeping[23], accounting and audit[24] and notification of outsourcings[25]. Once authorised in any EEA jurisdiction, the payment institution has passport rights and is effectively authorised in any other EEA jurisdiction subject to certain notification requirements.[26] 

  • Small payment institutions: Payment institutions which can demonstrate (amongst other things) that, over the previous year, their total monthly average amount of executed payment transactions is under €3 million, do not have to be “authorised” and can instead apply to be “registered” as a “small payment institution”.[27] The regulatory burden on small payment institutions is lighter than for authorised payment institutions, not least in that the requirements referred to in the previous paragraph do not apply to small payment institutions.[28]
  • Provisions common to all payment institutions: There are a few provisions which apply to both authorised payment institutions and small payment institutions, e.g. that funds held with either for a payment account must only be used for payment transactions.[29]
  • Provisions common to all payment service providers: There are many other provisions which relate to all payment service providers, i.e. both types of payment institution, plus banks, building societies and e-money issuers etc.[30]  These include requirements on information to be provided to payment service users (i.e. consumers),[31]  the operation of framework contracts for ongoing/repeated use of payment services,[32] charges for payment services,[33]  consent for payment transactions,[34] liability for unauthorised transactions[35] and (amongst other things) the time at which transactions are deemed to have occurred.[36] 

The scope of the regulations is therefore fairly broad, and in some respects intervenes in areas that might normally be viewed as falling within the remit of contract and/or consumer rights. These requirements, plus the fact that to carry on a payment service without the proper authorisation/registration is a criminal offence,[37]  means that consideration of the precise function and nature of each entity within a payment model is crucial.

Electronic Money Regulations 2011

These regulations govern the issue and use of a particular type of payment instrument, namely e-money. E-money has been regulated in the UK since 2002[38] and traditionally has applied to payment instruments such as pre-paid cards.  The advancement of technology has, however, broadened the scope of e-money such that it is now found in a range of different technological solutions, including some of the mobile payment models.

What is e-money, and how us it different from other payment services?

E-money is defined in Regulation 2 of 2EMR as follows:

“electronically (including magnetically) stored monetary value as represented by a claim on the electronic money issuer which—

(a) is issued on receipt of funds for the purpose of making payment transactions;

(b) is accepted by a person other than the electronic money issuer; and

(c) is not excluded by regulation 3.[39]

Regulation 3 contains two express exclusions. These are in essence the same as the “limited network” and “value-add” exemptions under the PSD – but, significantly, not the more restrictive versions set out in the proposed 2PSD.[40] 

This in itself raises the issue of whether e-money should be brought within the scope of the larger payment services regime.  Not only is it becoming increasingly difficult to discern why there is a need to treat e-money as a separate category of payment instrument, the above example concerning exemptions shows that the current legislative syncopation between the two regimes is apt to cause confusion.

Obligations under the e-money regime

In any case, the e-money regime closely resembles the payment services regime in many respects. It too is designed to open up a branch of financial services to non-traditional financial services providers, imposing:

  • Authorisation requirements[41] for entities which wish to participate, i.e. “authorised electronic money institutions” (“AEMIs”);
  • A lighter registration regime for smaller entities,[42]  i.e. “small electronic money institutions” (“SEMIs”);
  • Requirements on AEMIs and SEMIs regarding holding of capital,[43] safeguarding of funds;[44] Accounting and audit,[45] record keeping[46] and notification of outsourcings;[47] but
  • No requirement for banks/building societies to obtain authorisation or registration, as they are already included under the broader heading of “electronic money issuer[48];
  • A pan-EEA passporting regime;
  • Rules governing the carrying out of the financial services transactions in question – here the issuance and redeeming of e-money[49]; and
  • Criminal sanctions for issuing e-money without being permitted to do so under the 2EMRs.[50]

Nonetheless, for all the similarities, the regimes are different, and require separate consideration. Fortunately their co-existence is recognised within the legislation.  For instance “electronic money issuers” are included in the broader term of “payment service provider” under the PSRs and therefore do not require separate authorisation to carry out payment services.

What do these pieces of regulation mean for mobile payment models?

There are of course many effects of a set of regulations as extensive as this, but we are of the view that in broad terms the principal effects appear to be these:

1.   The regulatory door is open for non-banks to enter the payments market, in some form or other. As stated above, the obvious candidates are those who already fulfil one of the four elements of device, account, communication and connection. For instance:

  • The banks are already in an excellent position to take advantage of the opportunities in mobile payments: they already have the accounts and, through existing mobile platforms, the connection, and the likes of Paym add the device and communication elements.
  • Amazon has launched a payments service[51] of sorts on the back of its large repository of credit card data and network of registered accounts, and appears to be focusing heavily on this area.[52] They already have the connection to the accounts, the potential to set up accounts, and need only add the device element and the communication through for example apps or other authentication methods (more on this below). Amazon is also entering the device market with its own Fire Phone,[53] with significant potential for a mobile wallet solution (a beta version of which has already been released). Other businesses with similar databases and networks are also well positioned to enter the market (Apple being often quoted as something of a sleeping giant in this area). 
  • The mobile network operators have the device, connection and communication abilities already in hand, but to create accounts that they could use for payment services purposes they would need authorisation under the relevant regime.

2.   The scope of application of the regulations will depend on the precise nature of the payment activity being facilitated. Those facilitating transactions remotely using some aspect of, or data collected by, a smartphone only as a means of authentication may well need to be authorised as payment service providers. However, where the transaction does not happen remotely but rather by virtue of a connection with a local store of funds through e.g., an NFC chip or app, the facilitating entity is more likely to need authorisation as an e-money issuer.[54] 

3.   There will be a number of important functions in any mobile payment model which are exempt from authorisation, including many of the technology providers who provide services, hardware and/or software which facilitate payments, but never hold funds themselves. However, even these providers should be aware of the parameters of regulation so as to ensure that they do not inadvertently stray into regulated territory.

4.   There may be many mobile payment models – or at least forms of m-commerce – which need no authorisation at all. For instance, the Starbucks app cited above may well not fall within the scope of e-money if the funds on the app are not “accepted by a person other than the electronic money issuer” (i.e. Starbucks itself).[55]

Other forms of regulation: retail meets financial services

Given that mobile payments are an area of convergence, it is natural that otherwise distant or only loosely connected areas of regulation will collide. Some of the more obvious areas likely to be relevant here are those attached to retail. They include the following, though the application of each is likely to be linked only to certain parts of the chain:

  • the Consumer Protection from Unfair Trading Regulations 2008;[56]
  • the Electronic Commerce (EC Directive) Regulations 2002;
  • the Consumer Contracts Regulations 2013; and
  • the Unfair Terms in Consumer Contracts Regulations 1999.

Some of the more interesting spheres of regulation in this area are those which are set to be most challenged by the widespread usage of mobile payment methods. They include:

  • data protection (in particular with respect to security and marketing);
  • anti-money laundering;
  • payment systems (as opposed to “payment services”); and
  • roaming charges.

We will now take a look at each of these in turn.

Data protection

One of the great challenges around mobile payments is of course security; one of its greatest opportunities is marketing – both revolve around personal data and can potentially work together.

Security and authentication

There is of course a challenge for any payments business in carrying out secure and reliable authentication of customers in a way that the customers themselves will trust, but without it becoming so involved or cumbersome that it is off-putting to potential users of new services. A further issue in terms of reliability is that false positives increase costs and create the potential for higher customer drop-off rates i.e. where genuine customers are denied access because the authentication system fails to identify them as the correct individual.

From the consumer’s perspective, one of the first questions that people normally ask about mobile payments is “aren’t payments less secure if made by mobile”, and research suggests that security concerns are the primary factor for consumers in slow adoption of mobile payments. In addition, there can be no doubt that smartphone-based authentication provides a new raft of opportunities for fraudsters. SIM Swap fraud has already been identified as one method of such opportunity whereby the use of the mobile for one time passcodes and identity verification can be compromise.[57] As telcos and other new entrants begin to move into the payments market, this area – and the liability for getting it wrong – is likely to be a hot topic: put simply, participants in this market are likely to live and die by their security record.[58]  

The biggest reassurance on this front is that mobile has the potential to make security of payments better, not worse. This is because of the abilities that a smartphone has – which a payment card alone does not – to record and transmit sound, vision and location, and to receive instructions remotely. The SIM itself can also be used as an authentication factor, and the iPhone 5S has a fingerprint scanner which can be used to the same effect. Each of these abilities can be used to aid in proper verification of identity, and to prevent unauthorised usage of payment capabilities on the phone and in other transaction channels, whilst doing away with at least some of the more cumbersome authentication methods used by web-based services (some of us would happily never use a card reader again!). The result – if the move to mobile is done properly – should actually be more security and fewer hurdles.

There are already more advanced multi-factor authentication solutions that use, for instance, voice biometrics or (in one case at least) proximity correlation checks to help validate international transfers.[59] It is certainly not inconceivable that security solutions could emerge that use the phone’s camera to carry out facial recognition functions, and fingerprint scanners are an obvious tool for authentication.

The corollary of all this is that:

  1. in order for any of these factors to be useful for authentication, the relevant information about the consumer must be collected and stored (so that it can then be compared for authentication purposes later on);
  2. those stores of data will be very valuable, very sensitive, and will clearly fall within the realm of personal data legislation; and
  3. consents from individuals will be needed to store and use this data for authentication purposes.

Marketing

As well as a challenge, the existence of so much personal data creates a plethora of opportunities for marketing services. Whilst marketing is highly unlikely to benefit from knowledge of voice biometrics, other aspects of payments via smartphones provide incredible opportunities for segmented/targeted marketing. For instance, the location data emitted by a smartphone could potentially be used by payment service providers to market particular offers in nearby stores; knowledge of payments for certain products could trigger marketing for similar products (think Amazon, for instance).

There is therefore significant potential for the following:

1.   Loyalty deals can be encapsulated within mobile payments solutions, which can help to drive adoption of mobile payment solutions.  This is how, for instance, the Starbucks app operates, but the concept could be extended far more broadly.

2.   Advertising revenue can be generated by payment service providers using mobile as a platform.  Localised/personalised advertising is worth a great deal to retailers, and payment service providers will be in an excellent position to capitalise on this.

However, again this depends on sophisticated usage of personal data – and lots of it. In turn, adequate data protection consents will have to be collected from the payment service users (this may be easier said than done), and just as significantly the payment service providers will have to tread a fine line between gathering advertising revenue and tracking/prodding users so much that they find it off-putting and switch to a different payment service. Nonetheless, the potential is there and it will be interesting to see how data protection regulators react as the boundaries of the current law are tested.

Anti-mobile laundering

It is one thing to open the payments market up to new entrants, but such an opening is of little use if the compliance burden imposed by anti-money laundering legislation makes it simply too expensive or cumbersome for all but a few big players to comply. (This, incidentally, is where the banks have a huge head start in this market.) A new, fourth anti-money laundering directive is being debated by the European Parliament and there are concerns that it imposes far too high a burden on businesses. This may act as a significant barrier to new market entrants, and as a complete barrier to certain payment models (e.g. money remittance to third world countries where KYC checks are simply not practical).

In the same vein, it is significant that far and away the most successful of all mobile payment solutions globally is Kenya’s M-Pesa service. M-Pesa is used all over Africa to provide money transfer and payment services using text messages and a network of participating agents, for people who do not have access to traditional banking facilities. However, the service has been much slower to gain traction in South Africa, according to some analysts because “the stricter and more litigious regulatory environment in South Africa did not allow M-Pesa to take flight in the same way it has in East Africa”.[60] Extrapolate that phenomenon to the UK and it is easy to wonder whether anti-money laundering legislation will be a serious hindrance to innovation in some areas of the payments sector.

Payment systems - the new regulator

One of the key elements to most payments is that at some point they will involve the use of a “payment system”. Unlike a “payment service”, the payment systems are the mechanisms via which money is transferred between accounts, and include for instance BACS, CHAPS, LINK, and card payment schemes such as Visa, MasterCard and American Express.

In response to concerns about the operation of the payment systems market in the UK, a new Payment Systems Regulator has recently been introduced[61] to police the openness of the payment systems market, and in particular the strong network effect of the fact that most payment systems are – for historical reasons – owned by overlapping groups of major banks. The role of the regulator will be performed from within the FCA, and will entail competition law powers to take action against anti-competitive behaviour. Amongst the regulator’s powers are:

  • the power to order the provision of direct and indirect access to payment systems; and
  • the power to amend the terms of commercial agreements between operators and users of payment systems governing service levels and pricing.

The potential benefits of these powers to new entrants to the payments market are obvious.  One of the primary objectives of the regulator is to encourage innovation - and it will be interesting to monitor how those powers are enforced in practice.

Data roaming charges

On 3 April 2014 the European Parliament voted overwhelmingly to ban roaming charges across the EU, for voice, text and internet access.[62] Whilst this will not become binding law until 15 December 2015, the implications for mobile payment services on an international scale are clear: if data access is too expensive abroad, it is unlikely that consumers will choose to use payment methods relying on data access anywhere outside their home country. The move is therefore a significant plus for those with plans in this space.

Conclusion: convergence and adoption - what next?

Adoption – as with any new technology – will be driven by whether or not the technology provides an incentive to adopt: some new advantage, convenience or reward.

For the banks this is easy – they have the networks, the card details (obviously), the infrastructure, the trusted brand – all they need to do is add the functionality of mobile platforms to their existing armoury of ways to access and use an account.

As noted above, the network operators are also in a very strong position, as they too are already in possession of a number of the elements necessary to complete the package. It is notable that there have been a few tie-ups between banks and mobile network operators, and further tie ups would not be surprising.[63] 

This is not to say in any way that that closes the door to the mobile payments space to anyone else, but for others to enter the market they have to offer something that the banks don’t have. One obvious area is the international transfer market, where the traditional banks are simply not set up in a way which facilitates international money transfers without the cost of the transaction fee having a significant impact on the value of the transfer itself. Other obvious market entrants are those who have the card details already in place, thereby removing one of the hurdles for adoption which might otherwise engender a higher drop-off rate.

But there are others too, for instance the ingenious Powatag,[64] which essentially uses the camera and sound capabilities of the smartphone to remove several steps from the shopping process, and therefore makes m-commerce a far more attractive proposition for both consumers and merchants. In addition, there is a wealth of opportunities for those involved in services which support mobile payments, such as software development, security, data storage and manipulation, back-up, marketing and payment systems.

We suggest that each actor in the mobile payments area will need to be careful of its place in the regulatory landscape.  We consider it likely that contracting in this area will be complex, entailing a myriad of partnerships involving financial services, software, hardware, networks, branding, telecoms and data. As areas of convergence go it is almost unprecedented – and the area is all the more interesting for it.

For further information, please contact Chris Hill

Download the pdf version of Mobile Payments - Technological, Contractual and Regulatory Convergence

 

[2] http://www.powatag.com/index.html.

[4]  Under the Financial Services (Banking Reform) Act 2013, which came into effect on 1 March 2014, http://www.legislation.gov.uk/ukpga/2013/33/contents/enacted.

[5] http://www.europarl.europa.eu/news/en/news-room/content/20140331IPR41232/html/Ensure-open-access-for-internet-service-suppliers-and-ban-roaming-fees-say-MEPs.

[7] Even with Paym, there are already questions being asked about security and whether these concerns may hinder widespread adoption of the service, although these may lessen as familiarity increases, http://www.mobilepaymentstoday.com/articles/paym-debuts-but-will-security-concerns-derail-its-full-potential/.

[8] For instance, Validsoft’s voice biometrics and proximity solution, see http://www.finovate.com/spring13vid/validsoft.html and http://www.finextra.com/News/FullStory.aspx?newsitemid=25388.

[9] Soon to be amended by the Consumer Protection from Unfair Trading (Amendment) Regulations 2013, coming into force on 1 October 2014.

[10] http://recode.net/2014/04/12/jeff-bezos-to-amazon-payments-team-go-faster/: “Industry sources have recently told Re/code that Bezos [Amazon’s CEO] has identified payments as one of the top areas of focus and investment for Amazon, and Amazon payments boss Tom Taylor acknowledged as much in an interview last week at the company’s Seattle headquarters”.

[12] To illustrate the point further, even the use of an NFC chip does not in itself signify e-money, as the chip could also be used as the means of communication to facilitate a transaction from a remotely held account – therefore a payment service rather than e-money. In any case it is likely that more mature mobile payment solutions will involve hybrid models that work both with and without a data connection.

[13] See 2EMR, Reg 2, definition of “electronic money”.

[14] Id., Regs 6(3), 13(5), 15 and 19, and Schedule 2.

[15] Id., Regs 20 - 22.

[16] Id., Reg 25.

[17] Id., Reg 27.

[18] Id., Reg 26.

[19] Id., Reg 2.

[20] Id., Regs 38 - 46.

[21] Id., Regs 63 and 64.

[23] The transposition of the original E-money Directive (2000/46/EC) made the issuing of e-money in the UK a regulated activity under the Financial Services and Markets Act 2000.

[24] 2EMR, Reg. 2.

[25] See under para 3.2.1 above

[26] Id., Reg 5-9, 11.

[27] Id., Reg 12-13.

[28] Id., Reg 18 and Schedule 3.

[29] Id., Reg 19.

[30] Id., Reg 22.

[31] Id., Reg 20.

[32] Id., Reg 21.

[33] Id., Regs 23 to 26.

[34] Id., Reg. 12.

[35] Id., Red. 14.

[36] Part 4 of the PSRs, and specifically Reg 28.

[37] For the full definition see Reg 2.

[38] PSRs, Regs 36-39, 47 and 48.

[39] Id., Regs 40-46.

[40] Id., Reg 54.

[41] Id., Reg 55.

[42] Id., Regs 61 and 62.

[43] Id., Regs 69-73.

[44] Id., Regs 110 and 111.

[45] Id. Schedule 1, Part 2, para (l).

[46] The scope of the “value-add” needed is not entirely clear, but the perimeter guidance provided by the FCA does seem to set quite a low threshold, including the addition of search or distribution facilities. From PERG 15.3, Payment Services Q23: “Adding value may take the form of adding intrinsic value to goods or services supplied by a third party, for instance by providing access (including an SMS centre), search or distribution facilities”, http://fshandbook.info/FS/html/handbook/PERG/15/3.

[47] PSRs, Schedule 1, Part 2, para (k)

[48] See PERG 15.5, the “negative scope” section of the perimeter guidance issued by the FCA in relation to the PSRs, Q40 and Q41, http://fshandbook.info/FS/html/handbook/PERG/15/5.

[49] See para 5, Art 3(k) of the Explanatory Memorandum to 2PSD at page 10 of http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2013:0547:FIN:EN:PDF.

[50] The operative text added to Article 3(k) the PSD by 2PSD is underlined as follows, but the same lack of boundaries is still an issue (e.g. what is “limited”?): “services based on specific instruments that are designed to address precise needs that can be used only in a limited way, because they allow the specific instrument holder to acquire goods or services only in in the premises of the issuer or within a limited network of service providers under direct commercial agreement with a professional issuer or because they can be used only to acquire a limited range of goods or services”.

[51] PSRs, Regs 6 to 9, 11.

[52] PSRs, Reg 3(3)

[53] For the full definition see the Annex to the Directive.

[54] PSRs, Schedule 1, Part 1, paras (a), (b), (d), (f), and (g).

[55] PSRs, Schedule 1, Part 2, para (j).

[57] Full title: Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2007:319:0001:0036:EN:PDF.

[58] Proposal for Directive of the European Parliament and of the Council on Payment Services in the Internal Market, COM (2013) 547 final 2013/0264 (COD) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2013:0547:FIN:EN:PDF.

[60] Directive 2009/110/EC of the European Parliament and the Council of 16 September 2009, on the taking up, pursuit and prudential supervision of the business of electronic money institutions,  http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52013PC0547.

[62] See European Commission’s Green Paper “Towards an integrated European market for card, internet and mobile payments”, para 2.4, http://eur-lex.europa.eu/legal-content/EN/ALL/;jsessionid=qpPTTnXJVHsRswcFLZwT2nL7LCv6QL1RXWRnwpmmqmCylHhpT8Q4!-461598629?uri=CELEX:52011DC0941.

[64] Whilst Pingit has permitted non-Barclays account holders to use the service since 2012, other banks have understandably not marketed the service and so the app has not fulfilled its potential.