Legal issues surrounding mobile payment transactions



FW moderates a discussion on the legal issues surrounding mobile payment transactions between Obrea Poindexter, partner, and Sean Ruff, of counsel, at Morrison & Foerster, LLP.

FW: How would you characterise the advantages of mobile payment transactions over cash and credit cards? To what extent do they reduce time and improve efficiency?

Ruff: Most mobile applications initiate card transactions that are processed in the same way that traditional card transactions are processed. With that said, certain mobile wallet applications do provide some added benefits. For example, some mobile wallets provide additional security to card transactions by ‘tokenising’ a card number by substituting the number with a randomly generated, unique identifier so that a hacker cannot intercept an actual card number during a transaction. But it is fair to say that the potential for major advantages in mobile payments over traditional payments is why so many companies, both banks and non-banks, are flooding into the space. One of the most exciting promises of mobile payments is that an application can bundle a purchase transaction with a loyalty programme, a coupon, a financial tracker and other services. So within one application, a shopper could get a discount for an item, pay for the item, get loyalty points and record their spending for financial planning purposes.

FW: What organisational challenges do mobile payment technologies pose for financial institutions and consumers? Is there a danger that the infrastructure might become too complex?

Poindexter: An initial challenge for both financial institutions and consumers is to understand the growing variety of mobile payment technologies available in the market. For financial institutions, understanding the range of technology available will be key to identifying potential business opportunities and, eventually, to meeting consumer demand. To date, financial institutions have been challenged to develop the business case to implement mobile payment technologies because many do not expect build or buy investments to result in new transaction revenue. On the consumer side, trends in mobile payments transaction volumes suggest that consumers are still seeking a value-added mobile payment solution; many point to rewards capabilities or geolocational discounts or rebates as a way to incentivise consumers. However, perhaps the biggest structural challenge for financial institutions and consumers alike is a lack of merchant adoption at the point of sale. While growth in mobile payments in the m-commerce space should continue, mobile payments volumes at the point of sale will not grow without improved adoption among merchants.

FW: Could you explain the impact that emerging technologies have had on the mobile payment space? What steps should organisations take to adapt their business model to accommodate this technology?

Ruff: It is important to understand that payments are not just about the transfer of money from one place to another. Payments also are about data – how you spend money, where you spend money, and so forth. Innovators are using technology to establish the best use and protection of this data. For example, companies are limited in developing consumer data from traditional payments such as cash. Even if you use a credit card, your bank only knows about your activity with that credit card. Companies in the payments space are driving toward the achievement of a more complete picture of who you are and your preferences by combining your credit card activity, for example, with other data obtained from your interaction with a mobile application or device, or even other sources. Obviously this implicates real privacy and security concerns and responsible companies are also making sure that consumers understand their choices relating to how their data is collected and used. With regard to tokenisation, companies are also developing technologies and processes to better secure consumer data while recognising that no system provides complete immunity from attack. The companies that are most successful in developing and deploying emerging payment technologies recognise that siloed business lines and different consumer experiences across channels impedes a company’s ability to fully understand and serve its customers. Successful companies are focused on breaking down these barriers and partnering with other companies to deliver additional value to customers.

The companies that are most successful in developing and deploying emerging payment technologies recognise that siloed business lines and different consumer experiences across channels impedes a company’s ability to fully understand and serve its customers.
— Sean Ruff

FW: What do you consider to be the key legal and contractual issues surrounding mobile payment transactions?

Poindexter: In the spirit of breaking down barriers, we have seen an explosion of partnerships in the payments space that cross traditional industry dividing lines – financial institutions are partnering with e-commerce companies, retailers are partnering with payment networks and banks are outsourcing development of new consumer products and services to software providers. One important aspect is the cultural differences between financial institutions and other companies. Financial institutions are heavily regulated and have extensive procedural requirements. Other companies, particularly technology companies, are more nimble and prone to ‘build as they go’ because they have not operated in the same environment as financial institutions. If potential partners understand one another’s culture, we find that goes a long way to making a smooth negotiation. There are a few contractual issues that usually are heavily negotiated in mobile payment programme agreements. It almost goes without saying, but the partners must be very careful in defining exactly what each will do in the programme because that will not only avoid conflict down the road, it will also help each partner define its regulatory obligations. Consumer data ownership and use is almost always a major point of discussion as sometimes partners are interested in participating in a programme more for the opportunity to better understand consumers than for direct financial benefits. Payments technology changes so quickly, and the regulatory environment continues to develop, so partners also need to pay close attention to how they can exit or change a programme, and who should be responsible for problems that may arise.

FW: In the context of complying with financial services law, how are companies aligning their mobile payment systems with their business objectives? What has been the effect of regulation such as the Payment Accounts Directive?

Ruff: The increased business interest in mobile payments has certainly been mirrored by increased interest from regulators. In general, companies in the mobile payments space that are not financial institutions recognise that they need to either become financial institutions, which can be quite challenging, or partner with financial institutions to achieve their goals. Specific to the EU, the Payment Services Directive in 2009 and the second Electronic Money Directive in 2011 opened the way for many new market entrants into the EU mobile payments market. Competition authorities have also introduced interchange fee caps and are working on other measures to improve access to payment accounts and other types of financial services. The Payment Accounts Directive might make it easier for customers to switch payment providers, but of course, customers are not limited to a single payment provider and could open and start using a new account, rather than switch providers. EU law continues to evolve, and a new Payment Services Directive will take effect later this year, for implementation in national law in late 2017. This will subject certain technology providers that provide payments-related services to new regulation, particularly those who initiate payments or provide access to payment account information.

FW: What particular considerations do financial institutions need to make when evaluating federal and state regulations governing the mobile payments ecosystem?

Poindexter: Traditional financial institutions, with entrenched cultures of compliance, are well equipped to meet regulatory expectations related to mobile payments. Broadly speaking, as it relates mobile payments, traditional financial institutions will be confronted with the same federal and state regulations that these financial institutions must comply with today – although much of the applicable regulation was not developed with today’s or tomorrow’s technology in mind. However, innovation in the mobile payments space has attracted new players to the market, some of which may not be accustomed to regulatory scrutiny. Implementing a compliance-first culture may present challenges for these innovators. Moreover, to the extent traditional financial institutions partner with these innovators, they will be expected to manage third-party relationships consistent with regulatory expectations, as outlined in regulatory guidance. Financial institutions and innovators alike will also have to be patient as stakeholders, including the regulatory agencies, get up to speed on the various mobile payment technologies being brought to market.

Payments technology changes so quickly, and the regulatory environment continues to develop, so partners also need to pay close attention to how they can exit or change a programme, and who should be responsible for problems that may arise.
— Obrea Poindexter

FW: Are there any strategies or initiatives that companies can deploy to help establish and maintain consumer trust in mobile payments? How important are solid contractual relationships in achieving this goal?

Ruff: Consumers have great confidence in many of the technology brands that have been active in the mobile payments space, including Apple, Square, Facebook and Google. Maintaining consumer confidence, however, is an unending endeavour. Companies active in the mobile payments space can maintain or improve consumer confidence by providing the types of consumer protections – such as dispute resolution and consumer control over the payment and use of data – that consumers have come to expect from the payment products and services they use at their traditional financial institutions. Clear and digestible terms of service are also a key aspect of maintaining consumer confidence. Mobile payments providers would also be well served to form solid contractual relationships with service providers and other third parties. Fundamental to these solid relationships is appropriate up front due diligence, clear definition of expectations and responsibilities, ongoing monitoring and clear accountability.

FW: What impact have recent patent suits had on the mobile payments landscape? To what extent have mobile payment technologies become yet another battleground in intellectual property wars?

Poindexter: Any time there is a commercial sector that is heavily dependent on technology, especially software-heavy technology, there is an increased threat of patent litigation. The mobile payment space satisfies both of these criteria and has a broader exposure to standard essential patent infringement actions because of the myriad standards that apply to the products and services of FinTech companies. Defendants in patent suits in the mobile payment space, however, have a broad range of defences available to them since many patents covering methods for processing payments will qualify for review under the Covered Business Method Review (CBM) procedure in the patent office. This procedure is often a cost effective alternative to litigation that permits the Patent Office to take a second look at CBM patents. Also, business method patents are frequently susceptible to challenges based on lack of patentable subject matter under 35 U.S.C. Section 101. Over the past five years the courts – the US Supreme Court in particular – have made it much easier for patent defendants to prevail on Section 101 challenges to patents.

FW: Looking ahead, how do you expect mobile payment systems to develop in the years ahead?

Ruff: From a legal perspective, there are a variety of models through which mobile payments providers and other payments technology companies operate. In the US, for example, some aspects of mobile payment technologies are regulated at either the state or federal level and often require some form of licensing and related compliance obligations. To illustrate this point, the movement of funds between various parties typically requires non-bank entities operating in the US to acquire at least 47 separate state money transmitter licences. While such licensing requirements are obtainable for some companies, the costs associated with applying for, renewing and maintaining such licences across the whole of the US often prove insurmountable for smaller mobile payments providers. Alternatively, some companies looking to enter the mobile payments space have chosen to partner with a chartered financial institution in order to bring their products and services to the market and to avoid the necessity of state by state licensing. Looking ahead, we do not expect a huge change in these types of relationships. For those companies with the economic means to operate as a standalone mobile payments company, the benefits of having sole control over their products and services as well as the ability to move much more quickly than would be possible if partnered with a bank will remain key reasons in the growth of this model. And, to the extent that we do not see regulatory interference from banks’ regulators with respect to the partnership model, we suspect that we will continue to see interest among mobile payments companies and banks in pursuing these types of relationships.

Obrea Poindexter is a partner at Morrison & Foerster LLP, co-chair of the Financial Services and FinTech Practice Groups and head of the Mobile Payments Group. Ms. Poindexter’s practice focuses on financial services regulation. Clients, including large financial institutions, retailers and other non-financial card issuers (e.g., technology companies), turn to her for her innovative solutions and critical thinking when it comes to complex regulatory issues. Ms Poindexter was recognised by The National Law Journal as one of the top 75 “Outstanding Women Lawyers”. She can be contacted at +1 (202) 887 8741 or by email:

Sean Ruff is of counsel at Morrison & Foerster LLP and co-chair of the FinTech Practice Group. Mr Ruff’s practice focuses on advising clients from the rapidly developing FinTech sector. He represents both emerging and established FinTech organisations, including non-bank and traditional banking institutions, with respect to complex regulatory and transactional matters. Mr. Ruff previously served as Director, Lead Payments and Regulatory Counsel for Square, Inc., a leading FinTech payments company. He can be contacted at +1 (202) 887 1530 or by email:

© Financier Worldwide



Obrea Poindexter

Sean Ruff

Morrison & Foerster, LLP

©2001-2019 Financier Worldwide Ltd. All rights reserved.