July 14, 2024

Regulatory Questions Abound as Mobile Payments Clamor for Position in Apps

People frequently associate mobile payments with “tap and pay” — walking into a store, flashing your smartphone, and then walking out with stuff. But in-store sales really aren’t the focus of companies working on mobile payment issues. That’s because payment in stores generally isn’t a problem in need of a fix. Swiping a payment card at a terminal is quick and painless. Even dipping a chip-card is getting faster. And thanks to regulation, consumers generally don’t have to consider data security tradeoffs when choosing between different ways to pay.

In contrast, buying things while browsing over the Internet on our phones — in apps or via browsers — is a miserable process. It’s kind of amazing that we haven’t fixed the basic process of buying things over our phones, given how dependent we are on our phones for Internet browsing. The average iPhone user unlocks his phone 80 times a day. And the average American smartphone user spends five hours a day browsing on his phone. Yet, shopping cart conversion rates are abysmal over mobile phones. Estimates vary, but one recent study found that when consumers use their phones to shop online, they purchase items they put in their shopping carts only 1.53% of the time. Imagine being a store owner where over 98% of the people in your lines just wander off because they’re too frustrated with the process of giving you money. Analysts generally attribute the difference to the difficulty consumers have completing lengthy checkout forms, which require that they input payment credentials, billing addresses, shipping addresses and other information into a tiny screen with their thumbs. For me personally, one checkout process took me about 130 thumb taps.

Last holiday season, a diverse group of companies rushed to fill that gap. In June, PayPal enabled “One Touch,” which allows consumers to stay logged into their PayPal account on specific devices and, accordingly, buy stuff with one touch. That same month Apple announced that it will be expanding Apple Pay so that consumers can use their thumbprints to purchase things in apps, as well as on the Safari browser (even when they’re surfing on a desktop). Apple also integrated payments into iMessage, making payments as casual as chatting. Not to be outdone, Facebook announced in September that it has partnered with what TechCrunch describes as “all the major players” in the payments industry to enable credit card and debit payments for Messenger’s 1 billion users.

Amazon’s Echo bypasses phones entirely by allowing you to pay for things by speaking into the air. Apple followed up with its own voice-activiated payments on Siri.

And oh by the way, Google Payments already gives you the option of storing and autofiling payment card credentials if you’re browsing the Internet using the Chrome browser. Safari does too.

Of course, big banks aren’t giving up without a fight. JPMorgan Chase launched its own mobile wallet for in-app purchases, barely in time for Black Friday. Once a consumer downloads the app and creates a login, his pre-existing Chase cards are “automatically” enrolled in the wallet. According to Chase, that touches one out of every two American households.

All of these offerings are pretty much interchangeable to consumers: they’re made to be very convenient, “frictionless” ways to pay. From a design perspective, the goal is a nearly invisible payments layer, because the aim is to minimize any disruption of the consumer’s interaction with the merchant’s website. It’s gotten to the point where some consumers are complaining that they don’t know how to slow the payments process down.

On the one hand, all of these options are great for consumers. But on the other hand, there may be all kinds of differences under the hood of these payment devices that consumers won’t be able to see. A payment tool may gather, use, or share consumer data differently than what consumers expect. They may have different standards for protecting consumer data from hackers and thieves. Or, in extreme cases, they may do things that are patently illegal — for example creating phantom account for consumers and then billing them for them. (Heck, in some cases, the apps may even be from imposter companies.) Until very recently, consumers haven’t had to think about these potential differences because they’ve been living in a payments world dominated by plastic cards offered by highly-regulated banks.

Take supervisory examinations, as an example. Banks are generally examined for compliance with consumer protection requirements. This means that regulators send specialized examiners to banks’ places of business to speak with employees and review their records to make sure they’re following the law. Examiners will review email and phone exchanges, to understand if consumers are given the proper disclosures. They’ll review consumer complaints to ensure that consumers are treated fairly. Because JPMorgan Chase is a bank, it’s subject to examinations. So when Chase Pay hits the market, it will have had its tires kicked (or it least can have its tires kicked) by the government. This is a good thing for consumers and also arguably the bank. But it’s also a business cost — compliance and preparing for examinations requires a significant investment of money and, perhaps more importantly, delays the bank’s ability to get a product to market. (Notably, despite being announced in 2015 and Chase’s position as the leading wholly-owned payment provider for merchants, Chase Pay is still only accepted at two major retailers.)

New payment-focused fintech companies are subject to a wide variety of other regulations, but generally don’t have regulators coming on-site to examine their operations for consumer protection concerns. There are odd exceptions, but it’s far from a level playing field. For instance, companies that are very large players in the market for sending payments from the U.S. to other countries (“remittances”) are subject to examination. So if a company is a “larger participant” in remittances market and also offers retail consumer payments in smartphones, the latter could be swept up in an examination for the former. Elsewhere, companies that have contractual relationships with credit card issuers may be considered “service providers” to banks. At least one commentator, for instance, has opined that Apple’s service provider relationship with credit card-issuing banks makes Apple Pay subject to consumer protection examinations for unfair, deceptive, and abusive acts and practices. But many of the new payment services being offered to consumers won’t require the companies to have pre-existing contracts with consumers’ payment card issuers. How do browser extensions fit in the patchwork quilt of consumer protection examinations? Are messaging apps that allow for payment connectivity “third party service providers” from an examination perspective? How do you even examine for consumer disclosures when a payment is made over a speaker?

There are many more unanswered questions. For instance, what responsibility — from a regulatory perspective — do app stores have for protecting consumers from imposter payment apps?

Is the lack of a level playing field fair to banks? More importantly, is it fair to consumers?

Do the old divisions that treat these companies differently still make sense?



  1. This is very interesting, thank you for the post!!

    I am wondering whether the public perception of banks is so low that, effectively, the unsupervised firms actually have more to lose from something going wrong, and thus would have better incentives to ensure that consumers are happy.

    For example, I really doubt that Wells will lose much market share despite all the recent negative publicity. Yet, if something like that were to happen to Google/Apple/eBay/other firms you mentioned, their customers just might leave. And that could start a vicious cycle of people letting their friends know that, actually, Bing is not that bad, and more people leaving Google in turn.

    To give a very remotely related example, if Jamie Dimon is going to be actively advising Trump, I don’t think that anyone will start a #DeleteChase campaign. So overall, I’d say that we might be pretty close to even playing field right now incentives-wise, and maybe banks more regulation to get to even playing field (or, I don’t know, class action lawsuits).

    That said, was Chase Pay getting delayed really a story about regulation versus banks just not being known for their innovations?

    Also, five hours a day of cell phone browsing is nuts!! I’ll go and scream at kids to get off my lawn now 🙂

    • Thanks for the thoughtful comment, Alexei. I think the issues you raise really go to whether it’s easier to change bank accounts, on the one hand, as compared to changing mobile payment providers. Currently you’re right, within certain limitations. If Samsung Pay somehow does the app equivalent of spontaneously catching fire, you could switch to Android Pay as an alternative. Whereas, people rarely change their bank accounts.

      I was just reading a really interesting UK report about how, despite major investment in making it easy for consumers to switch accounts, only 3% of consumers changed bank accounts each year. And 90% of small businesses don’t shop around before taking up loans from their home banks.


      Of course, your research in mortgages is probably the best evidence of that!

      The thing I’d emphasize, though, is that it’s really just the first few steps of the race when it comes to mobile payments. And all of the products are specifically designed to lock you into a larger platform. Apple, for instance, ensures that Apple Pay is the only payments product that can use iPhone radio antennas for making NFC transmissions. And Apple Pay is the only “Pay” that can automatically launch from the phone without having to unlock the screen. Samsung Pay is the same thing, but for Samsung phones. Theoretically consumers can just download third party payments apps (e.g., PayPal, Wal-Mart Pay) and then commit to unlocking their phones and launching the apps every time they want to buy bubble gum in a store. But it’s not clear if consumers are willing to take on that much friction.

      Reframing this in two ways:

      1. It’s early enough in the mobile payments space that no major payment player has built up enough market share to lock in a network effect. But once they scale, it’s quite possible that they will, indeed, lock consumers in.

      2. In that sense, companies’ mobile payments strategies are just one of many battlefields in which they’re trying to lock in their dominant platforms. Take music, for instance. For years, I couldn’t move away from an iPhone, because I had all of this music I’d bought on iTunes. But once Spotify came about, I was able to ditch iTunes and buy a Samsung phone. (I’m pretty sure getting flatfooted on streaming is why Apple paid so much for the Beats streaming service.) Similarly, Apple is protecting its phone/app store businesses by locking you into its network effects with Facetime and, more sneakily, iMessage (the only app that I really, really miss now that I’ve switched to Samsung). At this point, Apple Pay isn’t so dominant that it offers another protective network effect. But (a) at some point it might and (b) more importantly, Apple is making sure that no other payment service locks in their own network effect in the payment space.

      SO, all of that is to say that I don’t think that competition will necessarily protect consumers when it comes to technology platforms. When Apple first launched, the only phone plan you could use was AT&T ( AT&T paid heavy subsidies to Apple for that exclusivity). Ten years later, I STILL have an AT&T phone plan that I don’t like. Those strategies will continue, through their mobile payment products, and whatever next is on the horizon.

      ps. Re: Chase Pay, I don’t know how much of that is due to regulation, as opposed to a more conservative/bureaucratic culture that may have arisen due to the looming shadow of regulation. But I view them as being close enough for me to mix the two in a blog post like this.