Embed Size (px)
Citation preview
The Mobile Channel, TCPA and Privacy
NCHELPNew OrleansJanuary 19, 2012
Mercedes Kelley TunstallOf Counsel 202.661.2221 [email protected]
Jerod LaughlinSVP, Digital Marketing
PNC Bank
John L. Culhane, Jr.Partner
2
The Wonderful World of Mobile
• Mobile devices are now used for all sorts of purposes related to financial services:
• Marketing and Advertising• Applications• Payments/Wallets• Servicing/Customer Communications/E-Alerts• M-Commerce
33
Methods of Mobile Communications
Text messages
• Can be sent in a variety of formats, SMS, MMS, VMS, among others (i.e., Bluetooth).
Mobile Web
• Websites can be optimized for viewing on a mobile browser
Mobile Apps (i.e., Apple's App Store)
• Still innovating the best types of apps for financial services
04/10/23 4
Legal Considerations for Mobile
• Telephone Consumer Protection Act
• CAN-SPAM
• Applies to text messages that are sent to an email address (i.e., [email protected]).
• Marketing messages must be scrubbed against opt-out list and message must contain opt-out information
• Mobile Marketing Association
04/10/23 5
MMA's Consumer Best Practices
Double opt-in for text messages
• Customer initiates request for text
• Responsive text asks for approval to continue texting
• Customer confirms
• Responsive text must include the following information:
• Description of what messages will be received
• Msg&Data Rates May Apply
• Frequency of messaging
• HELP
• STOP
04/10/23 6
MMA (cont.)
More on STOP messaging
• Alternative terms must be recognized (e.g., quit, cancel, unsubscribe, end)
• STOP must not be case-sensitive
• In dispute now -- after STOP message is received, MMA recommends sending a confirmation STOP message, but, recent case law suggests otherwise.
Opting out of text messaging generally
• Customer should be able to opt-out the same way that they opted-in to receiving text messages.
04/10/23 7
MMA (cont.)
• Records of opt-ins and opt-outs- Should be maintained for from the time of opt-in until a
minimum of at least six months after opt-out
- Opt-ins and opt-outs should be processed within three days of the request
• Terms and Conditions for Text Messaging- Should explain how STOP and HELP work
- Should include customer service telephone number and website for chatting
- Disclose the frequency of messaging (or intended frequency)
- Any other applicable terms and conditions
- Carrier compatibility (to the extent applicable)
04/10/23 8
Tricky Topics
• Sweepstakes
• Debt Collection
• Loan Applications via Mobile Web or Mobile App
04/10/23 9
Mobile Payments and Wallets
• Person-to-person mobile payments
- Using email address or cell phone number
- Funds exchange via ACH
• Mobile Wallets
- Replacement for plastics – debit, prepaid, credit cards
- Also, loyalty or membership cards
- NFC
04/10/23 10
Customer Authentication Requirements• FFIEC – Authentication in an Internet Banking Environment (2005),
supplemented June 28, 2011
• When is authentication required?
- Initial authentication
- Additional layers of authentication, based upon risk level of transaction• Business transactions are more risky than consumer transactions
• Layers should compensate for weakness in one control
• What are financial institutions required to do?
- Detect and respond to suspicious activity, especially:• initial login and authentication of customers to online banking
• customers initiating the transfer of funds to other parties electronically
- Control administrative functions
04/10/23 11
Suggested Authentication Methods• fraud detection and monitoring that includes customer history and
behavior;
• use of dual customer authorization through different access devices;
• use of out-of-band verification for transactions;
• use of “positive pay,” debit blocks, and other limits on transactions;
• account activity controls;
• recognizing IP addresses associated with fraudulent activities;
• processes for recognizing compromised customer devices as well as customers who may be facilitating fraud;
• controls for changes by customers to their account information online as well as through other customer service functions;
• customer education on techniques for customers to mitigate fraud
04/10/23 12
AML and Data Security Concerns and Mobile
• Portability presents concerns:
- Physical portability
- Number portability
- Underscores the importance of proper authentication, even in the mobile channel
• Mobile is the new frontier for hackers
- Minimize information that is available to be stored on the phone that contains personally-identifiable information
