InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB focuses on in-game video game market and its consumer protection issues
On April 4, the CFPB released a report titled “Banking in video games and virtual worlds” that examined the gaming industry and the consumer financial systems that affect it. The Bureau’s report identified three key findings: (i) a network of financial products and services has entered the gaming industry to leverage and support the transfer of gaming assets and currency; (ii) the increased value of these assets has led to an increase of hacking attempts, account theft, scams, and unauthorized transactions; and (iii) the consumer data collected by gaming companies was bought, sold, and traded between companies, which can pose a risk to gaming customers. As a result, the CFPB will intend to monitor these issues in gaming and other such non-traditional markets to ensure companies comply with federal consumer financial protection laws.
The report noted that the proliferation of gaming and the evolution of the industry to offering in-game purchases and gaming assets has created the need for an infrastructure to enable fiat currency to flow into and out of games and virtual worlds. This can include transactions within the game, trading virtual items with other players, buying products on secondary markets, converting gaming assets to traditional currency, withdrawals of that currency, and/or using third parties to convert and withdraw the currency. As a result, companies have established financial products and services that increasingly resemble traditional financial products, like loans, payment processing, and money transmission.
In addition to the gaming economy creating a relatively new and unregulated financial marketplace, the Bureau identified additional risks similar to those found in the traditional market surrounding fraud, identity theft, money laundering, and privacy. For example, the report noted that these highly valuable gaming assets have made player accounts vulnerable to phishing and hacking attempts as well as unauthorized transactions. However, efforts by the FTC or CFPB to address complaints related to this activity have been met with a “buyer beware” approach by gaming companies.
Further, gaming companies collect a significant amount of data on players as a way to personalize the experience. However, the companies use this data to monetize gameplay to entice more spending as well as buy, sell and trade this data. The report noted that (i) the use of personal data can result in highly individualized pricing and (ii) the storage and transfer of consumer data poses privacy risks for gamers. In light of these various issues, the CFPB plans to work with other agencies to monitor both these non-traditional financial products and services as well as the companies that collect and sell sensitive consumer data.
District Court rules against CFPB on Prepaid Rule disclosure requirement
On March 28, the U.S. District Court for the District of Columbia (D.D.C.) ruled in favor of a fintech digital wallet provider by granting its motion for summary judgment, denying the CFPB’s cross-motion, and vacating the CFPB’s Prepaid Rule’s short-form disclosure requirements for digital wallets. The suit focused on the applicability of the Prepaid Rule’s short-form disclosure requirements to digital wallet products. The plaintiff sued the CFPB, arguing the CFPB’s Prepaid Rule was arbitrary and capricious because, unlike for general-purpose reloadable (GPR) products, the CFPB failed to provide a “well-founded, non-speculative reason for subjecting digital wallets” to the Prepaid Rule’s short-form disclosure regime.
The CFPB’s Prepaid Rule mandated that pre-acquisition fee disclosures, which were intended to apply to GPR cards, be required for digital wallets––i.e., digital wallet providers would be required to provide consumers with a pre-acquisition fee disclosure in a formatted “short form.” While the judge agreed that this makes sense as applied to GPR products, digital wallet products were fundamentally different from GPRs and were not primarily “used to access funds or to function as a substitute checking account.” While the CFPB’s Advanced Notice of Proposed Rulemaking, did not initially include digital wallets, in the final Prepaid Rule, the CFPB included digital wallets for three reasons: (1) the CFPB reasoned that the Prepaid Rule should apply to digital wallets since digital wallets can carry funds (just like GPRs), and the fee structure “may not hold true in the future”; (2) the CFPB argued that the Prepaid Rule filled a regulatory gap for digital wallets; and (3) the CFPB claimed it “cast a wide net” on purpose to avoid a “patchwork regime.”
In response, the plaintiff argued that the disclosure requirement was arbitrary and capricious due to the Bureau having no rational justification for including digital wallets in the Prepaid Rule. Further, it was arbitrary and capricious because the CFPB did not comply with its role under Dodd-Frank by assessing the costs and benefits of the Rule. Finally, the plaintiff argued that the short-form disclosure regime violated the First Amendment.
While declining to rule on First Amendment issues, the court held that the CFPB lacked a “rational justification” for subjecting digital wallets to the Prepaid Rule’s short-form disclosure requirement, agreeing that the CFPB’s requirement was arbitrary and capricious, and that it had no basis for including digital wallets because they were materially different products. The judge also found the CFPB’s cost-benefit analysis (as mandated by Dodd-Frank) was deficient, as the “general” cost-benefit analysis did not fit for digital wallets.
CFPB general counsel highlights risks in payments industry
On May 9, CFPB General Counsel and Senior Advisor to the Director, Seth Frotman, discussed the evolution of the payments system and its significant impact on consumer financial protection. Speaking before the Innovative Payments Association, Frotman commented that over the past few years, growth in the use of noncash payments (i.e. ACG, cards, and checks) accelerated faster from 2018 to 2021 than in any previous period, with the value of noncash payments since 2018 increasing nearly 10 percent per year, approaching almost $130 trillion in 2021. The value of ACH transfers and the number of card payments also increased tremendously, Frotman noted, pointing to a rapid decline in ATM cash withdrawals and the use of checks. He observed that the use of peer-to-peer (P2P) payment platforms and digital wallets is also growing quickly, with more traditional financial institutions redoubling their efforts to expand product offerings to capture market shares in this space. Additionally, several large tech firms, drawing on their significant customer bases and brand recognition, are looking to integrate payment services into their operating systems, with some offering payment products used by consumers daily, Frotman said.
Addressing concerns relating to data harvesting and privacy, Frotman said the Bureau is concerned that companies, including big tech companies, are using payment data to engage in behavioral targeting or individualized marketing, while some companies are sharing detailed payments information with data brokers or third parties as a way to monetize data. These behaviors, which he said only increase as payment systems continue to grow, raise the potential for harm, including limiting competition and consumer choice and stifling innovation. Frotman added that these issues are not limited to big tech. Banks, Frotman said, are also rolling out digital wallets as a way to access payment information, and Buy Now Pay later lenders are collecting consumer data “to increase the likelihood of incremental sales and maximize the lifetime value extracted from each current, past, or potential borrower.” Frotman reminded attendees that the Bureau has several critical tools at its disposal to address concerns about how data is bought, sold, used, and protected, and warned the payments industry to comply with applicable legal requirements.
Frotman also discussed challenges facing “gig” and other non-standard workers when trying to navigate consumer financial markets, particularly with respect to the intersection between how workers are being paid and the EFTA. According to Frotman, the Bureau is concerned about whether gig workers are being improperly required to receive payments through a particular financial institution or via a particular payment product or app. Frotman instructed employers to provide payment options that do not require workers to establish an account with a particular institution to ensure they do not run afoul of the EFTA’s “compulsory use” provision. Consumers who use a personal P2P app for work transactions are also entitled to EFTA protections with respect to fraud and error resolution, Frotman added. Frotman closed his remarks by touching briefly on liquidity and stability in the P2P payment system. He warned that consumers who use P2P payment products to store funds do not have the same level of protection as consumers who use traditional banking products.