Commissioner, President's Commission on Critical Infrastructure Protection[*]
For a Public Meeting of the
Consumer Electronic Payments Task Force,
Office of the Comptroller of the Currency
July 17, 1997
Consumer Privacy and Electronic Money
Electronic money such as stored value cards (SVC) or services to accommodate payments or funds transfer on the Internet has the potential to provide tremendous advantages to business and consumers alike. For business, electronic money can reduce the costs of handling cash, reduce the risks of theft, provide efficiency at the point-of-sale and enable new entrepreneurial ventures on the Internet. Electronic money also provides convenience and opportunities for consumers, but can threaten privacy if it does not provide for anonymity or if fair information practices are not observed. The ability to use e-money anonymously also raises concerns about the potential for money laundering and other illegal activities by law enforcement. This statement addresses both the use of SVC's in the offline world and the use of e-money online. My position is that both privacy and law enforcement concerns can be addressed successfully through intelligence in the design of these new financial products, and by observing fair information practices.
In terms of number of transactions, the majority of consumer financial transactions are made anonymously with small amounts cash as reflected in the money we dispense many times a day for a newspaper or magazine, a soft drink from a vending machine, a parking meter, a child's allowance, or lunch at a fast food restaurant. In terms of dollar amounts however, cash transactions are dwarfed by purchases made by credit card or check where a record exists for each transaction. The Bank Secrecy Act requires banks and certain other financial institutions to report cash transactions exceeding $10,000.
SVC's in the Offline World
I define SVC's as smart cards that function similar to the current telephone calling cards or Metro farecards. Individuals load the card with a cash value using an ATM or using a reader attached to their computer or telephone, and then spend the balance down. If the card is lost or stolen, it is equivalent to having one's wallet lost or stolen because the owner bears the loss for any value remaining on the card. Since SVC's contain a computer chip, they can carry a PIN which can be used to lock the card against unauthorized use.
To gain widespread acceptance, SVC's need to provide consumers new functionality and value beyond that found in current payment mechanisms such as credit cards or debit cards, and provide these benefits with a minimum level of risk. These current payment methods already provide a record of all transactions, and credit cards also provide additional consumer protections; the things most consumers want when making large purchases. However, they cannot be used for small purchases where the consumer is less likely to want or need an audit trail. These consumer cash transactions are hardly a candidate for money laundering, and it is these types of transactions that are likely to be where SVC's for example, find their greatest utility.
Most consumers are pragmatic about the use of cash: they don't carry large amounts of cash to avoid the risks, and they don't use cash for major purchases. Common sense in the design of these payment systems can address the law enforcement concerns by making them unattractive for criminal use. For example issuers and banks can set a low limit, e.g. $500, as the maximum amount that can be stored on a SVC, and place a similar limit on the amount of money that can be downloaded from one account to stored value cards in a single day as ATM machines do. The same law enforcement concerns exist for the anonymous use of electronic money on the Internet: that large sums of cash can be transferred without detection. However, these concerns can be addressed using some the same design principles described above.
Privacy and E-Money on the Internet
On the Internet, privacy is threatened because for any transaction, both the web site where the purchase was made and the firm facilitating the payment can potentially record all the details of the transaction including date, time, what was purchased and the purchaser's identity, allowing a detailed profile of purchasing patterns to be compiled and analyzed. Credit card companies already compile and mine identical profiles in the offline world. The privacy concerns raised by collecting these data can be addressed if all parties to the transaction data observe fair information practices: notify consumers of their information practices, only use the information in ways that are compatible with the reason for collecting the information, provide a choice if personal information is to be shared with third parties, and ensure that their practices match what they have disclosed to consumers.
Observing fair information practices is good for the bottom line because they communicate to consumers that the firm can be trusted. In cyberspace particularly, customer relationships are characterized by a great deal of social distance; interactions with the firm are mediated through a computer screen, not another human being. Because consumers must depend on strangers to act on their behalf, promoting and observing fair information practices say to the customer that the firm can be trusted when a personal relationship between buyer and seller is infeasible and when faceless employees exercise considerable power on behalf of customers who can neither specify, scrutinize nor constrain their behavior. Trusted firms gain an advantage over their competitors because their customer are willing to disclose personal information to them. Fair information practices are the keys to building trust that promotes this disclosure.
Many of the players in Internet commerce currently enjoy a "trust deficit" with consumers. For example, a 1997 Louis Harris public opinion survey found:
- More than 50% of the public is not confident that companies offering products on the Internet and credit card companies use personal information in a proper manner versus only 21% for banks
- 68% of the public is not interested in using e-money offered by a non-bank Internet company;
- 54% of the public say their willingness to purchase products on the internet would not increase if the company was certified by a reputable business rating service.
Firms can address this trust deficit through observing fair information practices: say what you do and do what you say. If they do not, privacy concerns combined with security concerns may continue to inhibit the growth of consumer Internet commerce. The widespread use of SET has promise for addressing some of the security concerns. Industry needs to work just aggressively on the privacy side of the equation to address this trust deficit if it hopes to make money on the Internet.
In A Framework for Global Electronic Commerce, the Clinton Administration recommends a hands-off approach to electronic payment systems given that both technology and the commercial environment are changing rapidly. "It would be hard to develop policy that is both timely and appropriate. For these reasons, inflexible and highly prescriptive regulations and rules are inappropriate and potentially harmful" (page 5).
The market should be allowed to experiment with new forms of electronic money, and to develop new payment systems, including those that provide for anonymity. It is unlikely that a one-size fits all approach will work in a competitive marketplace characterized by diverse consumer preferences. The government should keep a watchful eye to ensure that these experiments do not result in fraud, abuse or criminal activity. A second role for the government is to continue to use its bully pulpit to push for the development of responsible information practices that balance consumer privacy concerns with the fair commercial use of personal information. For the past two years, The FTC has successfully brought industry and the public interest community to the table once a year for a progress report on Internet privacy. This is an excellent model for performing oversight of electronic money, and I would urge the Consumer Electronic Payments Task Force to adopt it.
Disclaimer: The views expressed in this statement do not necessarily reflect the views of the President's Commission on Critical Infrastructure Protection.