Pitfalls of Peer-to-Peer Payments and Crowdfunding – The FTC FinTech Forum
The FTC’s second FinTech Forum explored issues surrounding peer-to-peer payment and crowdfunding technologies, which are transforming the way we share, spend, and raise money. But with that change comes fraud, scams, and privacy and security risks.
The first panel highlighted how peer-to-peer payments are governed by a variety of laws including consumer protections laws, financial regulations, and state licensing requirements. The applicable regulations depend upon underlying funding mechanism(s) such as ACH, debit, or credit. This creates a complex liability chain including the peer-to-peer payment system, device manufacturers, banks, telecommunications companies, and payment card issuers. Panelists recommended payment companies use robust disclosures including details about their privacy and security practices, what kinds of transactions are protected, when transactions are finalized, and any unexpected features of their peer-to-peer systems.
The Consumer Financial Protection Bureau’s Pre-Paid Card Rule may also apply to peer-to-peer payments, which, in part, requires adequate disclosures and providing adequate protections similar to those for checking accounts or credit cards. While this rule was designed for using plastic cards in brick & mortar stores, it also governs digital stored value and digital wallets.
Fulfillment is a key risk for crowdfunding. For example, a University of Pennsylvania study found a 9% failure rate among Kickstarter campaigns. Panelists recommended that platforms inform supporters of the potential fulfillment risk and that campaigns communicate with supporters at every stage even when they are not successful. The FTC has also created a resource on the pitfalls of crowdfunding. Thus, campaigns are on notice that failing to communicate with their backers could result in enforcement action from the FTC as well as state Attorney General offices.
Though not common, fraud can also occur in the crowdfunding industry through platforms, projects, and supporters. The panel discussed who has liability in those instances. While there is no clear answer, a Maryland court ruled that platforms are protected by Section 230 of the Communications Decency Act, which provides a safe harbor for certain online companies that host content generated by third parties. Despite any such CDA immunity, platforms should conduct due diligence by vetting projects and resolving issues arising from the use of their platform.
Overall, panelists agreed that there is an opportunity for all stakeholders to work together to develop best practices for privacy and security in the FinTech industry.