CONSUMER EFTS IN AUSTRALIA-TESTING TIMES FOR GUIDED SELF- REGULATION

INTRODUCTION Previous articles in this series introduced consumer EFTS as a collective term for services available tiqrougn Automated Teller Machines (ATMs), Electronic Funds Transfer at Point of Sales (EFT/POS) terminals, and home banking; and discussed security aspects of sucn systems. This article identifies consumer protection issues arising from these services, and the approach to regulation which has been taken in Australia

C O N S U M E R PROTECTION ISSUES In the years since the introduction of EFT/POS, one of the most significant problems which have come to ligqt is tne consumer's legal position. The payments system based on cheques contains significant consumer protections incorporated in (variously) Bills of Exchange and Cheques Acts. The use of cheque-cards (which have achieved no significant penetration of the Australian marKet) and credit-cards (which have been very successful) did not undermine those protections. However, ATMs and EFT/POS, and other forms of consumer EFTs, are not suBJect to tlqe existing orotectlons in various reports in the mid 1980s, the Australian Consumers' Association (ACA), the Australian Payment System Council (APSC) and the Australian Science and Technology Council (ASTEC) drew attention ~o the lack of consumer protection. Exhibit 1 orovides a checklist of major issues. Initially, consumer bodies questioned the conditions of use imposed upon the cardholder by some finanaa~ institutions, stating that no matter what were wrong, the burden of liability appeared [o lie squarely on the shoulders of ~ne cardholder. The ssues of particular concern were:.

t that tne consumer was liable for unautnonsed or fraudulent use of the card Beyond both the balance anu the dady withdrawa limit:

t that the financial institution could not Be held responsible for any loss to the cardholder caused By equlpmem malfunction or failure, and

I that some institutions reserved the right to vary the conditions of use without informing tne cardholder beforehand•

REGULATION OF C O N S U M E R EFTS IN AUSTRALIA The Federal Government, reacting in part to consumer concerns, established in June 1984 the 'Working Group

Exhibit 1: Consumer Protection Issues in Consumer EFTs

--Access --non-exclusion,. especially on such bases as wealth and income

--Terms and Conditions Generally --imposition by the finandal institution without reference to the corsumer --dis~:losure and availability --notice of change

--Specific Terms and Conditions --prOVision of transaction docket --transaction docket details --account statement frequency --account statement details --advice of transaction problems --inability to reverse an entry (the anatogue to stopping a cheque) --ATM capture of card after entry of wrong ~lN

--Consumer identification Mechanism -qack of signature --possession of card and knowledge of PIN treatec as sufficient mandme -,-no photograph taken of persons attempting to use a cancelled Card

--Procedures Relating to Cards and PINs --need for solicitation by the customer ~-necesslty of carriage of both Card and PiN -inability ~o nominate PIN

-inabil i ty to change PiN -PIN assignment procedures (SAA Standard)

--composition of PIN (e.g. digits only) --~nab~hty to have the same PiN on muit~pfe accounts

-ATM and EFTIPO5 terminal design --very limited PIN privacy at ATMs - ~very limited PIN privacy at EFT/POS terminals .... ambiguous operator messages capable of negatwe mterpretauons ---poor user interface design, particularly of ATMs --4ransact~on posting prior to a legible docket being pnnted at the terminal .... accessibility of terminals to minorities and the disadvantaged (people wn(~

are ver~ short in wheelchairs bliqd etc.)

-Consequences of Loss of Card or PIN n o ability tO suspend Cards rather than immediately caltcelfing mere

need to close and re open accoums for which Cards have been ost

-Liability for Financial Loss proceoures for reporting loss of card

onus of proof lies on the consumer who has ~tt[e nrormat on < o n s u m e r liability not bruited b~ account balance and/or credil r r , - ume mitation for claims

ocnarges or minimum consumer ]iablhty, even where me ~uss arises partly :- completely through error or fraud by the financial nstttu~on or an employee or technical malfunction of any kind

--Liability for Consequential Loss -no financta] institution liabilit~ for failure to perfolm contracted services

.--no financial institution liabilit~ for erroneous oerformance of services • no financial institution liabdff) for performance w~rnout oue autnontv

Dispute Resolution . . . . . rght of consumer recourse against the mercnant wtth whom the

~ransactlon was made or against the organlsatlon Wlttt wnom tne accoum ~s held. irrespective of which o~anisation (network operator, termma~ opera,or, data processing contractor etc~ is ultimately ~able ready access to the decision~maker w~thm the organisat~on

--4eady access to [ransact~on data ---clear rules relating to evidence, affidavits, etc .onus of proof on the par~y which holds most of the ~nformatlor e rne

f~nanoal ~nstltut]on --handling within a reasonable [~me -provision of reasons for the finanCiai ~nStltUtlon s aecls~or a d v i c e of appeal rights a p p e a avenues

Security and Privacy - n o controls over data collection --no controls over disclosure of personal data [o mercnan[s ano [o other

financial restitutions ~ o control~ over disclosure ~o tmro parties w tnour consent ol legal

authonty - -no controls over use for extraneous purpose, and i~ parEicular: .... for purposes unrelated to the purpose for which data was supphed or

collected; and .... for matching and urofiling

Examining the Rignts and Obligations o~ users and Providers of Electronic Funds Transfer Systems', comprising officials from some eight Federal Government agencies. Ir its first report in October 1985, the group recommended

16

inter alia that:

• financial institutions should fully disclose in clear terms all conditions of use;

• they should advise cardholders of these conditions and any significant changes to them;

• cardholders should clearly understand their obligations with respect to the P~N and its security;

• cardholders should understand their liability with respect to unauthorised use of their card;

• the liability of cardholders should be restricted to their account balance and their daily limit;

• the liability in the case of technical malfunction should be clarified; and

• financial institutions should establish means by which disputes can be resolved.

The Working Group's 1985 Report did not satisfy all interests, which is unsurprising given that it lacked any representation from the industry, consumers and State Governments. The States, through the Standing Committee of Consumer Affairs Ministers (SCOCAM) sought to establish an EFT Code of Conduct, rather than leaving it to the financial institutions to respond to the Working Group's proposals. The Working Group was enlarged by the inclusion of State representatives, and held consultations with financial institutions and industry bodies. The modified Working Group published a second report in 1986, which embodied a set of 'Recommended Procedures to Govern the Relationship Between the Users and Providers of Electronic Funds Transfer Systems' but commonly referred to as the EFTS Code of Conduct (see Exhibit 2).

E ~ i b k 2: Matters Dealt w i th in the E ~ ~ Code o f Conduct

--availability and disclosure of the terms and conditions of use --changing the terms and conditions of use --paper records of EFT transactions

--error/dispute resolution procedures --deposits at electronic terminals --networking arrangements --audit tra --privacy

It was expected by the working Group "that card-issuers will move quickly to give effect to the recommended procedures and to translate them into their Terms and Conditions... and into their institutional practises" (p.31). However the Code was in no sense a legal document. Additional elements addressed in the 1986 Code were:

• the level of detail to be provided on receipts and within statements;

• the limiting of cardholder liability to $50 except where there is contributory negligence or fraud on the part of the cardholder;

• the provision of access to an acceptable audit trail in the case of a dispute; and

• the privacy of cardholder information obtained.

I N A D E Q U A C I E S OF T H E C O D E Widespread concern was felt concerning the Federal Government-sponsored but industry-implemented Code. In

July 1988, SCOCAM requested the Trade Practises Commission (TPC--the agency charged with responsibility for anti-monopoly/anti-trust law) to assess the EFTS Code of Conduct and its implementation. The TPC's December 1988 Report identified:

• weaknesses in the Code's wording and content, which limit its capacity to achieve an equitable market relationship between EFTS providers and users;

• aspects which place EFTS customers at a disadvantage;

• shortcomings in its implementation by members of the industry; and

• inadequacies in arrangements for the administration of the Code.

The TPC recommended:

• redrafting of the Code;

• addition to the Code of dispute resolution arrangements, along the lines recommended by the OECD;

• public reporting arrangements; and

• machinery to give effect to those recommendations.

In May 1989 the Working Group, at that stage comprising officials from six Federal and two State Departments, published a Third Report, reviewing progress to date. It concluded that "even though progress and performance by financial institutions has not been in all respects as fast, or as effective, as the Group intended, . . . the Code has markedly improved the overall balance between the consumers and financial institutions" (p.25). This Report (implicitly) rejected most of the TPC's Report's criticisms, and proposed no changes to the Code. However it did recommend:

• further consideration of what is regarded as a most difficult outstanding issue--the question of the 'onus of proof';

• further discussion of public reporting arrangements; and

• the continued existence of the Working Group.

At about the same time, the banking industry announced its intention to establish and finance a 'Banking Ombudsman', whose operations would be not directly under the control of the industry, and which would have substantial powers to investigate consumer complaints and make decisions binding on such financial institutions as submit to the scheme. The proposal is due to be published in mid-1989 for public discussion and implementation by 1990. Consumer organisations would generally prefer a statutory tribunal. However they have expressed interest in the idea, provided that the details of the scheme measure up to the initial rhetoric, and take account of the experiences with the UK Banking Ombudsman, and the Jack Report on that scheme. Meanwhile the Working Group, still comprising only Federal and State government officials anticipates providing a further Report to SCOCOM in July 1989, with a view to further developing the Code and/or initiating additional regulatory measures. One of the areas which will require careful consideration and negotiation among the various interests is dispute resolution procedure. It is clear that, in order to facilitate due process, financial institutions will need to provide to complainants information about the processing of particular transactions-- information which, in the case of adversarial proceedings, they would have preferred to keep from them until the latest possible moment. It is also clear that, for security reasons, they will wish to keep

17

from complainants details of the internals of the EFTS system. This suggests that an Ombudsman, whether appointed under a self-regulatory or a statutory scheme, must be empowered to gather detailed information which he would not, in general, provide to the complainant. He may even need the power to conduct systems audits, or at least review the reports and risk analyses performed by the financial institutions' own staff or consultants. Moreover, he must have technical support to enable him to evaluate technical information provided to him. Because of the nature of EFTS, the term 'technical' embraces a wide range of matters, including computer and telecommunications hardware, systems and communications software, applications software and DP audit. Finally, he must have sufficient technical competence to understand the reports provided to him by his staff, and the ability to appoint an Assessor, to sit with him on particularly complex cases. An additional matter which must be considered is whether the nature of consumer EFTS services is such that some cases will never be resolvable. In that case, insurance is an appropriate means of ensuring that the risks are spread across all users, rather than impinge on a few unfortunates.

C O N C L U S I O N S Although not directly represented on the Working Group, financial institutions have had significant input to the long succession of reports. What is remarkable is that at no stage in the process by which the EFTS Code of Conduct was produced and reviewed have representatives of consumers themselves had any significant role to play. In part this reflects the relatively low profile of consumer advocacy groups in Australia, and in part the prevailing dominance of economic over social concerns. However, as documented in Waiters (1989) EFT/POS is not having the easy ride to success that ATMs enjoyed. The success or failure of the endeavour is at least somewhat, and perhaps crucially, dependent on consumer acceptance. It might therefore have been expected that financial institutions would have placed much more weight on developing terms, conditions and procedures which were perceived by consumers to be fair. The Australian financial sector has undergone significant de-regulation during the 1980s under the Hawke/Keating Government, but the stimulant of increased competition has had little effect to date in the area of customer relations. The most powerful of the Federal Government agencies appear to be intent on retaining the present somewhat flawed, partly unfair and unenforceable Code. Consumer Affairs Departments at both State and Federal level, and the

TPC, are urging further action. The consumer awaitt development. There is as yet no sign of a consumer revolt-- in Australia apathy generally prevails until and unless an issue becomes a cause celebre. On the other hand, consumers may simply fail to make much use of consumer EFTs.

Arora A.

Jack R.B.

KolodzJej A

Revell J.R,S.

B I k l O G ~ Y A.RS.C. '1"he Australian Payments System" The Australian

Pay~nt$ sy~tem::c~u~dt, Ma~ch 1987a. A.RS.C. q'hiM ~ o f : T h e ~ l t ~ n ~ t s S y ~ ~nci l ,

The AustraI~n: PayrP, ents: System Council, $ e ~ b e r 1987b. 'Electroni~ Funds Transfers and the Law; 7 The Company Lawyer, t95ti 99. 'Report tethe UK Parliament on Banking S e ~ ; HMSO, 1989~ 'Customer Banker Liability.in Electronic Banking; 7 The Company Lawyer, !9t at t93 'Banking and Ek:~ctro~i c Eund Transfers--Trends in Ban~ing StrUcture and Regulation in OECD Countries; OECO, Paris, 1983

Sharpe A, 'The Lega! Fram~rk G~rning EFT Contracts and Disp~, D~ussio~: P~pe~: La~r & Rogers, :Met~rne (Juy 1~) , ~lv

TPC 'Rnance I n d ~ Code Of Cor~UCt on E~ectronic Funds Transfer ~ M ~ ' , Trade Pract~e$ Commission, Canberra (Dec t988)..

WG

WG

WG

Wi|kin I

THE AUTHORS Roger Clarke is Reader in Information Systems in the Department of Commerce at the Australian National University in Canberra. Prior to en,tering academe in 1984, he spent 17 years in professional, managerial and consulting positions in the information technology industry. Michael Waiters is a consultant, specialising in EFTS and EDI, with Deloitte Haskins & Sells in Sydney. He is a graduate from the Australian National University.

....... • : ::: ....................... . . . . . . . . . . . . . . . . __..~_~7 B O O K ~ / ~ E ~ 7 ~ '~ ~ ........

I N F O R M A T I O N T E C H N O L O G Y IN T H E H O M E Concerning Home Telematics, eds. F van Rijn and R Williams, 1988 (North- Holland) 462pp. US$110.50, ISBN 0-444-70406-X

This book contains the proceedings of the working conference on the social implications of home interactive telematics which took place under the auspices of the International Federation for Information Processing in Amsterdam in 1987. The conference provided an opportunity.for industrialists, technologists, lawyers, policy- makers, social scientists, consumer representatives and others to discuss the social implications of the development and application of IT in the home. The first chapter contains papers which deal with controlling and

assessing new technologies; chapter two examines the development of Videotex, which is one of the most visible forms of interactive telematics in the home. Further sections examine the development of the infrastructure for telecommunications including the integrated services digital network, the impact of the technology on human communication and upon the home and urban environment, the planned development of new services including tele-education, the position of consumers as end users and the impact on employment through re-locating one's work from home.

Available from Elsevier Science Publishers, PO Box 211, 1000 AE Amsterdam, The Netherlands

18