The Mobile Channel, TCPA and Privacy

NCHELPNew OrleansJanuary 19, 2012

Mercedes Kelley TunstallOf Counsel 202.661.2221 tunstallm@ballardspahr.com

Jerod LaughlinSVP, Digital Marketing

PNC Bank

John L. Culhane, Jr.Partner

215.864.8535culhane@ballardspahr.com

2

The Wonderful World of Mobile

• Mobile devices are now used for all sorts of purposes related to financial services:

• Marketing and Advertising• Applications• Payments/Wallets• Servicing/Customer Communications/E-Alerts• M-Commerce

33

Methods of Mobile Communications

Text messages

• Can be sent in a variety of formats, SMS, MMS, VMS, among others (i.e., Bluetooth).

Mobile Web

• Websites can be optimized for viewing on a mobile browser

Mobile Apps (i.e., Apple's App Store)

• Still innovating the best types of apps for financial services

04/10/23 4

Legal Considerations for Mobile

• Telephone Consumer Protection Act

• CAN-SPAM

• Applies to text messages that are sent to an email address (i.e., 7735551212@att.net).

• Marketing messages must be scrubbed against opt-out list and message must contain opt-out information

• Mobile Marketing Association

04/10/23 5

MMA's Consumer Best Practices

Double opt-in for text messages

• Customer initiates request for text

• Responsive text asks for approval to continue texting

• Customer confirms

• Responsive text must include the following information:

• Description of what messages will be received

• Msg&Data Rates May Apply

• Frequency of messaging

• HELP

• STOP

04/10/23 6

MMA (cont.)

More on STOP messaging

• Alternative terms must be recognized (e.g., quit, cancel, unsubscribe, end)

• STOP must not be case-sensitive

• In dispute now -- after STOP message is received, MMA recommends sending a confirmation STOP message, but, recent case law suggests otherwise.

Opting out of text messaging generally

• Customer should be able to opt-out the same way that they opted-in to receiving text messages.

04/10/23 7

MMA (cont.)

• Records of opt-ins and opt-outs- Should be maintained for from the time of opt-in until a

minimum of at least six months after opt-out

- Opt-ins and opt-outs should be processed within three days of the request

• Terms and Conditions for Text Messaging- Should explain how STOP and HELP work

- Should include customer service telephone number and website for chatting

- Disclose the frequency of messaging (or intended frequency)

- Any other applicable terms and conditions

- Carrier compatibility (to the extent applicable)

04/10/23 8

Tricky Topics

• Sweepstakes

• Debt Collection

• Loan Applications via Mobile Web or Mobile App

04/10/23 9

Mobile Payments and Wallets

• Person-to-person mobile payments

- Using email address or cell phone number

- Funds exchange via ACH

• Mobile Wallets

- Replacement for plastics – debit, prepaid, credit cards

- Also, loyalty or membership cards

- NFC

04/10/23 10

Customer Authentication Requirements• FFIEC – Authentication in an Internet Banking Environment (2005),

supplemented June 28, 2011

• When is authentication required?

- Initial authentication

- Additional layers of authentication, based upon risk level of transaction• Business transactions are more risky than consumer transactions

• Layers should compensate for weakness in one control

• What are financial institutions required to do?

- Detect and respond to suspicious activity, especially:• initial login and authentication of customers to online banking

• customers initiating the transfer of funds to other parties electronically

- Control administrative functions

04/10/23 11

Suggested Authentication Methods• fraud detection and monitoring that includes customer history and

behavior;

• use of dual customer authorization through different access devices;

• use of out-of-band verification for transactions;

• use of “positive pay,” debit blocks, and other limits on transactions;

• account activity controls;

• recognizing IP addresses associated with fraudulent activities;

• processes for recognizing compromised customer devices as well as customers who may be facilitating fraud;

• controls for changes by customers to their account information online as well as through other customer service functions;

• customer education on techniques for customers to mitigate fraud

04/10/23 12

AML and Data Security Concerns and Mobile

• Portability presents concerns:

- Physical portability

- Number portability

- Underscores the importance of proper authentication, even in the mobile channel

• Mobile is the new frontier for hackers

- Minimize information that is available to be stored on the phone that contains personally-identifiable information