CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”
November 21, 2024 / Source: CFPB
WASHINGTON, D.C. – The Consumer Financial Protection Bureau (CFPB) today finalized a rule to supervise the largest nonbank companies offering digital funds transfer and payment wallet apps. The rule will help the CFPB to ensure that these companies – specifically those handling more than 50 million transactions per year – follow federal law just like large banks, credit unions, and other financial institutions already supervised by the CFPB. The CFPB estimates that the most widely used apps covered by the rule collectively process over 13 billion consumer payment transactions annually.
“Digital payments have gone from novelty to necessity and our oversight must reflect this reality,” said CFPB Director Rohit Chopra. “The rule will help to protect consumer privacy, guard against fraud, and prevent illegal account closures.”
Digital payment apps have become a cornerstone of daily commerce, rivaling traditional payment methods like credit cards and debit cards for both online and in-store purchases. Some of these apps are owned by the world’s largest technology conglomerates. These services have gained particularly strong adoption among middle and lower-income consumers, who now use payment apps for daily spending and funds transfers at rates that rival or exceed the use of cash. What began as a convenient alternative to cash has evolved into a critical financial tool, processing over a trillion dollars in payments between consumers and their friends, families, and businesses.
While banks and credit unions offering consumer payment services are subject to CFPB supervisory examinations, many of these very large technology firms handling billions of transactions are not. The CFPB has closely observed developments in this emerging market, including by monitoring consumer complaints and launching an inquiry into Big Tech and peer-to-peer platforms offering popular payment apps. The final rule will enable to the CFPB to supervise companies in key areas including:
- Privacy and Surveillance: Large technology companies are collecting vast quantities of data about an individual’s transactions. Federal law allows consumers to opt-out of certain data collection and sharing practices, and also prohibits misrepresentations about data protection practices.
- Errors and Fraud: Under longstanding federal law, consumers have the right to dispute transactions that are incorrect or fraudulent, and financial institutions must take steps to look into them. The CFPB is particularly concerned about how digital payment apps can be used to defraud older adults and active duty servicemembers. Some popular payment apps appear to design their systems to shift disputes to banks, credit unions, and credit card companies, rather than managing them on their own.
- Debanking: Given the volume of payments consumers make through many popular payment apps, consumers can face serious harms when they lose access to their app without notice or when their ability to make or receive payments is disrupted. Consumers have reported concerns to the CFPB about disruptions to their lives due to closures or freezes.
While the CFPB has always had enforcement authority over these companies, today’s rule gives the CFPB the authority to conduct proactive examinations to ensure companies are complying with the law in these and other areas. Supervision can prevent harm by detecting problems early. Supervision also is an important tool for the CFPB to assess risks that can emerge rapidly in this market, including from outages and other issues that could lead to millions of consumers losing access to their funds.
In the final rule, the CFPB made several significant changes from its initial proposal. The transaction threshold determining which companies require supervision is now substantially higher, at 50 million annual transactions. Given the evolving market for digital currencies, the CFPB also limited the rule’s scope to count only transactions conducted in U.S. dollars.
Today’s rule represents the latest step to strengthen oversight of large technology firms in consumer financial markets. The CFPB warned Big Tech firms in 2022 about their obligations under consumer protection laws when using behavioral targeting for financial products. The CFPB also issued a report about how funds held in some popular apps are not protected by federal deposit insurance, and advised consumers to regularly move their funds to an insured account. The CFPB also published research about regulations imposed by Apple and Google in the “tap-to-pay” market.
CFPB Supervision has also created a supervision technology program which assesses, among other things, technology and technology controls and its impact on compliance with Federal consumer financial law.
Today’s final rule is the sixth rulemaking by the CFPB to define larger participants operating in markets for consumer financial products and services. The first five rules covered larger participants in consumer reporting, consumer debt collection, student loan servicing, international money transfers, and automobile financing.
The rule will be effective 30 days after publication in the Federal Register.
Consumers can submit complaints about financial products and services by visiting the CFPB’s website or by calling (855) 411-CFPB (2372).
Employees who believe their company has violated federal consumer financial protection laws are encouraged to send information about what they know to [email protected]. To learn more about reporting potential industry misconduct, visit the CFPB’s website.