Consumer payments are undergoing a continuing transformation. Old devices such as Automated Teller Machines (ATMs) are being used in new ways. Newer devices such as mobile phones are being used to deposit checks and transfer payments. New unregulated institutions such as fintechs play prominent roles. The changes will continue, as demonstrated by the introduction of cryptocurrency and artificial intelligence to payments. These developments bring many benefits and conveniences to consumers. However, rampant fraud, unfair and deceptive practices, privacy invasions and security breaches pose serious threats. Consumers face formidable barriers to protecting themselves or recovering from their losses caused by these abuses. Consumers are bound by online contracts they agree to merely by a mouse click or finger touch on a computer screen. If their contracts leave them with any rights at all, they also bar consumers from going to court to enforce those rights. The law has not been modernized to provide consumers and regulatory agencies the authority to protect the public.
ATMs began as cash dispensers in the early 1970s. Now consumers can use them to deposit checks, purchase public transportation tickets, and even dispense cryptocurrency. For consumers whose banks have no branches where they live or work, ATMs can be a convenient alternative. For a fee, consumers can even use ATMs operated by others throughout the country. On the other hand, consumers have been assaulted after withdrawing cash and non-violent fraudsters have figured out how to steal victim’s money from ATMs. Casinos make it easy for customers to gamble away their savings by placing ATMs in locations in their establishments. A federal law, the Electronic Fund Transfers Act (EFTA), requires disclosures and protection if there are unauthorized transfers from the consumer’s account. But that law has no requirements for making ATMs safe. Furthermore, the EFTA protects consumers only if they do not authorize payments, and gamblers clearly authorize their unwise withdrawals.
Consumers who want to deposit checks don’t need banks, ATMs, or the U.S. Postal Service. They can take a photo of the check with their mobile phone and deposit the check by using the phone to send the check image to their bank. (The technical term for this is Remote Deposit Capture.) However, that convenience can lead to a loss of money if the consumer does not destroy the original paper check and someone else takes it, alters it, and deposits it for their own benefit. Another problem may arise if the image is distorted or the image’s travel through cyberspace does not arrive at the consumer’s bank. Although no law explicitly applies to this situation, two laws may apply. The Uniform Commercial Code applies to the paper check. The EFTA applies to the image transfer by phone. The law should be updated so that it is clear how it applies to this type of transfer when things go awry.
Peer-to-peer money transfers using Zelle, Venmo and similar services are increasingly popular because of their convenience. Consumers can transfer money to others simply by using their mobile phones. But many consumers have encountered problems and have reported them to regulatory agencies. Typically, consumers fall prey to scams and use the services to transfer money to the fraudster. Those services and the banks involved often refuse to make the consumer whole, arguing that the consumer authorized the transfer, so the EFTA does not protect the consumer. They insist it is irrelevant that the transfer was fraudulent. The law has not been updated to clearly provide protection for consumers transferring money in this fashion. Moreover, fintechs are often involved in the transfer. Fintechs are not banks; they are not subject to the regulations and supervision under which banks operate.
Experts disagree fiercely about the potential of Artificial Intelligence. Some believe AI will lead to a cure for deadly diseases. Others, including the head of Open AI, believe AI will result in the end of humanity. While we may not know the answer to these existential issues, we know with great certainty that AI has already increased consumer vulnerability to financial loss. According to the Fall 2024 Visa Biannual Threats Report, scammers are using AI’s ability to generate realistic voices and video to create “deepfake” impersonations of real people. Moreover, AI is used to gather personal information about consumers from social media and other sources in order to send very convincing phishing emails designed to defraud consumers. We do not have laws designed to combat use of AI to steal money.
Consumers have been harmed by the loss of privacy and frequent security breaches. Although some states have enacted laws to protect consumers, many have not, and there is no comprehensive federal law to provide that protection.
It is obvious that in many transactions involving new payment devices and systems, the law has huge gaps. In those situations, the contract between the financial institution or other service provider is the only potential source of the consumer’s rights. Consumers typically enter into these contracts online. Businesses usually include a link to “Terms and Conditions” and privacy policies on the bottom of their home page. But few consumers bother to read them. And even if they did, they would find them very long and filled with legalese that they likely would not understand without a law degree. Those contracts usually contain provisions precluding consumers from suing the company in court. Instead, consumers must arbitrate their disputes before private, unregulated arbitration services chosen by the business. The contracts also provide that the consumer cannot be involved in any class actions. Instead of reading the contract, consumers usually just click on a button that says “Accept.”
The American Law Institute (ALI) publishes what it calls “Restatements of the Law.” Courts and legislatures often use the Restatements as guides in deciding legal issues. In 2022 the ALI issued its Restatement of the Law of Consumer Contracts. The Restatement fails to ensure consumers have knowingly consented to the standard terms of their online contracts. In doing so, the Restatement fails to follow prior court decisions. Under the Restatement, all it takes for a consumer to assent to the contract’s terms is a click on a button with a label such as “I Agree.” The business’ only obligation is to provide the consumer with “reasonable notice” that the act of clicking on the button legally binds the consumer to the terms.
Consumers need and deserve laws to protect them from these new threats that technology has made possible. The challenge is to draft laws that will strike the proper balance. The business community wants the freedom to develop new payment devices and systems that take advantage of technology. They oppose laws that stifle innovation; they want to experiment with various new payment environments. They would prefer no regulation unless it protects them. Consumer advocates want laws that protect consumers against at least the most serious threats to their emotional as well as their financial health. They also insist consumers and regulatory agencies must have the tools to effectively enforce those laws. How this disagreement is resolved in the legislatures and courts will determine whether consumers are protected or face new and increased harm.
