Out-Law News 3 min. read
06 Nov 2013, 3:30 pm
In a new report into payment regulations in the Asia-Pacific (APAC) region (19-page / 5.20MB PDF), PayPal said e-payment regulators should respond to innovations in mobile payments and other payment technologies by regulating the market through the better use of the data that is generated.
"To address these innovations in the payments sector, regulators and policy makers need to emulate the best practices of the markets they regulate in the new digital age," PayPal said in its report. "This means regulation that is better at using data to manage risk, and technology neutral. The landscape is rapidly changing and regulators need to have a flexible approach in dealing with all these new business models."
The report identified rapid growth in the use of mobile devices in the APAC region and highlighted research that predicts that the total value of mobile payments made in the area in 2015 will exceed $1 trillion.
However, PayPal said that the regulation of payments across APAC is fragmented and that regulators had sometimes responded to innovations in payments technology "in an ad-hoc and exceptions-based manner". It called for regulators in the region to adopt a more harmonised approach to regulation that is "focused on technology-neutral, risk-based guidance that recognises differences in business models and practices".
"Ensuring that regulatory reform maintains a level playing field for domestic and foreign organisations through the application of a consistent and logical approach to regulatory requirements is critical for market competition," PayPal said.
The reformed regulatory system should move away from focusing on identifying customers and instead seek to identify suspicious activity through "customer behaviour and transaction monitoring", the company added. This can be achieved by "analysing the digital footprint of customers and monitoring a range of behaviour patterns, including the use of sophisticated algorithms," it said.
"Data on how a customer is using an account, the volumes and sizes of transactions, and the locations of transactions provides a more valuable insight into the market than simply verifying a customer’s identification," PayPal said. "Physical evidence used for identification can be tampered with and result in fraud."
"An emphasis on a risk based approach to fraud detection based on big data would better detect and prevent fraud related activity," it added. "The use of data and digital forensics has become the cornerstone of efforts to combat crime. This has been done through the use of mobile phones, GPS, social media accounts, and other digital records. And in those instances, big data has been used to assess risk, analyse dangerous and suspicious patterns, and help develop profiles of individuals which otherwise would not have been possible."
Hong Kong-based technology law specialist Peter Bullock of Pinsent Masons, the law firm behind Out-Law.com, said there was "a lot of sense" in PayPal's recommendations, but questioned whether regulators would change existing behaviours.
"Insofar as the data privacy regulators are concerned, not only are the regulations highly fragmentary, or non-existent in some important and highly populous jurisdictions such as Indonesia, but the regulators’ self-image is one of ‘Citizens Advice Bureau’ rather than cyber-policemen," Bullock said. "It seems that regulators, and indeed the privacy laws they are enforcing, are focused on local considerations and concerns – and this explains many of the differences between the laws of Asian states – and there is little or no attempt at consistency between neighbouring states."
"In Hong Kong only the current Privacy Commissioner has had any real interest in enforcement, and the few targets chosen sometimes appear to lack focus. It is difficult to detect enthusiasm for a wider role, or one which requires close collaboration with law enforcement. In Singapore, the privacy regulation is so recent that the enforcement regime will not even be in place until 2014. As the Asia Pacific Economic Cooperation forum seems to be slow to gain traction in the area of privacy, it is unlikely that this important area of regulation will be able to come together to meet the fast developing area of anti-money laundering provision," he added.
Technology law expert Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, said that it might be difficult for regulators to rely entirely on a risk-based regulatory framework.
"The risk-based framework is a solution that regulators are increasingly looking at, given that it leverages on technologies and tries to keep up with people using a web of transactions to hide their intent," Tan said. "The question is whether it is going to be in place of traditional 'know your customer' (KYC) checks or will be used to enhance the traditional KYC checks."
"The other question is that with low credit card and bank account adoption, and even a national identification system, in Asia generally – especially in Indonesia, Philippines and Vietnam – there are now significant numbers of unbanked and under-banked who are still reliant on the real world system of payment remittances or the modern variants of these, out of the reach of big data and its analysing advantages. This explains the fact that there are hundreds of payment startup companies operating in Asia, with at least 18 in Vietnam alone," he said.
