Prepared Remarks of CFPB Director Rohit Chopra at the Federal Reserve Bank of Philadelphia’s Annual Fintech Conference
Thank you to President Patrick Harker and the Federal Reserve Bank of Philadelphia for inviting me to speak.
Today, I want to talk about how the plumbing and pipes of our economy are regulated: our country’s payments system. Like transportation, telecommunications, and energy, banking and payments are critical infrastructure of the economy that impacts all of us. And when I mention regulations, I’m not just referring to regulations developed by governmental entities. I also mean the regulations imposed by private actors outside of the democratic process.
The Federal Reserve System helped to create wire transfers and check clearing and so much of the pipes in our payment system. The private sector has also built rails that help households and businesses move money throughout the economy. This public-private partnership and governance has been essential.
Throughout our history, we have seen the consequences when essential facilities succumb to unchecked private control, and this can undermine the free market.
While speculative trading of crypto-assets has garnered significant attention in recent years, the changing landscape of consumer payments, and especially point-of-sale payments, has been more under the radar. Over the last decade, but particularly during the pandemic, Big Tech companies have crept into the payments ecosystem to deepen consumer engagement on their platforms, harvest and potentially monetize transactions-related data, and exploit traditional financial sector fee streams. This trend mirrors many of the methods deployed by AliPay and WeChat Pay in China. In 2021, the CFPB launched an ongoing inquiry into this payments market evolution.
Today, the CFPB is releasing the next set of findings in the Big Tech payments inquiry: an analysis of the outsized influence Apple and Google exert over popular contactless payments options. In my remarks, I will discuss the role of Big Tech companies in mobile payments, particularly those made at point-of-sale. I will outline some of the shifts during the pandemic and describe the regulations imposed on third-party payment apps by the two dominant mobile operating systems operated by Apple and Google. I will close with the implications for the future of open banking and payments in the United States.
I should note that the accelerating trend towards digital transactions has profound implications for financial privacy, but for today’s discussion, I will set aside the critical debate over whether and under what terms policymakers should pursue a digital equivalent of cash. Facebook’s failed Libra scheme, other Big Tech expansion into payments, and the more recent announcement of PayPal’s private currency, all underscore the breadth of the issues related to consumer payments.
Of course, the views I express today reflect the views of the CFPB and do not necessarily reflect those of any other part of the Federal Reserve System.
Evolution of Point-of-Sale Payments
First, it’s worth going into some detail about how the pandemic has accelerated shifts in the way we make payments at point-of-sale. We’ve all seen this firsthand: using cash to buy groceries, fill up your gas tank, or eat out at a restaurant is becoming less and less common. In recent years, we have seen more and more Americans use physical cards, particularly credit and debit cards, issued by financial firms using payment networks like Visa and Mastercard.
These cards may even have a raised card number that you can physically feel. In the past, this texture helped merchants take a physical imprint of the card. Over time, merchants then began to rely on magnetic stripes to record transactions. To combat rising fraud costs from skimmers and other devices that could easily capture magnetic stripes, credit and debit cards eventually adopted EMV chip technology. The complex architecture of the chip made it near impossible to replicate by fraudsters, and enhanced interoperability of transactions around the world.
Other technological developments also started to emerge and shape the payments industry. You might enter an office building or unlock your car using keyless technology like radio-frequency identification (RFID). A related technology known as near-field communications, or NFC, has become as significant in the payments ecosystem, as payment cards started to include embedded NFC capabilities, which facilitated the emergence of “tap-to-pay.”
A little over a decade ago, the adoption of contactless payments using NFC technology in mobile phones started to grow. This technology could securely transmit the digital payment of a user for verification in making transactions.
Payment systems are, by their very nature, networks. They are an appealing target for Big Tech companies since they can leverage vast existing user bases and troves of other personal data to expand into the market. As NFC technology enabled smartphones to double as contactless payment devices, those manufacturing and developing operating systems for mobile devices saw a clear opportunity to move deeper into payments.
While there have been other contactless methods to hit the market, such as peer-to-peer payment apps like Venmo, CashApp, and PayPal, these apps typically require more manual data entry or the scanning of a quick response (QR) code. Consumers and retailers report this is more cumbersome than using “tap-to-pay” functionality through NFC.
The pandemic had a pronounced effect on how we engage in digital transactions, as credit and debit cards have now far outpaced cash as the primary choice for payments. One study found that between 2019 and 2022, use of cash as a payment method dropped around 10 percent in the U.S., while use of digital wallets, credit cards, and debit cards grew, with digital wallet use jumping by around 40 percent. We all saw the acceleration in e-commerce, but even as Americans returned to in-person shopping, consumers and merchants further embraced contactless payments.
Overall, roughly three in four of 130 million iPhone users have activated Apple Pay, with nearly 56 million U.S. consumers making an in-store payment using Apple Pay in April 2023, accounting for nearly half of iOS users. And in 2021, there were an estimated 25 million Google Pay users, which is forecast to grow by another 10 million users by 2025. Visa recently reported that 1 in 3 Americans use tap-to-pay for purchases, seven times the use from just three years ago. Mastercard reported that contactless payments globally account for over 60 percent of in-person transactions.
Analysis of the Tap-to-Pay Ecosystem
As contactless payments through mobile devices continues to grow, it is important to take a look at the regulations imposed by the operating systems that govern the guts of our phones and other devices.
The U.S. mobile phone market is dominated by two entities: Apple and Google. The operating systems set the parameters for how the core software on a phone works. Apple and Google dictate how apps can be downloaded and installed, as well as how some of the phones’ features work, including the NFC capability.
Apple’s iOS is an operating system exclusively for Apple devices, like iPhones and iPads. Google’s Android operating system is installed on phones made by a range of handset manufacturers. While you can generally get to any website through a browser on these mobile devices, Apple and Google impose a number of regulations on the apps you can download through Apple’s App Store and Google’s Play Store.
If an app does not comply with Apple’s or Google’s regulations, the app could be denied access or face removal from the App Store and Play Store, making it inaccessible as an app to nearly every mobile device. There is no comparable gatekeeper, however, for accessing service through the web browser.
This brings me to back to the future of payments. In a more open and decentralized payments market, we would expect that there would be a plethora of players leveraging tap-to-pay functionalities. We might expect to see lots of companies and financial firms working to integrate tap-to-pay technology into their existing mobile apps, the same way we have seen so many apps integrate our mobile device’s camera or GPS capabilities.
However, we don’t find this at all. We found that Apple’s regulations forbid any third-party apps from accessing the mobile device’s NFC technology for tap-to-pay payments. All NFC-enabled payments must go through Apple Pay and card issuers must pay a fee to Apple for the privilege. As a result, many popular payment apps cannot directly use tap-to-pay. On the other hand, Google’s regulations do not currently require that these payments are routed through Google’s proprietary wallet and over time we have seen some level of tap-to-pay competition and innovation on Android devices. Google, however, has been scrutinized by international authorities in the past for allegedly placing self-preferencing conditions on device manufactures that use Android.
Apple cites security and privacy as the justification for restricting third-party access to the NFC technology. Data protection is certainly paramount for consumers’ sensitive financial information. But it is not clear that a blanket NFC access ban is necessary to protect data security and privacy, and it may be that the company could place privacy and security restrictions on third-party apps, as it does for other apps and functionalities.
There have been particularly strong reactions to Apple’s regulations in the U.S. and in jurisdictions around the world. For example, last summer, a small Iowa credit union filed a class action lawsuit against Apple alleging that the company’s NFC access restrictions violate federal antitrust laws. The European Commission has charged Apple with illegally abusing its market power to self-preference Apple Pay through the NFC access policy. Many other competition, consumer, data and privacy, and financial authorities have expressed serious concerns with this policy as the digital payments ecosystem continues to evolve across the globe.
Today’s analysis by CFPB staff discusses potential downstream effects of the policies – and I won’t go through all of their findings, which you can read in their report. But suffice it to say there are real concerns that such policies may create potential roadblocks to a more open payments ecosystem in the U.S.
Implications for Open and Decentralized Banking and Payments
I’ll conclude by sharing more about the implications for open and banking and payments.
As I mentioned before, there are many examples throughout history where the Federal Reserve System has worked to ensure the payments system was operated as an essential utility for the economy. In its early days, Federal Reserve Banks developed a wire service using the telegraph. It operates today as FedWire, using more modern technology. Over a hundred years ago, the Fed established central check clearing. The Fed has operated one of the two ACH networks, with the other network essentially controlled by the large banks. And more recently, the Fed launched the FedNow real-time payments network that banks and credit unions, large and small, are eligible to offer to their customers. These services have provided an important check against control and dominance over essential infrastructure by private incumbents.
A key priority for the CFPB is to help accelerate the shift to open banking and payments in our increasingly digital world. Over time, this can help people get paid faster, access more attractive rates on deposits and loans, switch more easily, avoid intrusive surveillance, and minimize the consequences of inaccurate credit reporting.
Next month, we will be proposing rules to activate a dormant authority authorized by Congress in 2010 that will give consumers more personal financial data rights. We hope to intensify competition across financial products by allowing consumers to securely permission their transaction data and switch more easily.
However, while the rules will help, we know that the existing financial market structure is full of chokepoints and toll booths imposed by large firms acting as mini-governments that can privately regulate markets and distort outcomes, particularly when it comes to payments.
The rise of Big Tech in banking and payments raises a whole new set of challenges, and some old fundamental ones. Google has given many of us a small, introductory cash balance to use on Google Pay. Apple is launching a Buy Now, Pay Later product. Amazon is developing a palm reader to allow people to use their hand like an NFC device for payments and secure entry. Other Big Tech companies have quietly accumulated money transmission licenses in states across the country. The list goes on.
While I agree that strong challenges to the dominant Wall Street banks and card networks are important, there is real concern that the large technology firms will be able to erect even more gates and toll booths that will prevent small firms from emerging and succeeding, even when they offer superior products. Moreover, the blurring of digital commerce, lending, and payments raises fundamental questions around the separation of banking and commerce – providing a new twist on debates that date back to the earliest days of the Republic, discussed centuries ago just steps from the building we are in today.
As the United States continues its bumpy path towards a more open, interoperable, and decentralized banking and payments system that supports the economy, it will require a close examination of how Big Tech’s business practices and private regulations might impede that goal. Given how essential this infrastructure is for our country, we must ensure that payments in the U.S. are fair to consumers, merchants, and nascent competitors of all sizes. It will require more work across the Federal Reserve System, including by the CFPB and the Federal Reserve Banks.
Thank you.