[LINK] OT? Astounding ASIC Breach
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Jan 30 08:56:04 AEDT 2014
[ASIC has again demonstrated its inability to protect consumers by
authorising a massive mailout of cards containing unrequested
functionality.
[It appears that ASIC may be actually in breach of the law, because
it is effectively saying that it will fail to prosecute a breach of
the law by two corporations, QANTAS and Virgin.
[Like I suspect quite a few other people, I returned the QANTAS
Frequent Flyer Card that contained a contactless chip bearing a
service I didn't want, and demanded, and received, a replacement of
the old, specific-purpose kind.
[It doesn't help that the service QANTAS is offering is a very poor
deal for consumers. But that's just normal business exploitation.
The key issue is that unsolicited capabilities are being foisted on
people who didn't ask for them.
[Is there a consumer rights organisation that can mount a case
against ASIC's ridiculous approval, and/or a media campaign against
QANTAS and Virgin intended to undermine their intentions?
[Would it be sensible for consumer rights organisations to send
letters of complaint to ASIC, QANTAS, Virgin, and the Minister
responsible for the irresponsible agency?]
ASIC gives green light for massive unsolicited card mail-out
30 January 2014 6:53am
Banking Day
http://www.bankingday.com/nl06_news_selected.php?act=2&stream=1&selkey=16055&hlc=2&hlw=
The Australian Securities and Investments Commission has approved the
most extensive mail-out of unsolicited MasterCard and Visa products
in Australia's history, giving the issuers relief from a law that
could have blocked the campaign. Compliance Complete has discovered
that ASIC has given regulatory relief to Australia's two largest
airlines - Qantas and Virgin Australia - regarding their plans to
send millions of unsolicited prepaid debit cards to their frequent
flyer member bases.
The Qantas mail-out alone could see more than one-third of the
Australian population receiving an unsolicited Qantas Cash product in
the mail, including children aged between 16 and 18. This is despite
the fact that section 12DL of the Australian Securities and
Investments Commission Act 2001 specifically outlaws the provision of
unsolicited credit and debit cards to consumers. In Virgin's case,
the unsolicited cards are going out to all eligible Velocity members
aged 18 or older.
Consumer advocates and financial services lawyers have been stunned
by the regulator's decision to give the airlines the go-ahead to
launch their unprecedented prepaid debit card campaigns. They said
that although the card mail-outs were likely to breach s12DL, ASIC's
apparent decision to provide no-action letters to the airlines meant
the matter was unlikely to go before the courts.
The card issuers, meanwhile, are using semantics such as "prepaid
cards", "loading funds" and "online applications" to try to
circumvent the obligations regarding debit cards in the ASIC Act.
This is despite legal opinions that "prepaid" cards are a sub-set of
debit cards; the act of "loading" funds on to the card is akin to
transferring funds into a personal account; and the "application"
process is a euphemism for quick online activation.
In its product disclosure statement, Qantas has alternately described
the card activation process as an "application" in some instances,
and as "activation" in others. The web address for the "application
process" is www.qantascash.com/activate, which consumer advocates
have said is a further indication the product issuer is paying lip
service to the application process.
The Qantas Cash and Virgin Global Wallet products are examples of the
new two-sided frequent flyer cards that airlines are launching in
conjunction with their partners in the banking and payment card
industries. In the case of the Qantas Cash MasterCard product, the
Australian Financial Services licence holder and product issuer is
Heritage Bank, in Toowoomba, Queensland. The AFSL holder for Virgin
Australia's Visa Global Wallet product is Rev Australia, a subsidiary
of the US-based payments software company Rev Worldwide.
Both Qantas and Virgin have positioned the cards as upgraded loyalty
cards, with the financial product embedded on one face of the new
chip-and-PIN-enabled membership cards. When consumers turn their
membership card over it looks like a traditional Visa or MasterCard
facility, including a credit card scheme logo, card number, CVC, chip
functionality and signature strip.
The main concern with these products is that they are being sent out,
unactivated, to frequent flyer scheme members without their "opt-in"
consent. The airlines argue that the cards can simply be used as a
frequent flyer card if the member does not wish to activate the
payments functionality. The front of the card, they say, looks the
same as a standard loyalty card and can still be used in that manner
only.
To all intents and purposes, however, one side of the card looks and
functions like a debit card, including the ability to withdraw cash
from ATMs. In the case of Qantas Cash, a customer can withdraw up to
A$3000 through an ATM in any 24-hour period (or its equivalent in any
currency). For the Global Wallet, the maximum is $2500 in any 24-hour
period.
In response to questions from Compliance Complete, both Qantas and
Virgin said that they had liaised with ASIC and were confident their
campaigns had the regulator's consent.
Qantas declined to provide an interview but said in a statement:
"Qantas has worked with the Australian Securities and Investments
Commission to ensure that the product complied with the relevant
laws. Qantas is comfortable that the distribution of the prepaid card
does not raise any compliance issues."
It also confirmed that the product would be made available to
"eligible members 16 years of age or older".
A Virgin Australia spokeswoman confirmed that the airline had
received regulatory approval from ASIC in relation to the Global
Wallet unsolicited mail-out. "Velocity initially required members to
opt in to receive a card with Global Wallet functionality as we were
still in discussions with ASIC on this issue at the time of launch.
Those discussions have concluded and Velocity membership cards with
Global Wallet functionality are now progressively being sent to
eligible Velocity members," she said.
In relation to whether a no-action letter was secured, the
spokeswoman said: "Our discussions with ASIC are confidential and we
are not in a position to comment further on those discussions."
ASIC, meanwhile, does not generally publish no-action letters or even
disclose whether one has been given. A spokesman for the regulator
said ASIC "cannot comment on individual matters that may or may not
have been considered by ASIC."
Speaking more generally, the ASIC spokesman said the regulator had
looked closely at the application of s12DL in relation to the
distribution of prepaid cards. According to ASIC it is not entirely
clear how the law would apply to prepaid cards (these products did
not exist when the relevant legislation was drafted).
"It is arguable that these kinds of cards technically come within the
broad definition of 'debit card' used in s12DL, however, that is not
entirely clear," ASIC told Compliance Complete.
Having looked at the issue in detail, ASIC formed the view that the
subtle differences between debit cards and prepaid cards meant that
these products should be excluded from the requirement to seek
consent before sending them to customers. ASIC said the fundamental
difference was that prepaid cards do not access an underlying deposit
or credit account. The regulator has instead taken the view that
funds were "loaded" on to these cards.
"These cards appear to be different to those that are commonly
referred to as 'debit cards' as they do not access an underlying
deposit or credit account. Instead, any account accessed by the card
relates solely to the funds that have been loaded on to the card by
the user of the card. They do not appear to be a card of the kind
that was initially considered to be covered by this provision," the
regulator said.
This is a controversial position for the regulator to take, according
to legal experts and consumer advocates. For the purposes of s12DL,
the ASIC Act describes a debit card as, "an article intended for use
by a person in obtaining access to an account that is: (i) held by
the person for the purpose of withdrawing or depositing cash or
obtaining goods or services; (ii) a financial product."
Jon Denovan, partner at Gadens, said his law firm was often asked to
advise financial services organisations on the application of s12DL.
Although he could not comment on the specific products offered by
Qantas and Virgin, Denovan said it was widely accepted that s12DL
covered all debit card products, including prepaid cards. He said
that in a legal sense the distinction between a prepaid card and a
debit card was "a very fine one".
"It seems to us that a prepaid card falls within s12DL of the ASIC
Act and, therefore, you can't send an unsolicited card to customers,"
Denovan said. In terms of s12DL's consumer protection function,
Denovan said: "The suggestion that a prepaid card doesn't have some
of the dangers that a debit card has in the traditional meaning is a
pretty fine distinction really."
Compliance Complete
Article By: Nathan Lynch of Compliance Complete
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916 http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list