[LINK] OT? Astounding ASIC Breach

Roger Clarke Roger.Clarke at xamax.com.au
Thu Jan 30 08:56:04 AEDT 2014 

[ASIC has again demonstrated its inability to protect consumers by 
authorising a massive mailout of cards containing unrequested 
functionality.

[It appears that ASIC may be actually in breach of the law, because 
it is effectively saying that it will fail to prosecute a breach of 
the law by two corporations, QANTAS and Virgin.

[Like I suspect quite a few other people, I returned the QANTAS 
Frequent Flyer Card that contained a contactless chip bearing a 
service I didn't want, and demanded, and received, a replacement of 
the old, specific-purpose kind.

[It doesn't help that the service QANTAS is offering is a very poor 
deal for consumers.  But that's just normal business exploitation. 
The key issue is that unsolicited capabilities are being foisted on 
people who didn't ask for them.

[Is there a consumer rights organisation that can mount a case 
against ASIC's ridiculous approval, and/or a media campaign against 
QANTAS and Virgin intended to undermine their intentions?

[Would it be sensible for consumer rights organisations to send 
letters of complaint to ASIC, QANTAS, Virgin, and the Minister 
responsible for the irresponsible agency?]


ASIC gives green light for massive unsolicited card mail-out
30 January 2014 6:53am
Banking Day
http://www.bankingday.com/nl06_news_selected.php?act=2&stream=1&selkey=16055&hlc=2&hlw=

The Australian Securities and Investments Commission has approved the 
most extensive mail-out of unsolicited MasterCard and Visa products 
in Australia's history, giving the issuers relief from a law that 
could have blocked the campaign. Compliance Complete has discovered 
that ASIC has given regulatory relief to Australia's two largest 
airlines - Qantas and Virgin Australia - regarding their plans to 
send millions of unsolicited prepaid debit cards to their frequent 
flyer member bases.

The Qantas mail-out alone could see more than one-third of the 
Australian population receiving an unsolicited Qantas Cash product in 
the mail, including children aged between 16 and 18. This is despite 
the fact that section 12DL of the Australian Securities and 
Investments Commission Act 2001 specifically outlaws the provision of 
unsolicited credit and debit cards to consumers. In Virgin's case, 
the unsolicited cards are going out to all eligible Velocity members 
aged 18 or older.

Consumer advocates and financial services lawyers have been stunned 
by the regulator's decision to give the airlines the go-ahead to 
launch their unprecedented prepaid debit card campaigns. They said 
that although the card mail-outs were likely to breach s12DL, ASIC's 
apparent decision to provide no-action letters to the airlines meant 
the matter was unlikely to go before the courts.

The card issuers, meanwhile, are using semantics such as "prepaid 
cards", "loading funds" and "online applications" to try to 
circumvent the obligations regarding debit cards in the ASIC Act. 
This is despite legal opinions that "prepaid" cards are a sub-set of 
debit cards; the act of "loading" funds on to the card is akin to 
transferring funds into a personal account; and the "application" 
process is a euphemism for quick online activation.

In its product disclosure statement, Qantas has alternately described 
the card activation process as an "application" in some instances, 
and as "activation" in others. The web address for the "application 
process" is www.qantascash.com/activate, which consumer advocates 
have said is a further indication the product issuer is paying lip 
service to the application process.

The Qantas Cash and Virgin Global Wallet products are examples of the 
new two-sided frequent flyer cards that airlines are launching in 
conjunction with their partners in the banking and payment card 
industries. In the case of the Qantas Cash MasterCard product, the 
Australian Financial Services licence holder and product issuer is 
Heritage Bank, in Toowoomba, Queensland. The AFSL holder for Virgin 
Australia's Visa Global Wallet product is Rev Australia, a subsidiary 
of the US-based payments software company Rev Worldwide.

Both Qantas and Virgin have positioned the cards as upgraded loyalty 
cards, with the financial product embedded on one face of the new 
chip-and-PIN-enabled membership cards. When consumers turn their 
membership card over it looks like a traditional Visa or MasterCard 
facility, including a credit card scheme logo, card number, CVC, chip 
functionality and signature strip.

The main concern with these products is that they are being sent out, 
unactivated, to frequent flyer scheme members without their "opt-in" 
consent. The airlines argue that the cards can simply be used as a 
frequent flyer card if the member does not wish to activate the 
payments functionality. The front of the card, they say, looks the 
same as a standard loyalty card and can still be used in that manner 
only.

To all intents and purposes, however, one side of the card looks and 
functions like a debit card, including the ability to withdraw cash 
from ATMs. In the case of Qantas Cash, a customer can withdraw up to 
A$3000 through an ATM in any 24-hour period (or its equivalent in any 
currency). For the Global Wallet, the maximum is $2500 in any 24-hour 
period.

In response to questions from Compliance Complete, both Qantas and 
Virgin said that they had liaised with ASIC and were confident their 
campaigns had the regulator's consent.

Qantas declined to provide an interview but said in a statement: 
"Qantas has worked with the Australian Securities and Investments 
Commission to ensure that the product complied with the relevant 
laws. Qantas is comfortable that the distribution of the prepaid card 
does not raise any compliance issues."

It also confirmed that the product would be made available to 
"eligible members 16 years of age or older".

A Virgin Australia spokeswoman confirmed that the airline had 
received regulatory approval from ASIC in relation to the Global 
Wallet unsolicited mail-out. "Velocity initially required members to 
opt in to receive a card with Global Wallet functionality as we were 
still in discussions with ASIC on this issue at the time of launch. 
Those discussions have concluded and Velocity membership cards with 
Global Wallet functionality are now progressively being sent to 
eligible Velocity members," she said.

In relation to whether a no-action letter was secured, the 
spokeswoman said: "Our discussions with ASIC are confidential and we 
are not in a position to comment further on those discussions."

ASIC, meanwhile, does not generally publish no-action letters or even 
disclose whether one has been given. A spokesman for the regulator 
said ASIC "cannot comment on individual matters that may or may not 
have been considered by ASIC."

Speaking more generally, the ASIC spokesman said the regulator had 
looked closely at the application of s12DL in relation to the 
distribution of prepaid cards. According to ASIC it is not entirely 
clear how the law would apply to prepaid cards (these products did 
not exist when the relevant legislation was drafted).

"It is arguable that these kinds of cards technically come within the 
broad definition of 'debit card' used in s12DL, however, that is not 
entirely clear," ASIC told Compliance Complete.

Having looked at the issue in detail, ASIC formed the view that the 
subtle differences between debit cards and prepaid cards meant that 
these products should be excluded from the requirement to seek 
consent before sending them to customers. ASIC said the fundamental 
difference was that prepaid cards do not access an underlying deposit 
or credit account. The regulator has instead taken the view that 
funds were "loaded" on to these cards.

"These cards appear to be different to those that are commonly 
referred to as 'debit cards' as they do not access an underlying 
deposit or credit account. Instead, any account accessed by the card 
relates solely to the funds that have been loaded on to the card by 
the user of the card. They do not appear to be a card of the kind 
that was initially considered to be covered by this provision," the 
regulator said.

This is a controversial position for the regulator to take, according 
to legal experts and consumer advocates. For the purposes of s12DL, 
the ASIC Act describes a debit card as, "an article intended for use 
by a person in obtaining access to an account that is: (i) held by 
the person for the purpose of withdrawing or depositing cash or 
obtaining goods or services; (ii) a financial product."

Jon Denovan, partner at Gadens, said his law firm was often asked to 
advise financial services organisations on the application of s12DL. 
Although he could not comment on the specific products offered by 
Qantas and Virgin, Denovan said it was widely accepted that s12DL 
covered all debit card products, including prepaid cards. He said 
that in a legal sense the distinction between a prepaid card and a 
debit card was "a very fine one".

"It seems to us that a prepaid card falls within s12DL of the ASIC 
Act and, therefore, you can't send an unsolicited card to customers," 
Denovan said. In terms of s12DL's consumer protection function, 
Denovan said: "The suggestion that a prepaid card doesn't have some 
of the dangers that a debit card has in the traditional meaning is a 
pretty fine distinction really."

Compliance Complete
Article By: Nathan Lynch of Compliance Complete


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list