[LINK] OT? Astounding ASIC Breach

Stephen Edgar stephen at netweb.com.au
Tue Feb 11 17:27:06 AEDT 2014

Still kind of off topic though I hadn't seen this on the list....

"...now under the scrutiny of a Senate inquiry."

No 'clear' mention of the $1 charge in the email I received from Qantas ~2 weeks ago "It's time to activate Qantas Cash"

Via http://www.smh.com.au/business/comment-and-analysis/qantas-card-says-no-play-you-pay-20140209-32a0f.html 

With airlines in such a parlous state, I guess you gotta do what you can to make a buck.
And Qantas appears to be doing just that with the appropriately named Qantas Cash card.
The unsolicited debit card mailout to up to 12 million frequent flyer program members - including a controversial opt-in feature for 16- to 18-year-olds - is now under the scrutiny of a Senate inquiry.
But a lesser known feature ensures fees are generated from those who activate the cards but then don't use them.
A reference to page 13 of its product disclosure statement reveals you will incur a $1 charge at the start of the month if you have not made any transactions over the previous year.

Stephen Edgar
 Melbourne, Australia

-----Original Message-----
From: link-bounces at mailman.anu.edu.au [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Roger Clarke
Sent: Thursday, 30 January 2014 8:56 AM
To: link at anu.edu.au
Subject: [LINK] OT? Astounding ASIC Breach

[ASIC has again demonstrated its inability to protect consumers by authorising a massive mailout of cards containing unrequested functionality.

[It appears that ASIC may be actually in breach of the law, because it is effectively saying that it will fail to prosecute a breach of the law by two corporations, QANTAS and Virgin.

[Like I suspect quite a few other people, I returned the QANTAS Frequent Flyer Card that contained a contactless chip bearing a service I didn't want, and demanded, and received, a replacement of the old, specific-purpose kind.

[It doesn't help that the service QANTAS is offering is a very poor deal for consumers.  But that's just normal business exploitation. 
The key issue is that unsolicited capabilities are being foisted on people who didn't ask for them.

[Is there a consumer rights organisation that can mount a case against ASIC's ridiculous approval, and/or a media campaign against QANTAS and Virgin intended to undermine their intentions?

[Would it be sensible for consumer rights organisations to send letters of complaint to ASIC, QANTAS, Virgin, and the Minister responsible for the irresponsible agency?]

ASIC gives green light for massive unsolicited card mail-out
30 January 2014 6:53am
Banking Day

The Australian Securities and Investments Commission has approved the most extensive mail-out of unsolicited MasterCard and Visa products in Australia's history, giving the issuers relief from a law that could have blocked the campaign. Compliance Complete has discovered that ASIC has given regulatory relief to Australia's two largest airlines - Qantas and Virgin Australia - regarding their plans to send millions of unsolicited prepaid debit cards to their frequent flyer member bases.

The Qantas mail-out alone could see more than one-third of the Australian population receiving an unsolicited Qantas Cash product in the mail, including children aged between 16 and 18. This is despite the fact that section 12DL of the Australian Securities and Investments Commission Act 2001 specifically outlaws the provision of unsolicited credit and debit cards to consumers. In Virgin's case, the unsolicited cards are going out to all eligible Velocity members aged 18 or older.

Consumer advocates and financial services lawyers have been stunned by the regulator's decision to give the airlines the go-ahead to launch their unprecedented prepaid debit card campaigns. They said that although the card mail-outs were likely to breach s12DL, ASIC's apparent decision to provide no-action letters to the airlines meant the matter was unlikely to go before the courts.

The card issuers, meanwhile, are using semantics such as "prepaid cards", "loading funds" and "online applications" to try to circumvent the obligations regarding debit cards in the ASIC Act. 
This is despite legal opinions that "prepaid" cards are a sub-set of debit cards; the act of "loading" funds on to the card is akin to transferring funds into a personal account; and the "application" 
process is a euphemism for quick online activation.

In its product disclosure statement, Qantas has alternately described the card activation process as an "application" in some instances, and as "activation" in others. The web address for the "application process" is www.qantascash.com/activate, which consumer advocates have said is a further indication the product issuer is paying lip service to the application process.

The Qantas Cash and Virgin Global Wallet products are examples of the new two-sided frequent flyer cards that airlines are launching in conjunction with their partners in the banking and payment card industries. In the case of the Qantas Cash MasterCard product, the Australian Financial Services licence holder and product issuer is Heritage Bank, in Toowoomba, Queensland. The AFSL holder for Virgin Australia's Visa Global Wallet product is Rev Australia, a subsidiary of the US-based payments software company Rev Worldwide.

Both Qantas and Virgin have positioned the cards as upgraded loyalty cards, with the financial product embedded on one face of the new chip-and-PIN-enabled membership cards. When consumers turn their membership card over it looks like a traditional Visa or MasterCard facility, including a credit card scheme logo, card number, CVC, chip functionality and signature strip.

The main concern with these products is that they are being sent out, unactivated, to frequent flyer scheme members without their "opt-in" 
consent. The airlines argue that the cards can simply be used as a frequent flyer card if the member does not wish to activate the payments functionality. The front of the card, they say, looks the same as a standard loyalty card and can still be used in that manner only.

To all intents and purposes, however, one side of the card looks and functions like a debit card, including the ability to withdraw cash from ATMs. In the case of Qantas Cash, a customer can withdraw up to
A$3000 through an ATM in any 24-hour period (or its equivalent in any currency). For the Global Wallet, the maximum is $2500 in any 24-hour period.

In response to questions from Compliance Complete, both Qantas and Virgin said that they had liaised with ASIC and were confident their campaigns had the regulator's consent.

Qantas declined to provide an interview but said in a statement: 
"Qantas has worked with the Australian Securities and Investments Commission to ensure that the product complied with the relevant laws. Qantas is comfortable that the distribution of the prepaid card does not raise any compliance issues."

It also confirmed that the product would be made available to "eligible members 16 years of age or older".

A Virgin Australia spokeswoman confirmed that the airline had received regulatory approval from ASIC in relation to the Global Wallet unsolicited mail-out. "Velocity initially required members to opt in to receive a card with Global Wallet functionality as we were still in discussions with ASIC on this issue at the time of launch. 
Those discussions have concluded and Velocity membership cards with Global Wallet functionality are now progressively being sent to eligible Velocity members," she said.

In relation to whether a no-action letter was secured, the spokeswoman said: "Our discussions with ASIC are confidential and we are not in a position to comment further on those discussions."

ASIC, meanwhile, does not generally publish no-action letters or even disclose whether one has been given. A spokesman for the regulator said ASIC "cannot comment on individual matters that may or may not have been considered by ASIC."

Speaking more generally, the ASIC spokesman said the regulator had looked closely at the application of s12DL in relation to the distribution of prepaid cards. According to ASIC it is not entirely clear how the law would apply to prepaid cards (these products did not exist when the relevant legislation was drafted).

"It is arguable that these kinds of cards technically come within the broad definition of 'debit card' used in s12DL, however, that is not entirely clear," ASIC told Compliance Complete.

Having looked at the issue in detail, ASIC formed the view that the subtle differences between debit cards and prepaid cards meant that these products should be excluded from the requirement to seek consent before sending them to customers. ASIC said the fundamental difference was that prepaid cards do not access an underlying deposit or credit account. The regulator has instead taken the view that funds were "loaded" on to these cards.

"These cards appear to be different to those that are commonly referred to as 'debit cards' as they do not access an underlying deposit or credit account. Instead, any account accessed by the card relates solely to the funds that have been loaded on to the card by the user of the card. They do not appear to be a card of the kind that was initially considered to be covered by this provision," the regulator said.

This is a controversial position for the regulator to take, according to legal experts and consumer advocates. For the purposes of s12DL, the ASIC Act describes a debit card as, "an article intended for use by a person in obtaining access to an account that is: (i) held by the person for the purpose of withdrawing or depositing cash or obtaining goods or services; (ii) a financial product."

Jon Denovan, partner at Gadens, said his law firm was often asked to advise financial services organisations on the application of s12DL. 
Although he could not comment on the specific products offered by Qantas and Virgin, Denovan said it was widely accepted that s12DL covered all debit card products, including prepaid cards. He said that in a legal sense the distinction between a prepaid card and a debit card was "a very fine one".

"It seems to us that a prepaid card falls within s12DL of the ASIC Act and, therefore, you can't send an unsolicited card to customers," 
Denovan said. In terms of s12DL's consumer protection function, Denovan said: "The suggestion that a prepaid card doesn't have some of the dangers that a debit card has in the traditional meaning is a pretty fine distinction really."

Compliance Complete
Article By: Nathan Lynch of Compliance Complete

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University
Link mailing list
Link at mailman.anu.edu.au

More information about the Link mailing list