While individuals with branded credit, debit, stored value or charge cards can make purchases on the Internet, use of these payment instruments is limited to merchants accepting such cards - not useful for sending money to a college student. Similarly, checks are hardly a useful means of payment to a remote seller for an item purchased in an online auction when the identity and reliability of the seller is unknown to the purchaser and where authentication of shipment of the goods, if not the identity of the individual, must be established before payment can be remitted with confidence. Not surprisingly, digital/Web-based payment systems arose first in the context of online auctions. They were fostered by intermediary auctioneers seeking to provide a simple, fast and effective means of ensuring that a seller and buyer could facilitate payments under circumstances in which neither had a relationship to the other (and the seller was not a branded payment instrument-accepting merchant). The TowerGroup, a financial services consulting organization, estimated that in the year 2000, these emerging electronic person-to-person payment systems handled an estimated 42 million transactions, representing approximately $1.9 billion worth of funds transferred. [n1] This is quite remarkable when one considers that two or three years prior to that, the amount was close to zero.

In recent years, the Internet has provided some unique opportunities for private enterprise, both within and outside the traditional banking systems to facilitate such person-to-person payments, many of which are just now coming into their own. Billpoint (www.billpoint.com), launched in January of 1999, and PayPal (www.PayPal.com) launched in October of 1999, have thrived by dominating the auction payment market - one of the few '.com' marketplaces that appear to be surviving the shakeout in the high tech and Internet industry - a marketplace whose existence depends on the ability of individuals who do not know each other to make and consummate deals that include transfers of money or value. Billpoint is the electronic payment transaction that is touted as the "official" payment service for eBay. PayPal permits individuals to move funds from a bank account, credit card or a specially established money market account to anyone with an e-mail address. [n2]

Outside the electronic auction environment, rising paper-based costs, increased concern over the use of the mails as a delivery system for explosive devices and toxic chemical and biological agents, coupled with intermittent delays occasioned by inspection systems necessary to ensure safety of workers and the public, have already spawned alternatives to the U.S. Postal Service in a paper world. It would seem that secure, efficient and reliable electronic funds transfer systems - just as e-mail is for routine communications and correspondence - is ideally suited to the task.

Certainly, until there is a high level of security and a clear understanding of the risks by both consumers and business, person-to-person payments systems will be favored mainly in niche-based applications with low or known risks to both sender and recipient. Indeed, actual fraud, not merely lack of confidence, can devastate both intermediary and consumer - one early personal payment system (Flooz.com, the now bankrupt provider of certificates used to authenticate online purchases), has acknowledged that part of its failure can be attributable to its unwitting sale of $300,000 of its currency to credit card thieves. [n3]

However, it is also true that as financial institutions gain more experience with these systems (and with allocations of risk and corresponding fraud management capability); as electronic payment technology becomes more secure and robust in its ability to evolve from passive statement rendition and billing inquiry systems into full fledged transaction-based payment systems; as legal acceptance of electronic signatures and digital certificates grows; as stronger encryption, authentication and security tools increase in effectiveness; and as consumer confidence in the person-to-person payment applications rise, it is likely that more and more individuals will comfortably turn to the use of the Internet and digital/electronic payment systems - for person-to-person, person-to-business and business-to-business payments - eventually replacing the need for physical instruments (e.g., paper checks or physical cards) - whether or not the payment is 'account-based' or not.

In large measure, better reporting, security, auditing and compliance tools becoming available in Internet-based transactions, matched with increasing cooperation and expertise of law enforcement officials on a global basis, may ultimately prove to be more effective in reducing fraud losses to both consumers and merchants than any current paper-based system. In fact, the Internet Fraud Complaint Center reports that the amount of fraud online is actually decreasing, if not in absolute, then certainly in relative terms, and that check fraud amounts to a paltry 1.6 percent of all complaints, when compared with online auction or non-delivery fraud scams which together account for a whopping 78.7 percent of all complaints (Credit/debit card fraud is 7.4 percent of the total). [n4] Obviously, it is too soon to tell if these numbers are driven by the sheer difference in the relative numbers of each of the transactions on the Internet today or actually represent a distinctive difference in the ability to control fraud and abuse in an electronic environment.

Although some of the earlier successes in Internet banking and payment transactions tended to be niche-based (e.g., auction payments; brokerage and securities trading initiation; billing statement rendition), the home run is clearly to make personal payment services ubiquitous - to fully replace the use of paper-based checks and money orders as well as transfers that are part wire and part in-person as is the norm in the money transmitting business today. Although electronic means and networks such as telephone, fax, inter-bank transfers, EFT systems, are used by the financial institution community today to move funds, the actual sender and receiver generally must be physically present to each remit and receive funds being transferred, often at inconvenient locations and times and with a great deal of administrative overhead and paperwork.

The market for electronic/digital funds transfer systems that are convenient, reliable, safe and available to both existing banking customers and those who may not have established bank accounts - i.e., those who can pay for goods and services or transfer money to others by writing a check and those who cannot - is huge. Small wonder that in the last few years, major financial institutions (both banks and non-banks), having learned in many cases from the mistakes and successes of private intermediaries or banking alliances in this arena, are rapidly entering the market and at times, teaming up with recognizable Internet brand names to deliver these financial payment services.

Billpoint, a personal payment service founded in 1998, was acquired by eBay in 1999 in order to integrate its electronic payment system within eBay's buyer-seller auction community. Under the eBay umbrella, Billpoint partnered with Wells Fargo in February of 2000, obtaining not only a back office infrastructure, but the processing capabilities for operating its recent credit card and electronic check initiatives.

PayPal, another early person-to-person payment service, advertises the ability to pay rent or send money to family and friends and sends a "You've Got Cash!" e-mail which directs the recipient to the PayPal URL. The PayPal Web site also promotes the ability for individuals to request money for a variety of causes, from office pools to charitable donations and, in an obvious e-twist on the age old plea "dad, send money" - for kids in college or backpacking through Europe.

MoneyZap (www.moneyzap.com), a personal payment service launched by Western Union in July 2000, lets individuals send and receive payments through their checking or credit card accounts and even allows merchants to accept non-credit card payments. It would seem that Western Union may attempt to capitalize on its expertise and reputation in international wire and money transfers in its ventures onto the Internet and online world.

Following the niche-based strategy that proved successful in the online auction arena, Bank of America has initiated a stored value card account service aimed squarely at money transfers between the United States and Mexico. The Web site (www.bankofamerica/safesend.com) which has both an English and Spanish version, is branded "SafeSend" and requires the recipient to have or obtain an ATM card which is tied to an account set up in the name of sender.

When the sender transfers money into his or her SafeSend account, the recipient can use the ATM card as a stored value or prepaid card service in his or her local currency, less any fees and other charges imposed on the transfer. The service is part of the PLUS electronic funds transfer network. As a measure of security, not only are both the sender and recipient assigned personal pass codes which must be used to obtain customer service, but the ATM card is assigned a Personal Identification Number (PIN) which the sender must communicate to the recipient in order to withdraw funds or use the ATM card.

In the face of these focused or targeted e-payment system initiatives, HSBC Bank USA has now joined forces with the well-known online brand, Yahoo!. But this time the target audience is not the auction community or even a particular niche of users. The personal payment platform launched by HSBC and Yahoo, branded "PayDirect," appears to be designed to appeal to a much wider audience and offers free person-to-person money transfer services, including wireless money, anywhere in the United States. In the same vein, but by far the most ambitious program to date, a payment facility recently launched by Citibank, marketed as "c2it" (www.c2it.com), enables individuals to send and receive money to or from anyone within the United States by e-mail. For a flat fee, it can also transmit money online to over 100 countries around the globe.

On May 16, 2002, the Office of the Comptroller of the Currency (OCC) issued a final rule, which amends its regulations and "groups together new and revised regulations addressing: national banks' exercise of their federally authorized powers through electronic means; the location, for purposes of the federal banking laws, of a national bank that engages in activities through electronic means; and the disclosures required when a national bank provides its customers with access to other service providers through hyperlinks in the bank's website or other shared electronic space." [n5]

This final rule represents the aggregation and refinement of well over 20 years of precedents, rulings and regulations relating to electronic banking activities. The rule addresses, not only the supply of electronic banking services, but also deals with issues related to preemption of state law and jurisdiction. It also contains a new section (12 CFR 7.5000) which describes the authority of national banks to offer electronic products and services that are incidental to banking, over the Internet or through other media and technology, and permits banks to offer computer time, telecommunications capacity and customer service resources to the public, to the extent the bank has excess capacity.

Although most person-to-person payment systems are either affiliated with or use the resources of a federally or state-chartered banking institution, many non-bank entities, aside from the Western Unions and MoneyGrams of the world, are discovering the availability of money transmitter licenses, which permit them to function as transmitters of funds in limited and, in many cases, regulated, ways.

New York's money transmitter licensing statute can be found in New York State Consolidated Laws (Banking Article XIII-B, Transmitters of Money) and at least 39 states have enacted money transmitter licensing statutes and regulations. Some states distinguish between those fund transfers that involve an "instrument" (e.g., money order; card). In other states, no formal or specific legislation or regulation of money transmitters exist at all, mindful that money transmitters cannot establish an account for an individual or take transferable deposits; they act as agents for the onward transmission of monies at the direction of the sender.

At a time when e-commerce and the exploitation of technology is beginning to emerge as a cost-saving opportunity and a convenience to consumers, lawmakers and regulators are finding that heightened concern over security, money laundering, privacy and terrorism are at odds with their general desire to stimulate and motivate the development of increasingly reliable and efficient means of Internet and Web-based payment systems and update our legal and regulatory schemes.

The most sweeping legislation affecting e-commerce is The USA Patriot Act of 2001, enacted 45 days after Sept. 11, 2001, which is intended to give U.S. law enforcement authorities powerful tools to fight the monetary infrastructure used to finance terrorism. [n6]

The USA Patriot Act expands the definition of "financial institutions" to banks, broker dealers, credit unions, commodity trading advisers, money transmitters, investment companies, check cashing businesses, non-bank lenders, insurance companies, travel agencies, some real estate professionals, casinos, car and boat dealers, in other words, from convenience stores with an ATM to multinational banks. The Act also imposes significant new reporting, due-diligence and record-keeping requirements, including an anti-money laundering program (e.g., development of procedures and controls; designating a compliance officer; employee-training programs; and independent audit and testing programs). Failure of a covered financial institution to establish and properly maintain these programs can subject the institution to civil and criminal penalties.

Recently, FinCEN (the Financial Crimes Enforcement Network of the U.S. Treasury) published rules requiring an expanded list of financial institutions (including operators of credit card systems and money service businesses such as money transfer companies and check cashers) to have in place anti-money laundering programs. [n7] Similarly, the Federal Trade Commission has just published a "Financial Information Safeguards" final rule implementing the information security and confidentiality provisions of Gramm-Leach-Bliley [n8] (GLB) and enacting standards to safeguard customer personal information (e.g., names, addresses, Social Security numbers, bank account numbers and credit histories).

The rule closely parallels the rules published by federal financial institution regulatory agencies and requires compliance by those "financial institutions" as individuals or businesses significantly engaged in providing consumer financial products or services subject to FTC jurisdiction (and which are not subject to or preempted by another regulatory agency, e.g., the OCC). The rule establishes minimum standards for the administrative, technical and physical safeguards that financial institutions subject to GLB must have in place for protecting customer information.

There is no question that payment systems technology will continue to provide more efficient, reliable and secure methodologies enabling individuals, businesses and intermediaries and processors to move funds domestically and internationally. It is also clear that this same technology, coupled with existing and emerging payment processing networks will enable both traditional banks and non-banking institutions to provide both domestic and international person-to-person payment services. While the law is struggling to keep pace with innovation, and regulatory agencies scramble to assert jurisdiction over activities and functions that may or may not resemble traditional activities and functions, it is also clear that there is tension between the need to ensure privacy and confidentiality, while at the same time affording law enforcement the ability to trace and document activities that may provide financing for illegal and potentially dangerous activity.

The rules, regulations, licensing requirements, jurisdiction, as well as disclosures to consumers and reporting to government agencies, represent a growing patchwork quilt of policies and procedures, compliance and reporting requirements, that an increasingly large number of entities caught in the definition of 'financial institution' under Gramm-Leach-Bliley, The USA Patriot Act or otherwise must be attentive to, monitor, implement and administer.

In fact, the member nations of the European Union, as well as other nations of the world are similarly beginning to grapple with e-commerce payment system law and regulation, and the complexity is likely to magnify in the years ahead. The list of entities deemed to be financial institutions and the requirements that must be adhered to in the movement of funds electronically, is likely to grow longer and more diverse over the next few years as our system of laws and law enforcement balance the need to preserve our democratic freedoms with government's obligation to ensure the security and safety of its citizens. That said, it is likely that the technological innovation that makes emerging e-commerce payment systems more reliable and secure may also provide the audit, authentication and security administration tools and techniques to more deftly balance competing interests while protecting the financial infrastructure and the society that it is intended to properly serve.

FootNotes:

[n1]. See Business 2.0 (www.business.com), Pay Ya Later, May 2001.

[n2]. Billpoint is owned by eBay and Wells Fargo Bank and PayPal merged with bank x.com in 2000. More recently PayPal has partnered with Providian Financial in the issuance of a co-branded credit card and has plans to move into wireless and debit card payments to increase the ubiquitous nature of the service.

[n3]. "Credit Card Theft Thrives Online as Global Market," The New York Times on the Web, May 13, 2002.

[n4]. Internet Fraud Complaint Center, see e.g., Bank Technology News, April 2002.

[n5]. 12 CFR Part 7 (Electronic Activities); www.occ.treas.gov/ftp/release/2002-44b.pdf . With the exception of §7.5010 of the rules which takes effect on July 1, 2002, all of the other sections become effective June 17, 2002.

[n6]. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, including Title III of the Act, which is the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001.

[n7]. Federal Register public notices issued April 29, 2002, for financial institutions can be found at 67 FR 21109, for money services businesses at 67 FR 21114, for mutual funds at 67 FR 21117 and for credit card operators at 67 FR 21121.

[n8]. The Federal Register notice, May 17, 2002, is at http://www.ftc.gov/os/2002/05/safeguardfrn.pdf.