March 29, 1999
Federal Trade Commission
Comment, P99 4312
Ladies and Gentlemen:
BANK ONE CORPORATION appreciates the opportunity to respond to the Federal Trade Commission's request for comment dated December 16, 1998 relating to consumer protection in electronic commerce.
BANK ONE CORPORATION ("BANK ONE") is a multi-bank holding company headquartered in Chicago, Illinois, with offices located in Arizona, Colorado, Illinois, Indiana, Florida, Kentucky, Louisiana, Michigan, Ohio, Oklahoma, Texas, Utah, West Virginia and Wisconsin. BANK ONE also operates numerous non-bank subsidiaries that engage in credit card and merchant processing, consumer finance, mortgage banking, insurance, trust and investment management, brokerage, investment and merchant banking, venture capital, equipment leasing and data processing.
Bank One supports the development of laws which enhance the security and integrity of electronic commerce. Bank One also supports the enactment of laws that provide reasonable consumer protection that does not unduly shift risks to businesses in a way that discourages the growth of electronic commerce.
Bank One desires to comment on selected questions in the request for comment, and have numbered the paragraphs accordingly.
10. Continued development of digital signatures will increase the number of electronic consumer transactions on the internet. Bank One supports the recognition of digital signatures in all cases where technologically and practically feasible. A digital signature should only be recognized as legally binding if:
11. Consumers must use digital signatures or certificates correctly if they wish to protect their interest. Although the burden of proof may remain with the seller, the buyer should be held responsible for any loss resulting from the buyer's negligence. If the buyer uses all available means to authenticate the seller and relied upon a bona fide certificate to do so, the certificate authority should be held liable.
14. Bank One agrees that to protect the integrity of electronic commerce, federal, state and local law enforcement must be able to stop criminal activity effectively. Local law enforcement may need to increase their technical expertise to better assist customers with complaints. In addition, federal and local law enforcement will need to cooperate to increase their effectiveness at suppressing internet-related fraud and crime. However, the agencies that enforce consumer protection laws must balance the needs of consumers with the needs of business in a way that does not inhibit continued growth of e-commerce and its continued growth.
Consumer and Business Education
19, 20. Consumers and businesses involved in e-commerce must appreciate risks involved in each transaction and develop ways to mitigate attendant technical and legal risk. Businesses engaged in electronic commerce can help by taking steps to educate prospective and current customers on appropriate ways to participate on a customer-by-customer basis. For example, a company that allows customers to use a digital signature to authenticate a contract or authorize transactional activity should educate the customer about how the technology works and allow the customer to choose from an approved list of certificate issuers. Many businesses have already started to educate their customers on the proper use of electronic access.
21. Effective and reasonable consumer protection in the electronic marketplace benefits industry members by building consumer confidence in the safety of such transactions. As more people become confident in the safety of e-commerce, businesses have the opportunity to increase their potential on-line customer base. The success of the system depends on integrity, reliability and the protection of consumer rights. Customers will have more confidence in e-commerce if they have reasonable protections.
22. If consumer protection laws unreasonably place too much risk on business, businesses will be less willing to provide new electronic services to consumers, and may increase prices of those currently offered. Businesses should not bear an unreasonable amount of risk simply because they are perceived to have significant financial resources. The same laws apply to large online business also apply to small business. Smaller companies might not be able to enter the market if the risks are too great. Consumers should retain a reasonable amount of responsibility for properly using what protections already exist. Consumer protection laws should be limited and reasonable, and balance responsibility between companies and consumers so that each are encouraged to act responsibly.
24. Self-regulation by financial service providers has proven effective. Banks already have significant experience with e-commerce and fraud management. They have developed online fraud detection systems as part of their credit card businesses already. The use of digital signatures, if properly implemented, will serve to enhance our existing ability to prevent fraud in an online environment.
Development of the Global Electronic Marketplace
25. Global e-commerce is expected to grow exponentially over the next five years. Consumer transactions over the internet will become commonplace. New forms of technology and new consumer products will drive the development of better methods of consumer identification and authentication. The appeal of e-commerce to the mass market will grow as prices of personal computers continue to decline, internet connectivity becomes wireless, and "online applications" become part of everyday devices such as telephones, personal data assistants and kiosks.
The most significant hurdles to the growth of e-commerce involve consumer distrust, regulation which puts e-commerce at a competitive disadvantage when compared to traditional methods of delivery, and the ability to detect and prevent new forms of fraudulent activity.
27. Companies will use consumer data more effectively to evaluate and meet their customer's needs. In the traditional marketplace, a good salesperson learns a customers wants or needs to better serve them. In the electronic marketplace this will happen two ways. The consumer may opt to give the business more information in order to receive better service. In addition, the company may learn more about the consumers preferences through the individual transactions that it handles for the customer. In both cases, the key consumer protection issue will involve making sure companies use such data responsibly.
The management of consumer information held by credit bureaus is somewhat analogous. While there is some concern over how such data is used, there is no doubt that the existence of that information enhances an consumer access to credit and provides companies with a way to protect themselves from financial loss.
Thank you for the opportunity to comment on this matter. If you have any questions concerning these comments, please contact Dino Tsibouris at 614.248.6052 or Kelly Kay at 614.248.7372.
Very truly yours,
Kenneth J. Sperl, Esq.