VISA March 25, 1999 Secretary Re: U.S. Perspectives on Consumer Protection in the Global Electronic Commerce Marketplace - Comment, P994312 Dear Secretary: Visa commends the Federal Trade Commission for investigating the important questions raised in its Request for Comment. Electronic commerce between consumers and businesses has only begun to flourish and to realize its potential. A truly global consumer electronic commerce marketplace is one such potential. International electronic commerce has its share of obstacles to surmount to achieve its potential. These obstacles need solutions to permit the magic of imagination and innovation to drive development of this marketplace. The Request for Comment asks the questions that identify many of the potential obstacles, including concerns regarding protection of the rights of consumers in international electronic commerce transactions. As the operator of the world's largest card-based payment system, with over 700 million cards accepted at more than 16 million merchant locations and 400,000 ATM's worldwide, Visa has long acted to balance the rights and responsibilities of both consumers and merchants on a global basis. With approximately 10-15% of its $US 1 trillion in annual transactions occurring across international boundaries, Visa and the more than 20,000 financial institutions that are its owners have established a comprehensive set of Operating Regulations and processes to address two primary areas of concern. These are fraudulent charges against consumers' accounts, and substantive failure to perform by merchants. In this Comment Visa provides its perspective on some of the questions posed in the Request for Comment regarding the protection of consumer rights in international transactions. Consumer Protection In International Electronic Commerce Traditionally, there are relatively few long distance transactions between consumers and merchants in different countries. There are likely many reasons for this, including language differences, payment complications, shipment red tape, and other inconveniences. There is as well the lack of assurance that the ordered goods will be delivered as promised, and that there will be any remedy if they are not. Most international consumer transactions that do occur are conducted face-to-face, by travelers in the merchant's country. Electronic commerce is likely to greatly increase the number of long distance international transactions between consumers and merchants, even though many of the same obstacles exist as with traditional commerce. Many commentators expect that uncertainties as to consumer protection rights and remedies in connection with international electronic commerce will be a major issue. These uncertainties include which consumer protection laws and regulations are applicable to an international electronic commerce transaction, and what mechanisms exist to enforce rights under those laws. Except within the European Union, it is not usually clear whether laws of a customer's home jurisdiction apply to transactions with a merchant operating a web site outside of that jurisdiction. If the merchant designates the law of its own jurisdiction as the governing law, this may not be enforceable, and the transaction may be subject to the consumer protection laws of the customer's jurisdiction. The merchant is thus forced to know the consumer protection laws of every jurisdiction around the world in which a customer could be located, and furthermore required to know in what jurisdiction the customer is located, a difficult task at best with current technology. Assuming that the applicable law is determined, how does a consumer or regulatory agency gain jurisdiction over a merchant operating a web site in another country that the consumer accesses via the Internet? Even if jurisdiction can be obtained, how can consumer rights arising out of small value transactions be enforced in a cost-justified manner in a cross-border context? Consumer Protection Law of the Internet? These difficulties have led some commentators to suggest adoption of a uniform "consumer protection law of the Internet". Visa's experience suggests that this will most likely be impossible. Consumer protection laws define rights of consumers and obligations of merchants engaging in commerce that arise out of and reflect the social values and concerns of individual countries or cultures. Just as the range of those values and concerns is great around the world, so too the range and scope of consumer protection laws around the world varies widely. Laws protecting cardholders in the event of disputes in connection with a payment card transaction are a good example. Federal and state laws in the United States protect credit cardholders against liability for unauthorized transactions, against failure to receive goods or services, and in certain instances where poor quality or defective goods and services have been delivered by a merchant. Debit card holders are protected against unauthorized transactions under federal and state laws and the rules of the payment card associations. There are similar laws or banking industry voluntary guidelines in Australia and in the UK. In most of the rest of the world, cardholders do not receive special protection. In France, in fact, there are laws protecting the merchant from chargebacks in connection with acceptance of a card in payment for goods or services. Differing attitudes towards consumer protection around the world are consistent with the culture and politics of each jurisdiction, and absent a compelling reason, harmonization would probably be resisted. There is one example where international harmonization of consumer protection laws has occurred. This is in the EU Distance Selling Directive promulgated in 1997, which prescribes substantive consumer protection rights applicable to nearly any consumer "distance" transaction involving a consumer residing in a EU Member nation. The Directive requires specific disclosures to a consumer, written or other retainable confirmation of those disclosures, and a seven day "cooling off" period within which the consumer can rescind the transaction. The Directive further overrides any choice of law in a merchant's contract with a resident of an EU Member country if the transaction has a reasonable relationship with that country. Something like the EU Directive on Distance Selling could be the model for a similar scheme with global coverage applicable to any consumer transaction occurring in electronic commerce, but the hurdles to accomplishing this are daunting. The EU has a mandate to impose requirements on EU Member nations in furtherance of a unified market within the EU. The EU Member nations have consented to this jurisdiction and harmonization for compelling economic and political reasons. As different culturally and politically as EU Member nations can be and are on particular issues, those nations share common boundaries and economic interests that enable harmonization in certain areas. These favorable conditions for the most part do not exist in the rest of the world. The closest approximations to a global authority that conceivably could harmonize national laws are organizations such as the OECD or the WTO, that negotiate and, in the case of the WTO, enforce trade-enabling rules or guidelines. The membership of these organizations does not include all nations, but the WTO in particular encompasses in its membership the major and most minor trading nations in the world. One purpose of the WTO is to negotiate rules binding on its member nations that eliminate or minimize barriers to international trade arising from non-tariff barriers such as standards and rules of origin. However, WTO rules typically do not require every country's laws to be the same, just not unnecessarily exclusionary. For an organization like the WTO to undertake a project to eliminate barriers to electronic commerce resulting from differing consumer protection laws around the world there would first need to be political consensus from dozens of nations with widely disparate cultures, political systems and attitudes towards consumer protection. Visa is not aware of any evidence that consumer protection laws are in fact a barrier to the development of international electronic commerce; nor is there any apparent international political consensus on the need for global consumer protection standards to support the growth of electronic commerce. In the absence of these an international consumer protection law of the Internet will be impossible to achieve. Market Solutions Although a legislative solution to uncertainty and difficulty in compliance with existing consumer protection schemes in international electronic commerce is very unlikely, there are market solutions that are possible, or currently existent. Some electronic commerce merchants will have the resources to set up separate web sites for each country that comply with local law. The task of these merchants would be much eased if countries could be required to post current legal requirements on a web site of their own. However, small and medium size electronic commerce merchants will not be able to support separate web sites in most cases. The difficulty of compliance with local consumer protection laws may create an opportunity for a business that could handle all of these details for an electronic commerce merchant if that merchant could not justify separate web sites or pages for each country. This business would be similar to that of an export broker in traditional cross-border commerce that handles the required export and import regulation compliance for exporters that do not have the resources to do so themselves. Another market solution is already in widespread use by consumers - the use of existing global payment card systems for international transactions. Visa's chargeback process provides a cost-effective means to resolve transaction disputes involving a Visa Card, regardless of the location of the merchant and the consumer. Visa Payment System Chargeback Rights Rules and procedures have been carefully developed by Visa and its Members to handle disputes arising out of international transactions. The primary means of handling any dispute in the Visa payment system is through the "chargeback" mechanism which is incorporated in the Visa Operating Regulations. A chargeback is the return of a transaction from the issuer of the card used by a consumer to the financial institution that "purchased" the transaction from the merchant. Chargebacks are permitted under Visa's rules for many reasons, including certain disputes between the cardholder/consumer and a merchant. The Visa Operating Regulations permit chargebacks in cases where a cardholder does not receive purchased services or goods, where goods delivered are not as described, or where the goods delivered are defective. The Visa Member financial institution receiving a chargeback has the right to dispute its validity, and ultimately Visa resolves any disputes that are not settled directly between the Members. What is important to understand about chargebacks is that they are contractual rights and obligations between the financial institutions that issue Visa Cards and the financial institutions that sign merchants to accept Visa Cards, and that these rights and obligations derive from their Visa membership and their exchange of Visa-branded transactions. They give no direct rights to consumers, and their exercise is optional for issuers; however, they do provide a standard worldwide level of consumer protection that issuers in any country can exercise on behalf of their Visa cardholders. Visa's chargeback rules do not attempt to track all of the possible consumer protection laws around the world, although some chargeback rights do correspond with statutory rights granted to consumers in particular countries, such as the rights granted under Federal Reserve Board Regulation Z to dispute certain credit card transactions. The chargeback reasons permitted under Visa's rules for international transactions have been adopted to enable issuers of Visa Cards to address the fundamental consumer concerns of their cardholders, and incidentally to reinforce the reputation of Visa Cards as the best way to pay. There may be additional rights available to a consumer under local law for which the issuer of the consumer's Visa Card has no supporting chargeback right in Visa's rules. Even in the absence of any chargeback right, in a domestic transaction the merchant will be directly liable to a consumer under applicable consumer protection laws. However, the key advantage of chargeback rights in international transactions is that they provide a consistent and standard level of protection on behalf of consumers in situations where the merchant is beyond the reach of local law. The Visa chargebacks for consumer/merchant disputes described above cover most of the disputes that typically arise between consumers and merchants in both domestic and international transactions. Visa's chargeback rules do not correspond in every respect with each country's consumer protection laws because chargeback processing is expensive and complex, and as a private adjudicative process, the rules must be clearly and consistently defined for every participant. The chargeback system would break down if each issuer in every country around the world had a set of chargeback rights corresponding to the particular consumer protection laws in their country. The Visa Members signing merchants would encounter substantial problems in determining the validity of a chargeback based on the consumer protection laws of another country, and merchants doing business with consumers in other countries would have similar difficulties in determining what their liabilities might be under a wide variety of foreign laws. Finally, as the ultimate arbitrator, Visa would be required to acquire expertise in the laws of the nearly 180 countries in which Visa cards are issued. There is also a tension in the Visa system regarding how much protection for consumers should be supported by the chargeback rules. Visa Members in countries like the United States want extensive chargeback rights to support the high consumer protection expectations in this country. Visa Members in countries with lesser consumer protection expectations are less supportive of strong chargeback rights. Visa has also updated its Operating Regulations to require minimum disclosures on merchant web sites accepting Visa payments(1), and to require that every electronic commerce transaction be authorized by the card issuing bank. These measures will reduce the incidence of many potential disputes. Visa and other payment system operators have also established a framework for the use of digital signatures in connection with card payments in electronic commerce through the SET (Secure Electronic Transactions) protocol. These efforts endeavor to provide consumers engaging in electronic commerce with as much assurance of protection, if not more, than they expect and receive with traditional commerce. Free market solutions like the Visa payment system, while not perfect, do accommodate many of the consumer protection needs of electronic commerce. They have evolved in response to the complex and varied requirements of international consumer transactions. Visa cautions against attempts to "improve" on payment system chargeback processes through such approaches as uniform statutory consumer protection rules enforced through mandatory payment system chargeback requirements. Free market solutions may perhaps appear to lack the "wisdom of Solomon", but in the absence of Solomon, they are the best we have. Governmental interference in what is a delicately-balanced private system for dispute resolution would not only be inappropriate, but harmful. Electronic Commerce Core Legal Infrastructure Before ending, Visa will discuss another legal "uncertainty" in connection with electronic commerce that needs attention. This is the current uncertainty that exists in certain necessary "core" electronic commerce infrastructure laws, which is probably more critical than any uncertainty regarding consumer protection rights and remedies. By definition electronic commerce is conducted remotely, potentially between consumers and merchants who have had no relationship or contact before. Uncertainties on each side about the true identity of the other party, and concerns about the possibility of tampering by third parties with messages, have led to the development of systems to verify the identity of parties to a transaction and the integrity of their messages. These systems typically are based on public key cryptography techniques from which are developed "digital signatures" and "certificates" that substitute for and in many respects are superior to the written signatures and photo identification that are ubiquitous to traditional commerce. However, the laws recognizing these electronic commerce tools are still developing, and many observers, including Visa, are concerned that the needs of global electronic commerce are not being addressed fully in many cases. For instance, global electronic commerce requires that a digital signature or other electronic form of signature suffice to form an electronic contract anywhere an electronic commerce transaction occurs, but to date this is assured in only a few jurisdictions around the world. In the case of digital signatures this also means that digital certificates issued by a certificate authority in one jurisdiction need to be recognized as valid in a second jurisdiction. Unfortunately, the legislation that has been adopted so far has not extended the necessary cross-border recognition on commercially viable terms. Finally, these laws must accommodate without interference the use of certificates and digital signatures by consensual, closed systems governed by contract such as the Visa payment system. As with chargebacks, Visa Operating Regulations provide a contractual web of rules which govern the use of digital signatures and certificates in Visa transactions. These rules establish the legitimacy of digital signatures, define security requirements for participants issuing certificates and accepting digitally-signed transactions, and provide dispute resolution mechanisms for these transactions. As with chargeback rules, governmental interference in what is a delicately-balanced and effective private system for using digital signature technology would not only be inappropriate, but harmful. In order for global electronic commerce to thrive, it is essential that there be certainty in these core legal infrastructure areas, and ideally some degree of uniformity or at least compatibility between jurisdictions' laws, because these laws enable the tools that help build the highway on which electronic commerce travels. Until these issues are addressed satisfactorily, global electronic commerce will not develop to its full potential. Visa urges the FTC to emphasize in its upcoming hearings the need for these enabling laws to be adopted on global basis. Thank you for the opportunity to share our views with the Commission. Sincerely, Broox W. Peterson 1. These websites must contain, at minimum, a complete description of goods or services (for example, voltage requirements, measurement scale used, clothing size protocol etc.), return or refund policy, customer service contact information (e-mail, telephone - including country code, toll-free and non-toll-free numbers, facsimile numbers etc.), transaction currency (Canadian or Hong Kong Dollars, etc.), known export restrictions, delivery restrictions (e.g., if restricted to merchant country), and country where the merchant is located and registered to do business. |