CFPB Highlights Emerging Risks in the Convergence of Payments and Commerce

On August 4, 2022, the Consumer Financial Protection Bureau (CFPB) released a report on the emerging risks consumers face in the growing presence of new products that blur the line between payments and commerce, namely: buy now, pay later (BNPL) offerings; embedded commerce; and integrated “super apps.” Specifically:

  • Super apps. These apps combine financial, payment, and commerce services into a single app, often following the “bank in an app” model. The CFPB notes that while consumers are free to use services outside the app, super apps can potentially lock in the consumers by steering them to specific solutions within the apps—subsequently limiting consumer choices.
  • Buy now, pay later. The four-payment, no-interest loans that consumers use to fund a purchase at the point of sale have gained popularity in the past few years. The CFPB notes that now the BNPL providers, armed with their own apps that offer rewards and social media platforms, also act as marketing platforms that sell placement ads to merchants willing to pay affiliate fees for consumer acquisition.
  • Embedded commerce. Embedded payment capability within social media feeds enables a frictionless purchase experience, but the CFPB notes that it also creates opportunities for social media platforms to monetize such transaction data without consumers’ awareness and even increases the risk of unwanted purchases due to the minimal activity required from consumers’ end.

While recognizing that this deep integration between commerce and financial services enhances consumer experiences with fast and frictionless payments, the CFPB notes two main risks consumers face: (1) monetization of consumer financial data and (2) risk of scale and market power.

  • Monetization of financial data. In the report, the CFPB points to the service providers who can potentially mask how the consumer financial data they collect is used, shared, and leveraged without appropriate notice and consent. Noting the prevalence of machine learning and algorithmic decision-making used in offering consumer financial services, the CFPB makes it clear that it will scrutinize the industry for fair lending risks as well as risks of unfair, deceptive, and abusive practices.
  • Scale and market power. The CFPB states that the integration may also result in more concentrated market power. As an example, it points to the current payment ecosystem, which comprises a few major card networks and payment facilitators as a result of a two-sided marketplace and data aggregation. Outside of financial services, it points to the vast data collected by Big Tech companies, noting that it will further deepen the dominance of the few big companies in the space.

The report reflects the agency’s continued effort since last year with the market monitoring orders that were issued to Big Tech companies in connection with payments product offerings and buy now, pay later providers, signaling that there will be growing scrutiny on the companies in the space in the near future, including some rulemaking activities in response to the emergent risks noted above. In the report, the CFPB notes that it will propose rules to implement the required rulemaking on personal financial data rights under Section 1033 of the Consumer Financial Protection Act (CFPA), aimed at giving consumers greater control of their financial data. It will also carefully assess the BNPL providers to determine whether regulatory interventions are appropriate. It finally notes that it will continue to monitor the shift toward real-time payments in the United States and seek to mitigate potential consequences of Big Tech players moving into the space.

CFPB Fines Budget-Management Fintech

On August 10, 2022, the CFPB entered into a consent order with a budget-management fintech company for deceptive marketing of its autosave product. Through its app, the company provided to its customers the autosave product that used an algorithm to transfer money from the consumer’s checking account into a savings fund to meet certain budget goals of the consumer. Upon sign-up, the consumers granted the company access to their checking account so the company’s algorithm could analyze the checking account data to determine how much to save for each consumer.

In its marketing, the company told consumers that this autosave product would save the “perfect amount” for the consumer based on the consumer’s checking account activity. It promised that the autosave product would “never transfer[] more than you can afford” so there would be no overdrafts. Instead, the autosave product routinely caused overdrafts resulting in daily complaints to the company. The company also promised that it would reimburse consumers for any overdrafts resulting from the autosave product, but the company often denied requests for reimbursement. The autosave product resulted in nearly 70,000 overdraft reimbursement requests since 2017. The company estimated that approximately 1 – 2% of its users experienced overdrafts due to using the autosave product. Finally, the company represented that it would not keep interest that the company earned on the funds swept from the consumers’ checking accounts, but this was not true.

The company is ordered to pay reimbursement requests for overdraft charges that it previously denied and pay a $2.7 million penalty to the CFPB for the agency’s victims relief fund.