Card Frontiers: There's Nothing Dumb About Smart Card Contracts

For financial institutions, smart cards will open more doors to new business opportunities than Agent Maxwell Smart steps through at the beginning of "Get Smart," the 1960s television program.

The smart card can access deposit accounts, government benefits, campus services, frequent buyer programs, or health care information.

And we are on the cusp of transcending the hype and putting these much- ballyhooed pieces of plastic into action.

But how can bankers be protected when entering the smart card arena?

Unlike for checks and credit cards, no uniform laws or guidelines have been approved (or even proposed) that dictate the rules of the smart card game and allocate the risk.

It may take a while for the law to catch up with the technology. Even the much publicized pronouncements by the Federal Reserve Board, Federal Deposit Insurance Corp., and Office of the Comptroller of the Currency on stored value card systems do not establish systemic rules.

So until the legal infrastructures are established, bankers are on their own.

But they can deal with this void by being aware of existing laws that affect stored value system issues, and by creating contracts that contain specific provisions address the inherent risks in stored value systems.

So far, the Federal regulatory agencies have issued three guidelines on smart cards: a proposed revised Regulation E from the Fed, an OCC bulletin, and an FDIC general counsel opinion.

For smart card issuer/user contract purposes, the disclosure requirements in the Fed and OCC issuances should be examined.

Certain information may be required to be disclosed to consumers under Regulation E. The proposed revision would exempt from its requirements cards worth less than $100 and off-line (disposable) cards.

However, for on-line systems and for those systems that require authorization from a centralized data base, Regulation E would require issuers to provide certain initial disclosures, including: consumer liability for unauthorized transactions, types of transfers available, transaction charges, and any error resolution procedures available to the consumer. Recently enacted federal law prohibits the Fed from finalizing its proposed revision before July 1.

Similarly, the OCC Bulletin sets forth a dozen terms that a financial institutions should consider disclosing to consumers. These include directions on how to use the card, fees, whether the value on the card is FDIC insured, and dispute resolution procedures.

As with any other bank product, smart cards should be issued on the condition that users comply with certain terms that form the contract between the issuer and the user-much like deposit account agreements.

The clearer and more conspicuous such terms are, the more likely a court will find that the consumer agreed with them, and, therefore, the more enforceable they are.

In addition to any mandatory disclosures required by regulations, the following issues should be discussed in a contract between the issuer and the consumer:

Who the issuer is. The contract must be clear about who is liable to pay the consumer for the monetary value contained on the card. This will protect the consumer and other participants in the stored-value system payment chain.

The consumer will be protected by knowing who to turn to if something goes wrong with the card. This may also protect other participants in the smart card payment chain. A court could find that any company whose trademark appears on the card is liable to a consumer.

Expiration of the card. As with credit cards, issuers may want to impose an expiration date on smart cards in order to periodically upgrade security or technology features of the cards.

Or issuers may want to require that all value represented on the card be used by a certain date. (This gets tricky with reloadable cards, where it may be difficult to determine the date when certain monetary value has been loaded.)

Users should be made aware of the expiration date and how to redeem any remaining value on the card.

Finality. The contract should state when the obligation represented by the monetary value on the card is discharged. Is the consumer off the hook when the monetary value is presented to the merchant by the user (as with cash), or, rather, when the merchant actually receives the money from the acquiring institution (as with checks)?

Eventually, laws will impose a uniform rule, but until they are enacted, the contracts between the parties will govern.

For consumers to use smart cards comfortably, it is vital that they know when their obligation to a merchant has been satisfied. The American Bar Association's preliminary analysis concludes that the consumer has finally paid when the merchant terminal accepts the value, as with cash.

Unauthorized-use disclaimer. One section of the contract should address how the card can be used.

For example, the issuer could state that the card may only be used when properly authorized by a central data base (if appropriate), that the card may not be used beyond its expiration date, and that the value of the card is limited to the value validly transferred onto the card by the issuer.

In addition the contract should state that any use of the card that violates these conditions is expressly prohibited, and that the issuer will not be liable for any unauthorized use of the card.

Limitation of liability. Normally, because issuers control the technology, they could be held liable if something goes wrong in a smart card transaction. For example, the technology could go haywire and erroneously authorize a transaction that transfers to the merchant more monetary value than was loaded onto the card.

The contract should limit this liability, stating that the issuer will be liable for no more than the monetary value contained on the card and that in no event will the issuer be liable for special, consequential, or incidental damages.

These are but a few of the points that should be covered in a smart card issuer's contract with its users.

Until systemic rules have been established, issuers should get smart by relying on carefully drafted contracts to protect their interests.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER