Company violated the Durbin Amendment to the Dodd-Frank Act and Fed regulations, agency alleges
The Federal Trade Commission is ordering an end to illegal business tactics that Mastercard has been using to force merchants to route debit card payments through its payment network, and is requiring Mastercard to stop blocking the use of competing debit payment networks.
Under a proposed FTC order, Mastercard will have to start providing competing networks with customer account information they need to process debit payments, reversing a practice the company allegedly had been using to keep them out of the ecommerce debit payment business and, according to the FTC, that violated provisions of the 2010 Dodd-Frank Act known as the Durbin Amendment and its implementing rule, Regulation II.
“This is a victory for consumers and the merchants who rely on debit card payments to operate their businesses,” said Holly Vedova, Director of the FTC’s Bureau of Competition. “Congress directed the FTC to enforce this part of the Dodd-Frank Act and prevent precisely this kind of illegal behavior. We take this responsibility seriously, as demonstrated by our action today.”
Debit Card Payment Networks
With more than 80 percent of American adults carrying at least one debit card and over $4 trillion in debit card purchases made every year, debit cards occupy a significant place in the current payment landscape. The popularity of debit cards has been growing especially quickly for purchases consumers make using their personal devices equipped with ewallet applications such as Apple Pay, Google Pay, and Samsung Wallet.
Payment card networks play a critical role in those debit card transactions. When a customer presents their debit card to make a purchase, the network transmits the payment information to the card’s corresponding bank for approval, and then transfers the payment approval or denial back to the merchant. Payment card networks compete for the business of banks that issue cards and for the business of merchants that accept card payments.
Mastercard, along with Visa, is one of the two leading payment card networks in the United States. The processing fees charged by networks total billions of dollars every year, affecting every purchase made with a debit card, according to the FTC. Most of these fees are paid by the merchants to the card-issuing banks and the payment card networks.
To spur more competition among payment card networks, Congress enacted a provision of the 2010 Dodd-Frank Act known as the Durbin Amendment, which required banks to enable at least two unaffiliated networks on every debit card, thereby giving merchants a choice of which network to use for a given debit transaction. The Durbin Amendment—along with its implementing rule, Regulation II—also bars payment card networks from inhibiting merchants from using other networks.
Mastercard’s Illegal Tactics
With the post-Durbin rise of debit ecommerce and ewallet debit transactions, Mastercard was flouting the law by setting policies to block merchants from routing ecommerce transactions using Mastercard-branded debit cards saved in ewallets to alternative payment card networks, including networks that may charge lower fees than Mastercard, the FTC alleged.
Specifically, Mastercard used its control over a process called “tokenization” to block the use of competing payment card networks, the agency alleged. Transactions commonly are “tokenized” by replacing the cardholder’s primary account number with a different number to protect the account number during some stages of a debit transaction.
Tokens are stored in ewallets such as Apple Pay, Google Pay, and Samsung Wallet and serve as a substitute credential to provide additional protection for a cardholder’s account number.
When a debit cardholder makes a debit purchase using an ewallet, the merchant receives a token from the cardholder’s device and sends it to the merchant’s bank, which in turn sends the token to a payment card network for processing. For the transaction to proceed, however, the network must be able to convert the token to its associated account number.
Mastercard’s policy requires use of a token when a cardholder loads a Mastercard-branded debit card into an ewallet, while banks issuing Mastercard-branded debit cards nearly universally use Mastercard to generate the tokens and store the corresponding primary account numbers in its Mastercard “token vault,” the FTC alleged. Since competing networks do not have access to Mastercard’s token vault, merchants are dependent on Mastercard’s converting the token to process ewallet transactions using Mastercard-branded debit cards.
According to the FTC, Mastercard refuses to provide conversion services to competing networks for remote ewallet debit transactions (i.e., online and in-app transactions, as opposed to in-person transactions made by the customer in a store), thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.
Under the FTC consent order, when a competing network receives a token to process a debit card payment, Mastercard is required to provide them with the customer’s personal account number that corresponds to the token. The order also bans Mastercard from taking any action to prevent competitors from providing their own payment token service or offer tokens on Mastercard-branded debit cards and requires Mastercard to comply with provisions of Regulation II.
The Commission vote to issue the administrative complaint and to accept the consent agreement was 4-0. The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment, after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments appear in the published notice. Comments must be received 30 days after publication in the Federal Register. Once processed, comments will be posted on Regulations.gov.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $46,517.
The Federal Trade Commission works to promote competition, and protect and educate consumers.