Retailers Beware: Shopping Apps Can Cost You, Too

FTC  •  Payment Processing  •  Privacy/Data Security

Online shopping is widespread, and by now, most retailers have tailored their websites to ensure consumers are fully aware of their privacy, security, and dispute resolution rights and liabilities in buying products online.  However, as retailers and other companies increasingly launch mobile applications to allow their customers to purchase items on their mobile phones without visiting the retailer’s internet site, new challenges and potential issues abound.  The FTC has taken note, and recently issued a Staff Report that examined shopping apps to understand the new shopping experience.  In its review, the FTC looked at three kinds of shopping-related apps to better understand how consumers are at risk by using mobile shopping apps, and what retailers should do to protect consumers: (1) apps that give consumers coupons on products; (2) apps that let consumers compare prices on products; and (3) apps that let consumers purchase products on the app while in the store.

The FTC noted three main problems that could cost retailers who fail to take note:

Inadequate Pre-Download Information

First, the FTC identified many applications that failed to give consumers enough information about what their rights and liabilities would be if they downloaded and used the application.  For example, under federal law, consumers are typically protected if they make purchases on credit or debit cards, but may not be protected if they make purchases with prepaid cards, gift cards, or value accounts.  To avoid confusion, retailers should provide clear and concise information to consumers regarding how non-credit/debit card payments may affect their liability and whether any protections exist for purchases made with these alternative methods.  Apps using a stored value model are the most dangerous for consumers, according to the FTC, and thus should have the most explicit liability disclosures for consumers prior to download to prevent unhappy customers or potential lawsuits.

Second, the FTC found that many applications did not provide easily accessible information regarding what consumers can do for payment-related disputes, or information about other contractual protections that existed for each different app and each different payment source.

Making it easy for consumers to understand their rights and liabilities on retailers’ mobile apps may seem tedious and unnecessary now, but because the FTC has already identified this issue as problematic, retailers should start changing their disclosures now.  The FTC could issue new rules at any time regarding required disclosures, and could even issue requirements for consumer protection that don’t exist yet.  Having clear pre-download policies will help retailers and consumers know what their rights and liabilities are upfront, which will go a long way to keeping disputes to a minimum.

Ambiguous Privacy Information

The FTC also identified potential privacy issues in new mobile shopping apps.  It found that many shopping apps’ privacy policies made strong promises to consumers, but they also contained conflicting information regarding the vast amount of information and data the apps could still collect from consumers.  The FTC emphasized the importance of transparency in its Staff Report, and retailers should take note.  The FTC is not as concerned with what retailers do with data collected from consumers as much as it is concerned with what retailers tell consumers about what they do with the data they collect.

Thus, while many privacy policies stated that data such as social security numbers, driver’s license, purchase history, and consumers’ address would be collected, most privacy policies were vague in their explanation as to how such personal identifying information would be used.  The FTC concluded that companies should be clearer about how they plan to collect, use, and share consumers’ aggregate private and financial information so that consumers can better evaluate their choices and have real information regarding what is being done with their private information.

If retailers fail to make these changes to their privacy policies and consumers’ data is used in a way that consumers weren’t expecting, the FTC could take action, or consumers could file lawsuits seeking damages for unauthorized use of their information.  In addition, having better privacy policies that are easy to understand could be a selling point for retailers in an era of increased consumer concern over the collection and use of consumer data.

Personal and Financial Information Not Secure

Finally, the FTC staff report encouraged retailers to provide as much security as possible for users’ personal and financial information, and noted that many retailers already did so.  However, because staff could not test the actual security standards of many of the apps reviewed, it did not know how strong the current security measures are.  Regardless, the FTC encouraged apps to encrypt user data, and to follow the FTC’s previous guidance on appropriate security standards.  The FTC also warned that apps must honor the promises and representations they make to consumers regarding data security and deal with any consumer concerns appropriately.

All shopping apps that take consumers personal and financial information should aspire to have the information they collect be on par with the highest security standards; such protocols will not only help consumers feel safe, but they will prevent the company from having to address the fallout if any of the information collected is stolen.

In sum, the FTC has done retailers a favor by identifying ways to improve mobile apps.  Not only will following their advice keep consumers happier, but it will help retailers avoid bad press, lawsuits, and financial ramifications, and  increase consumer buy-in to these new shopping apps.  Retailers should be as clear as possible in their disclosures and privacy policies, and should do what they can to keep user data secure.  

Download PDF

Leave a Reply