Bryan Cave Leighton Paisner Retail Blog

Retail Law

Other Posts

Main Content

Changing “Buy Now Pay Later” Regulations & Considerations for Retailers

On 2 February 2021, the FCA published its Review of the Unsecured Credit Market in the UK. The full title of the review is “The Woolard Review – A review of change and innovation in the unsecured credit market” (“the Review“). Critically, the Review recommended that all Buy Now Pay Later (“BNPL“) credit arrangements should be brought within the scope of the UK’s regulatory regime for consumer credit “as a matter of urgency”. Key amongst the various motivating factors for this recommendation is the idea that proper affordability assessments should be carried out on those being offered these credit products so as to prevent, or at least mitigate, potential consumer detriment.

Click here to read the Alert in full.

Supreme Court Holds American Express’s Antisteering Rules Don’t Violate Antitrust Laws

On June 25, 2018 the Supreme Court ruled, in a 5-4 decision, that American Express’s antisteering rules do not violate federal antitrust laws. In reaching this conclusion the Court determined that, for two-sided markets like credit cards, both sides of the platform must be analyzed when determining whether a practice has an anticompetitive effect. Because Ohio and the other states challenging American Express’s antisteering rules had focused only on the price increase on the merchant side of the two-sided market, and ignored the impact on cardholders, they did not carry their burden of showing that the antisteering rules resulted in anticompetitive pricing, i.e., that the antisteering rules had an adverse effect on the market as a whole. Specifically, the plaintiffs had not accounted for the consumer side of the market, which the Court found must be considered in determining the competitive impact of American Express’s antisteering rules.

At issue in the case were American Express’s antisteering rules: contractual terms that prohibit merchants who accept American Express from attempting to persuade consumers to use a non-American Express credit card. The American Express antisteering rules did not prevent merchants from steering consumers toward debit cards, checks, or cash.

Ultimately, the two rules to be drawn from the case are (1) certain two-sided markets must be examined holistically to determine whether conduct produces an anticompetitive effect and (2) evidence of a price increase on one side of such two-sided markets, without more, is insufficient to show an anticompetitive impact.

The Court’s ruling sought to

New Security Standard for PINS Will Give Retailers Less Costly Processing Options

February 9, 2018


A new standard published by the Payment Card Industry Security Standards Council (“PCI SSC”)  may make it easier and less costly for retailers to take advantage of lower cost PIN based transactions in card present scenarios. The new standard addresses security  of PIN entry through software encryption solutions rather than only through hardware-based encryption devices.

The PCI Council’s catchy name for this new standard is the PCI Software-Based PIN Entry on COTS (SPoC) Standard. “COTS” refers to Consumer Off-the Shelf devices, e. g., your iPhone or iPad or Android equivalents that are used as Mobile point-of-sale or “MPOS” purposes.

The primary purpose of the SPoC standard is to enable secure entry of PINS on tablets and mobile phones used to accept cards instead of the conventional POS  terminals with dedicated PIN pads. The importance to retailers is that it may expand their ability to take advantage of lower cost processing options through mobile device acceptance channels.

The standard addresses at least two popular use cases. One is the familiar “Square” dongle on cell phones and another is the in-store mobile card entry devices that sales people use roaming around the stores. In the latter mode, devices utilizing the new standard will have to compete with existing mobile terminal devices that perform encryption within the hardware. These comply with the existing PCI PTS standard.  These terminals have been in market for a while from several POS service providers.  We don’t know how the new SPoC compliant software devices

A Commentary on CFPB’s Delay in Announcing Further Delay of the Prepaid Card Rule

December 26, 2017


The Consumer Financial Protection Bureau has issued a brief press announcement that the Prepaid Card Rule would be further revised and that the effective date for compliance will be further postponed from the current deadline in April 2018.

The announcement creates more worry than relief – it’s just a tease. The announcement did not say what changes would be made or when the new deadline will be. It only said that amendments to “certain aspects” of the rule would be coming “soon after the new year.”  No doubt the Bureau meant for this announcement to be helpful to someone, but it is not clear if anyone is actually helped.

Prepaid card issuers are scrambling to implement the systems changes and new business processes necessary to support the sweeping changes required by the rule. With this announcement, they must now wonder which of those efforts will turn out to be wasted, or perhaps need to be re-worked, and they can’t pause pursuing any specific implementation efforts until the actual amendments are published. Are they supposed to trust that the extra time to be allowed by the CFPB will be sufficient to accommodate this pivot?

This dilemma brings to mind the old saying about advertising – “I know that half of the advertising budget is wasted spending; we just don’t know which half.”  Consumers, meanwhile, who presumably would benefit from the rule’s new protections, must continue to wait, but they don’t know how much longer. 

Adding more uncertainty,

Get Ready for New Data Transfer Security Standard for POS Systems

August 14, 2017


Retailers are still feeling the pain from implementing EMV-compliant POS systems. An article by Kate Fitzgerald in the PaymentsSource Technology newsletter (August 8, 2017)  caught our eye. The gist of it is that the PCI-DSS standard for data transmission will change in June of next year. Card network rules require Acquirers to require their merchants to comply with the PCI-DSS standard and the companion PA-DSS standard, so this change will leave them out of compliance if they have not implemented a newer version of the data transmission security standard.

There is not a liability shift in the rules specifically related to the new standard, but merchants will be subject to fines and the deficiency will become apparent when they undergo their periodic security audit after the June 30 date. However, the old standard is being dropped by the Payment Card Industry Security Standards Council because it leaves the POS systems still using it vulnerable to hacking. Now the hackers will be probing to find big systems that have not upgraded to the less porous technology.

According to Fitzgerald:

  • “Most merchants are still relying on the 1.0 version of the payment encryption method known as Transport Layer Security (TLS), but hackers have so thoroughly exploited it that the Payment Card Industry is withdrawing support for that version on June 30, 2018, and processors will follow suit immediately.
  • “Switching to one of two more recent supported versions of the encryption protocol—either TLS 1.1 or TLS 1.2—should be relatively simple. But many

Bans on Credit Card Surcharges Face First Amendment Challenges

State laws that prohibit retailers from charging customers a surcharge for using a credit card are being challenged on First Amendment grounds.

For more than four decades, California’s Song-Beverly Credit Card Act of 1971 prohibited retailers from charging credit card customers such a surcharge. In Italian Colors Restaurant, et al. v. Harris, 99 F.Supp.3d 1199 (E.D. Cal. 2015), a federal judge ruled that the law unconstitutionally limits retailers’ freedom of speech. The California attorney general appealed, and the case is set for oral argument before the Ninth Circuit Court of Appeals on August 17.

The outcome may be influenced by the U.S. Supreme Court’s decision in March of this year in Expressions Hair Design v. Schneiderman, 137 S. Ct. 1144 (2017), that a similar New York ban on credit card surcharges implicates the First Amendment. That case has been remanded to the Second Circuit to determine whether the ban is unconstitutional.

In states where the surcharge prohibitions have been invalidated by court action, the statute is likely unenforceable, at least temporarily while appeals are being pursued. Ecommerce retailers seeking to impose surcharges also should take care to determine which state’s laws apply to a transaction. It is not safe to assume that the retailer’s location would determine the applicable law. More likely than not, the laws of the state where the customer resides would be applied to the transaction.

Eleven states have passed similar laws banning credit card surcharges. A summary is available here.

Four of those laws

The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.