Professional Documents
Culture Documents
mobile devices for personal and business use. Most businesses want to
ensure that their employees are able to work efficiently when out of the
office. However, increased mobility brings with it certain management
and legal issues that need to be addressed.
What are the main issues from a management perspective?
By providing its workforce with mobile devices, an organisation can
improve productivity by allowing access to up-to-date data at any time in
any location. But, to an extent, in doing this an organisation is loosening
its control over its data. It may not be possible to know exactly where
any data is stored at any time, and data created on mobile devices may
not be backed up to a central location. This makes the data vulnerable.
Key information may be stored locally and may not be backed up
centrally. Critical data may be lost or out of date.
Chang-ho CHUNG
Judge, South Korea
I.
Introduction
Mobile finance has created huge business opportunities for merchants, mobile
network operators, mobile device manufacturers, financial Institutions and
software providers. Those mobile finance participants have added new financial
transaction forms to make their services available through mobile devices. Mobile
finance business has been fairly successful especially in South Korea, Japan and
other Asian countries.
II.
This is a Short Message Service (SMS) that mainly provides information about the
status of bank account. Short messages containing information about the bank
account are transmitted to customers mobile phone by SMS center server of
mobile network operator which is connected to the mobile banking server of bank.
SMS-based banking service is operated using both push and pull messages. Push
messages are those that banks choose to send out to a customer's mobile phone
without the customers request for the information. Typically push messages could
be either mobile marketing messages or messages alerting an event which happens
in the customer's bank account. Pull messages are those that are initiated by
customers using a mobile phone to obtain information about the bank account.
Examples of pull messages include an account balance inquiry, currency exchange
rates and deposit interest rates.
By adopting WAP browser, mobile network operators and banks could offer not
only information-based banking service but also transaction-based banking service
including payments, deposits, withdrawals and transfers. The disadvantage of WAP
browser is that WAP browser implementation is not consistent across mobile
devices manufacturers.
3. IC Chip-based Application
Integrated Circuit (IC) Chip is a miniaturized electronic circuit that has been
manufactured in the surface of a thin substrate of semiconductor material. Mobile
network operators partnered with banks to launch IC Chip-based mobile banking
service. Customers could get access to mobile banking service by inserting IC
Chip, which is controlled by banks, into a mobile device.1
4. USIM-based Application
A Universal Subscriber Identity Module (USIM) is an application running on a
UICC (Universal Integrated Circuit Card) smartcard which is inserted in a
WCDMA 3G mobile phone. The equivalent of USIM on GSM 2G mobile network
is SIM. Like SIM, USIM stores subscriber information, authentication information
and provides storage space. Furthermore USIM enables its subscribers to download
various mobile banking applications, credit card applications and public
1 In South Korea, the third-largest mobile network provider LG Telecom with the
largest bank Kookmin Bank launched the first IC-Chip based mobile banking service
in 2003. IC-Chips were issued and controlled by Kookmin Bank and LG Telecom
provided the mobile network service. Available from
http://www.lguplus.com/lguplus/en/jsp/info/corporate_data.jsp
transportation applications onto USIM through OTA (over the air) technology.
Customers do not need to change chips each time they use different applications.2
5. NFC-based Application
Near Field Communication (NFC) is the most recently developed technology for
mobile finance. NFC is a short-range high-frequency wireless communication
technology which enables the exchange of data between devices over about 10cm
distance by combining the interface of a smartcard and a reader into a single
device. NFC device is also compatible with existing contactless infrastructure
already in use for public transportation and payment.
There are three specific features for NFC: NFC device behaves like an existing
contactless card (Card emulation), NFC device is active and reads a passive RFID
tag (Reader mode) and two NFC devices are communicating together and
exchanging information (P2P mode). These features of NFC make mobile devices
even more suitable for financial transaction purpose.
2 In South Korea, the largest mobile network provider SK Telecom launched USIM
and OTA based mobile finance service in 2007 which enabled its subscribers to
download various mobile banking service applications, credit card applications and
public transportation applications over the air onto a USIM card. Available from
http://www.sktelecom.com/
of both banks and mobile network operators, TSM could bridge multiple banks and
operators ensuring complete security of customer information.4
2. mobile
banking
Bank &
TSM
3Available from http://www.mobeyforum.org/Press-Documents/PressReleases/Research-Lays-Groundwork-for-Global-Mobile-Financial-ServicesStandards/Introducing-the-Mobey-Forum-White-Paper-Best-Practices-for-MobileFinancial-Services-Enrolment-Business-Model-Analysis
4 In South Korea, mobile network operators, mobile device manufacturers, banks
and credit card companies have been collaborating to launch NFC-based application
in 2010. Available from http://www.nfctimes.com/news/korean-telco-plans-nfccommercial-launch-2010
Mobile network
operator
1. purchase
3. make
payment
2. Mobile Payment
Mobile payment is a new and rapidly-adopting alternative payment method.
Instead of paying with cash, check or credit cards, customers can use a mobile
phone to pay for a wide range of services and digital or hard goods. Mobile
payment solutions could be categorized in many ways according to the type of
payment method or the technology adopted to implement the solution. There are
three different categories for mobile payment solutions on the basis of payment
method.
1. purchase by
mobile credit
Mobile network
operator
2. make
payment
deposit. Mobile electronic money has been used mainly for the payment of public
transportation system and other micro-payment.5
1. purchase
mobile e-money
Issuer of
mobile
2. purchase and
pay
Mobile network
operator
3. exchange
mobile e-money
5 In South Korea, T-money has been used for this purpose. It started with pre-paid
RF smartcard embedded with CPU to enable self-calculation for the payment at
public transportation such as bus, subway and taxi. T-money has enlarged its
services to all parking fees, tunnel fees and payment at convenient stores and has
also introduced new payment media enabling download T-money onto mobile
phone. Available from http://eng.t-money.co.kr/
In direct mobile billing service process, a payment gateway usually facilitates the
transfer of information between an online merchant and a mobile network
operator.6 If a customer purchase goods or uses services from a payment gatewayenabled merchant, the payment gateway transmits or receives transaction
information in electronic form between the customer and the mobile network
operator and then the mobile network operator charges the customers mobile
phone bill and executes the payment of the bill as proxy or mediate for the
merchant.
Unlike the credit card company, the mobile network operator does not execute the
payment for the merchant until the customer pays the mobile phone bill, and even
if the customer does not pay the bill, the mobile network operator is not bound to
pay the bill for the merchant.
6 South Korean company Danal Co., Ltd. is credited with being the first provider of
direct mobile billing service globally. The amount of bill charged through the direct
mobile billing service in South Korea in 2010 was about 2 billion USD. Danal has
established a company named BilltoMobile in the US to offer customers the ability
to safely charge online purchases to their mobile phone bill. BilltoMobile signed a
contract for direct mobile billing service with Verizon Wireless in May 2009 and with
AT&T in October 2010. Available from http://www.danal.co.kr/
1. purchase
3. make
payment
III.
A. Participants
Mobile finance has enabled companies from different industries to collaborate and
has been provided by various participants. Customers, merchants, mobile network
operators, financial institutions, issuers of mobile electronic money, payment
gateways and TSMs are main participants in the process of mobile finance. As
these participants have different interests, these participants may face conflicts
each other that require legal solutions. Especially regulating liabilities of
participants in case of unauthorized financial transaction is important.
Since the appearance of USIM-based application system, TSM has offered secure
delivery and activation of the mobile banking and payment applications by
establishing highly secure, encrypted connection between bank and TSM and
between TSM and mobile network operator. Considering the important role of
TSM, liability of TSM also needs to be discussed.
This Act categorizes issuers of electronic money, electronic funds transfer agency
and electronic payment settlement agency, that are not financial institutions, as
Electronic Financial Business Operator9 and imposes almost the same liability of
financial institution.
7 Electronic Financial Transaction Act of South Korea, article 1. South Korea also
enacted Information Technology Network Act which provides details on direct
mobile billing service.
8 Ibid., article 2.1.
9 Ibid., articles 2.4., 28.
This Act categorizes any operator of a payment gateway system and any person
who assists a financial institution or electronic financial business operator in
conducting electronic financial transactions or performs as proxy part of such
transactions for the sake of financial institutions or electronic financial business
operator as Subsidiary Electronic Financial Business Operator10 and imposes
indirect and exceptional liability.
South Korea also enacted the Framework Act on Electronic Commerce on July 1
1999 implementing provisions of the UNCITRAL Model Law on Electronic
commerce, and Electronic Financial Transaction Act of South Korea provides that
In this case, liability issues could be raised such as whether financial institutions
should bear all the risk from the loss, whether financial institutions are still liable
for the loss even in such cases where accidents were caused by the intention or
gross negligence of the customers, whether independent TSM, mobile network
19 Ibid., article 13.
20 Ibid., article 14(1)(2).
operator and issuers of mobile electronic money, that are not financial institutions,
are liable for the loss.
However, in reality, its almost impossible for customers to clarify whether error
was caused by financial institution or mobile network operator. It would be
desirable to make financial institution compensate customer for damage caused by
transaction errors arising in the course of electronically transmitting or processing
the conclusion of a transaction, and then allow financial institution to exercise right
4. Liability of TSM
Independent TSM, that is not financial institution, may be perceived as performing
finance-related business in accordance with the extent of involvement in mobile
banking service and mobile credit card service. Even though it would not be proper
to impose the same liability of financial institution to TSM, it would be desirable to
categorize TSM as subsidiary mobile financial business operator and impose duty
to indemnify to financial institution for loss caused by intention or negligence of
TSM, duty of good faith to ensure safe processing and duty to keep confidentiality.
business operator and impose them the same liability of financial institution in case
of unauthorized transaction.
6. Loss or Theft
In case of loss or theft of mobile devices equipped with mobile finance solutions, it
would be desirable to provide clearly when financial institutions become liable for
loss incurred due to the use of such mobile finance solutions by a third party. And
it would also be desirable to decide whether mobile electronic money needs to be
treated separately.
correct any error in such details and preserve them for the period determined by
Presidential Decree within the limit of five years.31
Any person who recognizes the existence of the matters falling under any of the
following subparagraphs in the course of conducting the business affairs relating
to electronic financial transactions shall neither provide or disclose such
information to any third party nor use it for any purpose other than his/her
business without consent of the user concerned.
1. The matters relating to the identity of the user;
2. The information or materials relating to the accounts, the means of access,
and the details and results of electronic financial transactions of the user.32
Any person who intends to perform the services referred to in each of the
following subparagraphs shall register himself/herself with the Financial Services
Commission:
1. Electronic funds transfer services;
2. Issuance and management of electronic debit payment means;
3. Issuance and management of electronic prepayment means;
4. Electronic payment settlement agency services;
5. Other electronic financial services determined by Presidential Decree.34
The Financial Supervisory Service shall supervise whether financial institutions
and electronic financial business operators abide by this Act or an order issued by
this Act, under the direction of the Financial Services Commission.35
IV.
Conclusion
Many mobile finance technologies and solutions had failed and discontinued and
only in Asia especially in South Korea, Japan, Singapore and Hong Kong mobile
finance has been fairly successful. This may have been the reason why until
recently there had been little interest in unifying the laws regulating the mobile
finance.
However the situation began to change when the USIM-based application came
into service. Immense potential to serve as a platform for various financial
transactions has enabled mobile devices to play an important role in the financial
33 Ibid., article 28(1).
34 Ibid., article 28(2).
35 Ibid., article 39(1).
Since its not clear whether the rules governing traditional financial transactions
would be applied to mobile finance in whole or in part, its right time for
UNCITRAL to make effort to prepare the legal guide on mobile finance exploring
all possible legal issues that would have to be faced in moving from traditional or
computer-based financial transaction to mobile financial transaction.
Its also necessary to set up a unified regulation on mobile finance defining the
various solutions of mobile finance to clarify which regulatory framework applies
to them. Furthermore, since mobile financial business operators or subsidiary
mobile financial business operators are not regulated by traditional regimes
applying to financial institutions, its desirable to consider setting up provisions on
qualification and supervision to treat them separately.
a parody. You can not create a domain name similar to another and make
fun of it, because it would not be evident that it was a joke until the user
actually reached the website.
Trademarks should not be used in meta-tags (the hidden keyword tags
on a web page), or in a pay-per click ad campaign. There have been
cases where this was considered infringement.
If you are looking for a Trademark Attorney, I recommend Lexero Law
Firm.
Domain Name Issues
Typosquatting - where a person registers a domain name similar to a real
domain name, but with a typo, in hopes that web surfers reach it by
accident. These sites are usually filled with paid advertising links that
generate revenue for the typosquatter, not to mention the web surfer has
been tricked into believing he is on the correct site. This diverts traffic
away from the intended site. Sometimes they are routed to a competitors
site or a pornographic site.
Cybersquatting - is when someone registers a domain name, in bad faith,
violating the rights of the trademark owner. They usually intend to extort
payment from the trademark owner, and they keep the names to sell later
to the highest bidder.
Pagejacking is when the offender copies part of an existing website, and
then puts it up on a different website to make it look like the original.
Pagejacking is used in phishing schemes, where the fake page gathers
account numbers, passwords, and personal information from the
unsuspecting user.
The Uniform Domain Name Dispute Resolution Policy (UDRP) is a
cost-effective and faster alternative to a lawsuit, when there is a domain
name dispute that needs to be resolved. This was set up by the Internet
Corporation for Assigned Names and Numbers (ICANN), the group
responsible for domain name registration.
If you are looking for a Domain Name Attorney, I recommend Lexero
Law Firm.
SPAM - and how to avoid it
Spam is accounted for around 80% of all U.S. email. 20% of U.S.
residents actually buy products from spammers, and this makes it
worthwhile for them to continue to harass us with unsolicited emails.
There are no laws to prohibit spamming, but there are laws to regulate
spam. There are also laws that prevent email harvesting (programs that
read through websites looking for email address to add to their
database). Many states require opt-in or opt-out options in the email.
There are laws that prohibit false headings and laws against spammers
that identify their message as coming from someone else. Trademark
and unfair competition laws have been used against a spammer whos
message reads that it is coming from someone else, and in one case a
man was sentenced to 3 years in prison and $16 million in fines.
Unfortunately it is very difficult to enforce the statewide spam laws
because a sender really has no way of knowing all the states he is
sending his spam to by the list of email addresses he has.
There are some things you can do to limit the spam you are getting.
Do Not Reply to Spam! Most times it just confirms they have reached a
valid email address and they'll continue to send junk to you.
Do not post your email address on your website - use a form that
doesn't display the email, or turn the email address into an image rather
then displayed as text.
Use a different email address if you must use one in news groups or
forums
Read Terms of Use and Privacy Statements. Don't randomly give out
your email address unless you know how it will be used.
Use a spam filter
Never, ever buy from a spammer - this encourages them
Cyber Crimes
Email Spoofing is changing the email header so it looks like its coming
from someone else. This is sadly easy to do. This is also used to try to
trick people into giving out personal information. This is illegal under
the CAN-SPAM Act. Click here to see examples.
Phishing is a scam where an official-looking email is sent to an
unsuspecting user to try to trick them out of their username, password,
or other information. They are usually directed to click onto a link that
goes to a fake (spoofed) version of a real organizations website. This is
called Pagejacking. The address bar can even be altered so it appears to
be the official website. If you ever get an email requesting that you
verify information by clicking on a link, you should insteadGO
DIRECTLY TO THEIR WEBSITE WITHOUT CLICKING ON THE
LINK, to verify it. Lately phishing is even occurring in instant message
who then creates a credit card to use on an ATM machine. Identity theft
is spreading on the internet, but surprisingly it is still safer to give out
your credit card number on the internet then to give it to an unknown
salesperson or waiter. 97% of all identity theft crimes are caused from
offline instances, not online. For instance, two places that identity
thieves get your information from are your mailbox, and your trash can.
Protect Yourself from Identity Theft
Cross-shed documents
Review your credit report twice a year
Be aware of billing cycles and put vacation holds on mail
Never reveal your Social Security number unless absolutely necessary
Don't carry seldom used credit cards or unnecessary id's
Be aware that identity stealers are not always strangers
Don't give out personal information over the phone, mail or posts on
the internet
Take out the hard drive from a computer and destroy it before
discarding. Even if deleted, personal information can still be recovered
from a computer's hard drive
For more information on identity theft: www.justice.gov
The Fair Housing Act states that you can not discriminate on the basis of
race, gender, family status, religion, and national origin. Now that there
are many internet postings for rentals by third parties, the question is
being raised if the same rules apply to internet postings and who should
be held responsible. The safe harbor provisions of 230 have protected
these types of websites from libel or copyright infringement liability
provided they remove offending posts when they are notified of the
posts. The few times it has been brought up, it was settled out of court
and it was agreed to comply with the Fair Housing Act Policy and
remove the offending posts.
The USA PATRIOT Act was enacted in response to the September 11th
attack in 2001. This act allows electronic messages to be intercepted if it
is believed to be of terrorist or criminal activity. It also allows for the
retrieval of Internet Service Providers information without going
through a court order.
Online Gambling is prohibited or regulated in most states. Many
gambling websites originate outside of the country though, and are
impossible to shut down. The big worry with online gambling is that
minors have access and it enables the pathological gamblers. To try to
control this spreading problem, the Unlawful Internet Gambling
Enforcement Act was signed into law and makes it illegal for credit card
companies, online payment systems, and banks to process payment to
online gambling companies. There have also been instances where
online casinos and gambling websites owners have been caught in the
U.S. and charged with racketeering and mail fraud.
Free Speech and the Internet
The first amendment to the U.S. Constitution guarantees the right to free
speech. But there are instances when that can provoke a lawsuit. The
four main causes of action against speech on the internet is:
Defamation: "A published intentional false communication that injures a
person or company's reputation"
Breach of Contract: If an employee signs a confidentiality agreement
and then posts information about products, sales, management, other
employees, or rumors, than he may have breached his confidence and
trust to the company and be held in Breach of Contract.
Tortious Interference with Business: To file tortious interference there
must be an existing contract or business relationship, intentional
interference between the company and the business relationship, an
effect caused by the action, and damage as a result to the action
Hate speech is protected under the first amendment in the U.S. except
when hate speech crosses into threats and intimidation, racial slurs, or
racial hostility. Hate speech is prohibited in most other countries.
Unfortunately the U.S. has become a safe harbor for hate group
websites. Civil lawsuits are a powerful remedy that can financially
cripple a hate group organization.
Communism and the Internet
Web speech under Communism is difficult to control. Communist China
government has 11 agencies overseeing Internet use. They have taken
actions to block certain keyword searches and websites, they keep
records of users and the web pages they visit. There is video cameras
and high tech software in the internet cafs and bars to prevent
customers from viewing the 'forbidden' sites. A user must enter an id
number in order to use an internet cafe computer. A blogger is required
to sign up under his or her real name, although they can write under a
pseudonym. Examples of banned websites are: a pornographic site, a
superstitious site, or websites that criticize government or the
Communist Party. Dozens of people have been sent to prison for posting
or downloading from such sites.