Three regulations where Mexico got ahead of the USA, just FYI…

Card&Phone - CopyThe position of the United States at the vanguard of fields such as finance and technology may lend itself to create the impression that its legal framework is as progressive as its companies in those lines of business. However that’s not always the case; following are three instances where Mexico actually moved ahead of the USA, regulation-wise:

  • Mexico created an agency mandated to protect users of financial services in instances where their purveyors of financial services were not compliant with the law.

Following the financial meltdown nearly 20 years ago interest rates for financial products, whether credit cards, car loans or mortgages, skyrocketed in Mexico; people were unable to comply with their financial commitments and lost their homes, had their cars repossessed or their assets garnished. Of course this prompted widespread protests, and many politicians reaped dividends by demonizing financial institutions, but the national conversation on those issues brought about the creation of an “Ombudsman” in the financial services industry: the National Commission for the Protection and Defense of Users of Financial Services (CONDUSEF as per its acronym in Spanish).

This agency has faced many challenges, and still does; mainly its “teeth” are not sharp enough, its last three Chairs have steered it more towards facilitating financial education and information to the public. For instance, it recently instituted a Financial Institution Rating Website, where users can check for information on how the banks to which they would apply for credit rate relative to each other compliance-wise, sort of in the same way those institutions can assess applicants based on their credit rating.

Apparently such legislative developments are only brought about by widespread financial turmoil: conversely the United Stated created its financial services Ombudsman, the Bureau of Consumer Financial Protection (CFPB) after the Dodd–Frank Wall Street Reform and Consumer Protection Act was passed in 2010, and began working until 2011 following heated debates over President Obama’s proposal to appoint Harvard Law Professor Elizabeth Warren, who first proposed one such agency, to Chair it.

In sum, Mexico has been over a decade ahead of the United States as concerns the enforcement of financial regulations relative to the public.

  • Banks in Mexico are obligated to issue credit cards which are safer than those issues by banks in the USA. Bank cards the world over are made following ISO 7810 and ISO 7813 standards; that’s how come it’s possible for your card to be swiped at point-of-sale terminals and work in ATMs the world over. Those standards cover aspects such as toxicity of materials, flammability, stiffness (how much the card should bend), how characters (your name, the issuer’s identification number) are embossed onto it, their magnetic stripes, integrated circuits and the track data in them, etc.

Disclosures on data breaches at large retailers such as Target, last year, and more recently The Home Depot, have put credit card and point-of-sale terminal technology on the spotlight. In addition to apparent negligence in implementing security controls, one rather large issue is also the common denominator: that bank cards issued by banks in the United States still rely on magnetic stripes for the storage of data that authenticates the transaction, and that is easily copied or stolen by thieves or hackers. As WIRED Magazine explains in a recent piece:

The fatal problem with the credit card magstripe is that it’s only a container for unchanging, static data. And if static data is compromised anywhere in the processing chain, it can be passed around, copied, bought and sold at will.

Now, after resisting it for 10 years because of the formidable transition costs, the US is about to finally embrace the secure chip-based authentication system called EMV—the standard was pioneered by Europay, MasterCard, and Visa—that the rest of the world has already adopted. Pushed by mounting fraud costs, credit card companies have crafted incentives for merchants to switch to the sophisticated readers needed to accept the cards.

While the New York Times piece in the link above on the Target breach underscores that “The new debit and credit card technology, called chip and PIN, is widely used in Europe and considered to be far more secure than most cards used in the United States, which rely on magnetic strips,” it should be noted that Mexico’s National Banking and Securities Commission has steered banks towards substituting magnetic stripe with integrated circuits for over 4.8 years now: as per its General Provisions Applicable to Credit Institutions that approve transactions made without the use of integrated circuits, whether in ATMS or point-of-sale terminals are bound to agree with their Users (in their respective service agreements) that they (the banks) shall undertake the risks, and therefore the costs, of transactions disavowed by said Users when using such cards, and that the claims from such transactions shall be credited to those Users, at the latest, 48 hours after the filing of the respective claim.

The flip side is that the banks are allowed by regulation to regard the information in such integrated circuits as a Category-3 Authentication Factor for transactions made through ATMs and POS terminals, which obtain the cards’ information through such circuits; that is to say, transactions which require for the card with the circuit to have been present in the moment of the transaction. At that point one could assume that the situation would be no different from one in which a card with a magstripe were involved; however the key here is that information in the circuits is not static and is encrypted, so that even if it had been copied during one transaction it still could not be used for others afterwards.

So to that regard Mexico will have been a good 5 years ahead of the United States in credit card security by the time the US transitions from magstripe cards to cards with integrated circuits.

  • Mexico passed regulations making unlocking of mobile phones legal before the USA did.

For years now mobile carriers have entrenched themselves by offering handsets which price is bundled with the fee for their service plans; but once the mandatory term for the plan is over the user is faced with the choice between continuing to cope with her former carrier, usually upgrading to a newer (and hopefully) better handset (which Apple facilitates a lot by releasing a new iPhone every year and a half or so), or moving onto another carrier and having to procure another handset from it, as the old one would only work in the network of the previous carrier. That is evidently a pain and unfair to consumers; after all, one the term for the plan is over and done, the handset has been paid for (often in excess), so the user ought to be able to keep using it, even with a competitor of the carrier.

For sure “jailbeaking” has been possible for awhile now, and even ruled by the Copyright Office of the United States to be an exception to the Digital Millennium Copyright Act (the DMCA). but it is not without risk, as it may impair you from access to essential updates or applications, and removing the protections originally put in place by the developer can put the device and information contained in it at significant risk. However unlocking your device is an entirely different proposition.

Acknowledging a basic right of consumers, Mexico’s Ministry of Economy passed on August 28th, 2012, Mexican Official Norm NOM-184-SCFI-2012, an administrative regulation whereby carriers are under obligation to inform if the handset provided to the consumer is blocked to only be used in its network, and how it can be unlocked, at no additional cost, to be used on other networks once the consumer has acquired title to the handset, whether for the mandatory term of the service agreement having lapsed or having paid for it in full. For sure, as in many other instances, at the outset and notwithstanding there were hurdles to overcome in getting a device unlocked, such as alleged ignorance or misinformation at service centers.

Conversely, it wasn’t until after a long time of public comment and the EFF’s activism that this year President Obama signed into law the “Unlocking Consumer Choice and Wireless Competition Act“, which affords users the right to have their handsets unlocked to be further used on another carrier’s network.

Overall, at least in these three items Mexico moved way ahead of the United States.

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

Compliance Report

Compliance and Ethics Powered by The Red Flag Group

TechCrunch

Startup and Technology News

Xavier Ribas

Derecho de las TIC Corporate Compliance

mkaz.com

Marcus Kazmierczak

Take To Task

Analyzing the Nonsense

Business & Money

The latest news and commentary on the economy, the markets, and business

CIDE-Comunicación

Canal de difusión con los medios.

Martha Salamanca Docente

Blog de TICs, Redes Sociales y Multimedia Educativo

Devil's Advocate Crib

Just another WordPress.com site