The Federal Trade Commission in late December announced a proposed agreement with Mastercard regarding tokenization security practices that merchants claimed violated the Durbin Amendment to the Dodd-Frank Act. During a tokenized transaction, a unique cryptogram (“token”) is substituted for a customer’s debit card account number during certain parts of the transaction. This technology is consistent with the security goal of minimizing the exchange of static account data wherever possible. FTC alleged that Mastercard’s tokenization practices prevented merchants from fully exercising their Durbin Amendment debit card routing choice during online or e-wallet purchases.
According to the FTC’s order, “when a competing network receives a token to process a debit card payment, Mastercard is required to provide them with the customer’s personal account number that corresponds to the token.” In a tweet, FTC Chair Lina Khan connected the proposed tokenization agreement to card acceptance fees, claiming that “Mastercard’s unlawful conduct deprived both businesses and customers of the lower prices and greater innovation that fair competition delivers. CFPB Director Rohit Chopra also appeared to endorse this view by the FTC via Twitter.
The American Bankers Association has consistently argued that card payments save merchants money and keep prices low, and that consumers do not bear these reasonable costs paid by merchants to card-issuing banks and payments networks. In comments to the Federal Reserve, ABA and other trade groups argued against using the Durbin Amendment’s routing provision as an open-ended justification for technology mandates.
“The Durbin Amendment did not entitle merchants to obtain all payments technologies that have been invented or may be invented at any point in the future regardless of their freely made choices in the market,” the trade groups said in an August 2021 letter to the Fed. The commission will accept feedback on the proposed agreement during a 30-day public comment period.