International


Those that are familiar with this blog may have heard it said more than once that the United States lags far behind Europe with respect to the protection of consumer information.  The European Union, in fact, has been operating under the penumbra of the European Directive on Data Protection for 15 years.  The EU actually recognizes the protection of personal data as a fundamental human right.   That is a far cry from the legislative activities surrounding data privacy in the United States.  The US has traditionally take piecemeal approach to data protection, often leaving the regulation of data privacy and security to the states, and in some cases to individual industries.  Given the political culture of the United States, such an approach is not terribly surprising.  However, the rapid advancement of technologies has perhaps been enough to spur the federal legislature into evaluating the lessons of the EU directive to see if, or how, similar regulation might work in the US.

On Friday, Sept 16th, the House Energy & Commerce Committee’s Commerce Subcommittee will be holding hearings on the issue of privacy, and specifically the impact of the EU regulations.  In Rep. Bono-Mack’s published opening comments, she states “The purpose of the Directive is to harmonize differing national legislation on data privacy  protections within the European Union, while preventing the flow of personal information to  countries that – in the opinion of EU regulators – lack sufficient privacy protections.”  She goes on to discuss the large number of unintended consequences of the regulatory regime.  To be fair, unintended consequences are almost always found the in wake of new legislation, particularly such sweeping legislation as the EU Directive on Data Protection.  It should be noted, though, that with 15 years of implementation history and lessons, the US should be able to draw sufficient parallels without also reaping the same number of “unintended consequences.”

In looking at the purpose of the directive one can immediately see the attraction of such a regime in the US.  As stated by Rep. Bono-Mack, the purpose is to “harmonize differing … legislation on data privacy…”  In looking at the domestic regulatory landscape surrounding data privacy and protection, it is difficult to conclude that some “harmonizing” would not benefit both businesses and consumers.  As of this writing, more than 45 states have data breach notification laws.  While there are some major commonalitites to these laws, there are also significant variations.  There are differing definitions of “personally identifiable information,” “breach,”  “trigger,” and other critical terms.  Some states include data security protections in those laws, while others have separate laws for data security, and still others have no laws regarding data protection and security.  The situation becomes even more confusing when one considers the federal legislation impacting privacy and security (FERPA, HIPAA/HITEC, GLBA, SOX, etc) and industry self-regulating programs.

While there are some concerns that tomorrow’s hearing is too slanted towards industry, ignoring or downplaying the concerns of consumers, I believe that it is a positive step. Bill McGevern, professor of law at University of Minnesota does bring up an interesting point, though.  That is the different conceptions of data privacy between the US and Europe.  According to McGevern, Europeans think of privacy as a fundamental human right, while Americans (and particularly American businesses) conceive of privacy as a market force with which they have to deal.  That being said,  this author does believe that it is possible to create a European-style privacy directive that accounts for American sensibilities.

Dr. Heather Mark, PhD; SVP of Market Strategy

We live in global America–American business must compete internationally. Consumers have more options and expect better service than they did just 5 years ago. Consumers want to purchase products online in their local currency. Companies must deal with the complexities that come with international banking and foreign exchange—whether they realize it or not.

US companies selling online, only in U.S. dollars, through a U.S. based merchant account need to realize that if they have any type of a “cost plus” pricing model–they will be passed along additional international transaction fees. These fees will be found in the fine print of the easy to understand monthly billing statement (J).

Whether the company is paying FX fees and taking on FX risk or pushing that on to their customers—the company has FX risk. As the FX fluctuates and fees are assessed, the “rational consumer” will gravitate to the better service and value. Customer retention and satisfaction is impacted 30 days after a purchase when the customer is reviewing their credit card statement and contemplating another purchase–customers do learn and in today’s economy they don’t mind vocalizing what they like and don’t like.

Consumers are just starting to understand international purchasing. International transaction fees can be charged to them by the merchant, ATM owner, or the bank that issued their card. Foreign transaction fees are generally between 2-3 percent of the purchase amount. The actual charge on the consumer’s card is not determined until the posting date–which could be up to 10 days after the actual transaction.

Businesses have three commonly used options:

1)      Sell only in USD and not cater to the international customer: This alienates international customers and brings about negative customer satisfaction. Customers take on the FX risk and the extra 2-3% on each transaction.

 2)      Get an international merchant account and sell in local currency: Best solution for the cardholder but this does requires an international entity to be established under card brand rules by the owner of the merchant account–which adds business complexities. 

 3)      Sell through the USD merchant account but price the website in consumer’s local currency: Funds can be authorized in the consumer’s local currency but must be settled through the USD based business merchant account—thus the business would have the FX risk and associated exchange fees (around 2-3%). Depending on risk tolerance, the business can utilize services to hedge their FX transactional exposure. Companies should also note, that some card issuing banks will charge the cardholder an international card usage fee.

As businesses expand, especially online, companies may extend their reach to international customers.  Modern technology enables companies to have customers half a world away.  However, that same technology can mask the identity of criminals.  Here are a few things to watch for when conducting international transactions.

A business’s potential for loss increases substantially when processing payments from international customers because it does not have the same protections as when products are sold to domestic buyers.  If there is a dispute, the company may find it hard to prove that products were delivered or that authorization to charge the card was given.  Without taking some precautions, a company may lose the products and the money.

Be aware of some common indicators of potential fraud:

  • The order is for a large number of the same item.
  • The transaction is for an unusually large amount.
  • The person says it is his or her credit card, but wants the product shipped overseas to a friend or family member.
  • The buyer is unwilling to provide you with additional contact information.
  • The buyer is very anxious for their order to be processed.

What can a company do to protect itself?

  • Gather as much information as possible (name, address, phone number, etc…).
  • Collect the card security code (eg. CVV2 or CID) to verify the payment.
  • Obtain a signed invoice/authorization from the cardholder.
  • Require a delivery confirmation signature when the product is received.

If there is anything suspicious about a particular transaction, you may choose to obtain additional verification from the cardholder, or to simply not process the card.  Merchants are more likely to win transaction disputes when they have well-documented transactions.  The ability to sell internationally can be a great way to grow a business, but these procedures will help ensure that growth is stable.

Tanner Olsen