| BANKING AND INSURANCE PRODUCTS | |
| Dicta | |
Pro a complete regulation of the new technologies
for the consumers, and security and fraud problems. INTRODUCTION At the current moment, we were in which the sociologists have denominated the era of "Information Society ", where, the use of the new technologies for the execution of commercial transactions by electronic means is more and more habitual, dispensing with the traditional use of paper printed documents. This way we have evolved from the traditional payment in cash or by means of an exchange document, to modern means of payment, like the electronic one, which progressively have been reaching greater relevance. These new commercial products have allowed reaching a greater speed in the financial operations and simultaneously an important cost diminution, which has had repercussions in the benefit of the industrialists as well as of the consumer purchaser. Evolution that in addition it is possible to say that in the European Union it is being considered very positively, since evidently this form of global commerce contributes clearly to integrate the so pursued European single market. On the other hand, negatively we have found up that the use of these new technologies in the commercial transactions has generated great disadvantages from the legal point of view, because among other circumstances, it seems that its sudden growth caught the shift European and national legislators unawares, who initially did not understand that the specific characteristics of the new commercial system required the creation of a new specific norm that regulated it, because the assimilation to the legislation of the traditional businesses already regulated was not sufficient. In addition, in this case, recently it was also necessary that that new regulation knew how to protect non only the consuming user, but even also in many aspects to the own industrialist, because the practice has demonstrated that both are as facing to clear the situation of danger against unscrupulous third parties unconnected to the business, that sometimes with the objective of profit (cybernetic delinquents) and others simply with merely destructive spirit (virus, worms, destructive programs, swindlers, etc.) that make threaten the system. And the fact is that all the implicated ones agree in the following: for an optimal development of the electronic commerce is mainly precise to obtain a total confidence of the users, and when we spoke of users we refer in this way to industrialists as well as to consumers, because both must be able to trust that their transactions will not be intercepted, modified, nor used for other aims by third parties outside the performed business. In order to do this, it is absolutely necessary that used technical means were trustworthy and safe. In this point the experts agree that in what is referred to technical solutions, there are currently means and technologies that if were adopted by suppliers would fulfil such requirements with guarantee, being its consumers misuse the only thing that in any case would make them vulnerable (for example, a clear case is when the "swindler" sends an electronic mail to the user to being made happen through its bank and requesting his/her bank account to him/her in the electronic banking). This defect can solely be corrected through an extensive and conscientious campaign of information to the users not only about their rights, but also about how it must act, that is to say what they would be in a certain way their duties (following with the previous example, the user must be aware that he /she does not have to give his/her keys to anybody). Nevertheless, even considering this dual necessity of consumer & industrialist protection, either we cannot forget that from both, consumer will always be more unprotected, by simple fact that he/she is indeed in the distance contracts where the weakest party (the consumer) still becomes more vulnerable due indeed to the fact that he / she cannot even count on the physical and immediate presence of the supplier - industrialist during the relation that joins them, nor to count either on a physical examination of the product before its acquisition. This way, neither in the hiring, nor in the execution of the contract and, which is more problematic, either in the phase of divergence claims in the service performed, the consumer does not count on the chance of acceding to the supplier and product in a fast, cheap and simple way. Due to that, the consumer needs to count on still higher protection than in any other situations, above all if we take into account the facility with, in spite of the distance already mentioned, the consumer can get bound in this type of contracting, and over all the danger to be manipulated by the supplier through a deceptive presentation of the product; and all it without counting on the special risk that, because of so repeated distance, that payment means suppose, and specially the fraudulent use of credit cards, that at the moment is the most used mean of payment. Due to all these reasons, next, we are going to analyse mainly, between other questions, the problematical ones, that in this scope the consumers - users are facing to, in order to develop simultaneously diverse proposals of regulative evolution to achieve the homogenisation and improvement of European legislation, that were as most profitable as possible for European consumers. This is to be done with a special attention to the financial consumption scope, that due to its non-physical nature, is particularly suitable for its distance contracting, and with greater reasons needs the establishment of a juridical framework applying to the distance marketing that manages to increase the European consumer confidence (consumer as well as financial institutions) in the new techniques of distance marketing of financial services, such as the electronic commerce. II. - ANALYSIS As it has been commented previously, the tremendous evolution aroused in respect with electronic commerce and means of payment, is forcing to think about the problematical juridical aspects that do not exist in the conventional marketing methods. Questions as validity and effectiveness of electronic transactions, the issue related to the improvement of the contract, accredited by electronic means and the proof of it, as well as the liabilities delimitation between the parties that intervene, the applicable Law and the competent Jurisdiction in case of a litigation would arise, or the necessity to confer effectiveness to electronic signatures, imply some risks that can restrain consumers and companies to utilise this new marketing modality. All these questions move on to the existence of a deep mistrust of users through this contracting form that should be intended to solve progressively. These concerns can increase as the people that habit in different member states intervene in the commercial transactions, on the occasion of system global accessibility. - Necessity of Regulating Rules Evolution: One of the main keys that encourage this insecurity has been the erroneous legislative policy that has been followed at an EU level as well as at the member states level. Specifically, the main mistakes made when legislating about this issue have been, firstly, to think that all these juridical problems could be resolved by means of a simple analogue application of the existing legislation in every State, without creating a specific regulation; and secondly, when in spite of finally this necessity of specific regulation was understood, mistakenly it was chosen to create too much flexible rules that lack forcefulness, through simple Codes of Practice or Recommendations, and also with Directives with a weak character. Nevertheless, time has give reason to people, such as ADICAE, INKA, etc, who from the very first moment pleaded for the creation of a specific regulation of a European scope, with the highest possible rank and with the settlement of coercive and sanctionative measures that guaranteed its fulfilment; even more when in this context of distance contracting, a great part of the EU Member States (such as Italy and Germany), have taken a long time to develop the Community regulations and in also, when they have done it, they have almost transcribed literally to their legal systems what these European regulations indicated, without hardly adding anything new that contributed to improve the difficult situation of the European consumer. So for example, the issues referring to the distance contracting of financial services, are not regulated by the generic Directive that relates to consumers protection regarding distance contracts (Directive 97/7/EU), but by the recent Directive relating to the distance marketing of financial services aimed to consumers (Directive 2002/65/EU), and by other groups of regulations. We believe that the elements referring to consumer responsibility in case of fraudulent or erroneous payment with means different to cash, in particular with cards payments, that is currently regulated though a mere Recommendation (Recommendation 97/489/UE of the Commission, of 30th July 1997), have to be elevated to the status of Directive. And the same has to be done with the European regulation about cross border payments (Regulation (EC) No 2560/2001 of the European Parliament and of the Council of 19 December 2001), because both regulations are being systematically ignored by the financial institutions due to the inexistence of any type of coercive or sanctionative measures that punishes their non-fulfilment. With this purpose, many times it has been talked about the creation
a true administrative sanctionative regulation that helps coercively
to encourage the fulfilment of the existing regulation, and therefore
the security in distance business; but we understand that this is
not enough. It is also necessary to unify and modify the penal regulation
in the scope of the EU Member States to punish determined behaviours
that have the nature of real penal offence and that until now, due
to the fact that those behaviours have not been legislated specifically
for their repression, the assimilation to other offences, that were
already legislated in the states legal systems, through analogue
application has been used disproportionately. This fact has involved
a juridical insecurity and even the loss of preventing coercive
force that this implies, as the delinquent, when he / she does not
see this behaviour legislated in a penal way, many times tends to
think that the punishing sanction does not exist. - Applicable Competence and Legislation: the facilities that the Internet and other telemathic networks provide to electronic commerce due to their universal accessibility at reduced costs, make that cross-border commercial transactions were more and more frequent, and then, that consequently the possibilities that different legislations were involved in the contracting that are carried out with the juridical consequences in questions of judicial competence and applicable law that this involves. Regarding the electronic commerce between companies and consumer (Business to Consumer), the Directive 2000/31/CE about electronic commerce, in a clear mistake, does not settle any additional regulations to the International Private Law that already exists. In this way, when a Member State Court is presented a lawsuit, it should determine if it is in its competence, and which is the applicable law to the obligations, according with the private international law regulations that are in force in its State (internal law and International Agreements). This involves the obvious complication that supposes to transfer to the virtual world of Internet; the criteria of connection traditionally utilised for the regulations of international conflict in the contracting subject. Mainly, the omnipresent Agreements of Rome and Brussels that by reason of their application, only the denominate “passive consumer” (for example, who, even receiving publicity from a foreign web, he / she receives it in his / her own language), will count on the protection of his /her legal system; and on the contrary, the denominated “active consumer”, (for example, that consumer that on his / her own initiative, contacts a foreign web in order to purchase a product, being it also in a language different from his / hers), will not be able to invoke the protection of his / her national regulation. In our opinion, such a malfunction of the international regulation of competence and applicable law, could have been easily corrected by the European regulation, and in this way, in the scope of the States of the European Union, the competence protection and the consumer code of laws should have been extended to all type of consumers, independently of the way in which the contracting has been done (active or passive), because that is really the only interpretation that accords to the principles of the European single market and consumer protection. Redefinition of the concept of “Consumer”. Very much in relation with the former points, another important step should be done in the regulative evolution that is the enlargement of the field of protection of the consumption rules to people that though really perform as consumers, the current legislation does not protect them as it does not consider that the are consumers. The solution to this problem pass to redefine legally a European regulation level the concept of “Consumer” (currently defined as “every physical person, that in the distance contracts, behaves with a purpose alien to his /her commercial or professional activity”). And in this sense, a good solution is the one that advocates the prestigious Spanish jurist Calvo Caravaca, of defining consumer simply as “the weakest contracting party”, of a juridical business, that would open the framework of possibilities of inclusion of protection to determined collectives who when operating with large companies, though the concurrence of a small note of professionalism, they are for any purpose, equally consumers, and therefore, needing protection. Other excellent solution to that conceptual unaccuracy, is the carried out by the Greek legislation, that in the transposition of the European Directives to the internal national law (Law 2251/19994, about consumer protection), settles a concept of “consumer”, much wider that the set by the European regulation, as considering consumer as the “final user” of the product or service, with total independence of the fact that the transaction had a professional nature or not . This interpretative note has a great importance in aspects such as the competence, where this small element of professionalism can derive in the following; the purchaser is applied the competence and regulation of the Origin State of the supplying company, with the immense difficulties and problems that this involves. Nevertheless, though exceptions such as the Greek one, the reality is that most of the national regulations, far from rectifying such a legislative mistake, have even increased it. So for example, the Spanish law of electronic commerce (Law 34/2002, 11th July), without pointing out any type of exception or concurrent circumstance, indicates that “the electronic contracting between business and professionals, by default of agreement of the parties, will be supposed to have been held in the place where the services supplier were established. - Electronic Commerce Security Encouragement: As we have said reiteratively, one of the critical factors for the regular development of the electronic commerce is the state of being capable to guarantee some level of sufficient safety and provide to the parties (consumers or business), the confidence needed to perform transactions through electronic procedures, since it is obvious that this new kind of commerce presents, with respect to the traditional one, many specific aspects that have caused the concern about its security, comprising not only technological aspects but also juridical aspects: the absence of physical contact between the parties, the absence of documentary physical support that proves the consent of the parties and the agreements contents, the danger of using open networks… As we indicated, experts agree about that currently, there are technical means to achieve that security (and this without the need of the arrival of the denominated “chip technology”, whose use in the near future will guarantee much more security), therefore, what remains is to achieve that such means were founded by suppliers and to make users aware of the convenience that they uniquely would carry out their transactions through the said safe suppliers. As the initial step, in order to achieve these aims we believe that it would be interesting to create and regulate a Special Register of European Secure Servers” and utilising this register, an official certificate issued by the competent European administration would be added to the digital certificates that currently are been issued by private Companies. In the said certificate, given the sector importance, a specific section would have to be created only for European financial institutions, which should be demanded the compulsoriness to obtain such certificate to operate in the European market. The companies that wish to obtain the mentioned certificate should be demanded special security technical measures in order to operate. Among others, the compulsory utilisation of “payment gateways” to make in cash the payments of commercial transactions. Though regarding to this, previously it is unavoidable and urgent to regulate precisely their commissions, currently very high (around 4% of the total amount of the operation), until the equalisation with the commissions of the cards in physical shops. In this sense, we should add that with a general character it is absolutely necessary to achieve the non-discrimination of the payment cost of a service or product, depending on the mean of payment chosen by the consumer. Another measure related to security that should be demanded with a compulsory character to all the companies that operate in the sector is the utilisation of some security protocol that encrypts data for nobody to access them (a good beginning is the current SET and SSI protocols, emphasising above all the first one because its great security). To obtain the administrative certificate, such technical measures of security will have to be previously examined by experts assigned by the European administration, in charge of the register control, who will have to validate their security as sufficient, and afterwards continue the job by supervising them with the purpose of guarantee that they keep on fulfilling the requirements, and otherwise, to sanction them with the loss of their certificate, and in case of the financial institutions, even with economic sanctions and the withdrawal of the electronic commerce. But as we are saying, all these measures would lose their effectiveness if they do not enclose an intense campaign of information targeted to users with the objective of informing them about how they can identify the secure (certified) pages and about the negative consequences that could have the fact of negotiating through the pages that are lacking such official certificate. At the same time, it is also precise that an exhaustive administration were carried out by the administration side, to try that the cost of the adoption of all these security measures does not finish at the end having repercussions on users. Encouragement of the Digital Signature utilisation: in intrinsic relationship with the search of higher security, we have found that in the context of electronic contracting, one of the greatest pursued challenges has been to achieve an alternative mechanism that were useful to replace the traditional manuscript signature, fulfilling the same functions than this one: to ensure the identity of the contracting parties and to bind them to the contents of the contract with an unequivocal sample of the willing to contract. The solution to this problem has been found doubtless in the “electronic signature”, that is created utilising a system of asymmetrical cryptography or of a public key, and that proves that not only is bound to the signing party, but also that the contents of the signed message is authenticated and that has not been object of any alteration. Nevertheless, the utility of the electronic signature has a means of authentication, is conditioned to the possibility to guarantee the receptor the authentication of the key that has used to verify the signature, since only if that verification is obtained, the business or the particular user will be able to trust in the transaction. This necessity of verification has involved the arrival of the Certification Authorities or the Certification Services Suppliers, that at a European level legally has been tried to be regulated through the Directive 1999/93/EU, of 13th December 1999, that establishes a Community framework to electronic signature. But to our understanding, this directive results in general too much weak and generical, because between other things, it expressly prohibits the Member States from conditioning the certification services facilitating to the obtention of a previous authorisation. We believe that this is a mistake, since in this way the enormous importance that the electronic signature has in the distance contracting is ignored, being the legally requirements demanded by the mentioned Directive for the certification services suppliers that issue acknowledged certificate (Annex II), that in our opinion, are too much generical and wide. To our understanding, the importance of the electronic signature is so high (in many cases is going to replace the National Identity Document), that we think that the Electronic Signature Certification should be conferred and controlled by the administration of every Member State, but by mere private companies. On the other hand, the utilisation of these digital certificates
have to be encouraged between the users, to the point that we believe
that even the compulsoriness of it use should be legally established
in all the business made by an electronic way, and if it is not
in the possession of the business, the consumer would be able to
revoke the contract with an integer repayment of the paid amounts,
setting also a subsidiary liability of the financial institution
that is ordering the payment, who obviously should demand such document
to the supplier before making it effective. This would be very interesting
in payments by card of by direct debit, and, although the data were
intercepted by third parties, these could not act, since the financial
institution would never pay without the previous presentation of
the digital signature, as if it did it, it would run the risk to
guarantee with its own goods. This second way is involving important legal problems by what supposes the non-demanded sending of a great number of messages with a commercial nature, for whose solution we believe that the prohibition of sending commercial communications non demanded previously or not authorised expressly should be established categorically, and over all the imposition of exemplary administrative sanctions (and even penal sanctions if this massive sending had the objective of overflowing users. In the same direction, it is precise that in a conclusive the liability of services renders that facilitates links to other contents in the Internet or include in their websites or searching contents engines (links or banners), information that were illicit or damage the rights or goods of a third. The denominated “cookies” (data blocks that some webpages send to user computers at the moment that they access the webpage and that remain at the hard disk of the user computer), are not expressly regulated until the current moment, even although they allow to identify the physical persons, and also to make a user personal profile, carrying out a collection of the personal details of the user. On these assumptions, it would be advisable that the following legal compulsoriness were imposed, even through the webpage itself: informing the user about its use and scope in relation to the kind of personal details and obtaining his / her express consent. - Participation of consumers in the mechanism of distance contracting. Until the current date, consumer’s participation in the systems of distance marketing control is almost inexistent. We believe that this deficit has to be settled offering the European consumer to participate through their Associations in the distance marketing mechanisms control systems, which could not be difficult, given the current advantages and technological means. Especially, we consider essential the permanent presence of the European Consumers Associations in the “EPC” (European Payments Council), in the “Electronic Signature Council” and in researching and development projects of the security systems as the “IPR-Helpdesk”. Compulsory information to the user. It is very positive the compulsoriness legally established regarding the user right to previous information, by which the services render has the obligation to inform the user in a clear, understandable and unequivocal way before the receptor begins the contracting proceedings of determined minimum aspects listed in different European regulations, and that other legislations as the Spanish one have developed even in a wider extent, incorporating also some very positive measures such as the “a posteriori” sending of a confirmation of the deliver reception by an electronic mail, or a authenticated message in the next 24 hours that follow the acceptance reception; issues that we understand that they should be incorporated at a European level in order to be compulsory in all the context of the European Commission, not only in distance contracts relating to goods and services with a general character, but also in the ones that correspond to financial services. On the other side, we think that the European legislation has to forced the compulsories of translating to the different EU official languages the basic data to contract any financial service and from this previous information when they were offered in many member states, so that they do not become an insurmountable problem to the consumer that wish to purchase financial products, having to set as an imperative rule, not being enough the translation to the language that both parties agreed, because such a pact could be imposed in reality by the supplier with the consequent detriment of the consumer. - Reflection Period. The Directive 2002/65/CE, related to the distance marketing of financial services aimed to consumer, recognise a reflection right to consumer, before the contract is made with the supplier. So, this has to transmit the consumer, in writing or in a durable support that collects all the contracting conditions. The reflection period will have 14 days, in which the contracting conditions will keep on being valid. Nevertheless the parties will be able to agree a longer duration. - Right to Withdraw: one of the positive issues with more importance from all the legislation that is in force, and relates to the contracting referring to financial services is the one that refers to the Right to Withdraw, imposed by the so mentioned Directive 2002/65/UE, concerning the distance marketing of consumer financial services, that recognises the consumer right to have at his / her disposal a period of 14 days to withdraw the distance contract, without needing to indicate the motivations and without any penalisation. A period that can be enlarged to 30 days in case of contracts regarding life insurance and personal retirement. As we say this is a incorporation of regulations enormously positive for the European consumer, if not because the Directive itself already establish certain understandable limitations with respect to determined contract to which excludes from its application (sec.6.2), remaining restricted in such a way the performed legislative improvement, more it we take into account that it also establishes for the member states the possibility of stating that the right to withdraw would not be applied to so important financial contracts such as the loans focused on the acquisition, maintenance and improvements of real properties or guaranteed credits. (sec. 6.3). On the other hand, to our understanding, to achieve greater simplicity and security in favour of consumers, we think that it is precise to increase the 14 days and unifying all the periods in 30 days, and in any case, it should always be talked about working days, since really the concept of “natural days” has to be overcome by the one of working days, more in accordance with the current times (as it has happened in European legislations such as the Greek one that has made this change in the transposition of the regulation. - Previous Consent. Not only the Directive 97/7/UE, but also the Directive 2002/65/UE prohibits expressly the services supply without an explicit and valid request of the consumer. - Electronic Cash Cards (Smart Cards). Another question that deserves to be mentioned is the one relating to the “Electronic Cash Cards”, whose use threatens to spread quickly and become in an object more of the consumer daily life that will overshadow the use of coins or notes. An important issue can arise in the compatibility of these electronic cash cards with the machines that receive them. So the following hypothesis appears: the financial institutions that render these services only make compatible their cards with their receiving machines, in such a way that or the shops will have to have a dozen of engines available to attend to all their consumers, or some common criterion will have to be stated that allow to make its use compatible with any receiving engine of these electronic cash cards. - Extrajudicial Resolution Systems. Once more the European legislation insists on inciting the European Member States to adopt extrajudicial conflict resolution proceedings, but once more, it does in a way much more ambiguous, non-concrete and generical. The Directive about electronic commerce in general as well as the Directive about distance marketing of financial services mention the compulsoriness of the member States to legislate in favour of the utilization of extrajudicial means of conflicts resolution: and in this framework, the European Commission has issued a Recommendation of the 4th April of 2001, that settles the applicable principles to extrajudicial bodies of a consensual resolution of litigation in consumption matters, where the use of electronic means as mechanisms that facilitates the access are mentioned. Nevertheless, once more we should criticise that although having declared in its favour in many repeated occasions in a shy way, an express and determined mention in favour of the Arbitration System of Consumption is not done, as the best and more effective mean of extrajudicial conflict resolutions. And that when there is no doubt about that in these moments it is the only mean of extrajudicial conflict resolutions that corresponds with guarantees to the principles of independence, transparency, contradiction, effectiveness, legality, freedom and representation, that the European Union recommends to all existing organs or to the ones that could be created. With this so ambiguous regulation, what is happening is that all types of systems of extrajudicial demand are being considered valid, whatever they were. Even although the existence of a diversity of mechanisms and ways to protect the consumer seem acceptable, and although the consumer interest have not to be damaged because of that, as long as there were some harmony between the consumers protection levels, and as long as the existence if these mechanisms in all the EU were ensured, and that they had a high degree of diffusion between the Community consumers and enough effectiveness to be easily used in the cross border conflicts, it is totally precise that more concrete common criteria exist in order to guarantee the effective defence of consumer. Due to that, we understand that a reform of the Principles stated by the Commission should be carried out, principles settled not only in the Recommendation 98/257/EU of 30th March but also in the Recommendation 2001/310/EU, of 4th April 2001, until achieving that the users protection measures design a framework of “proper protection”, homogeneous and with a high effectiveness. In conclusion, there is no doubt that the fact that the European consumers and suppliers were able to negotiate and perform their contracts with the more possible security and reliability, although they were established in different Member States is essential for the good working of the inland market. For that it is necessary to carry out a deep revision of the legal deficiency of the Community and State regulation, that regulates the distance payments (especially in what refers to financial services), taking into account the existing technological improvements. This general revision of the current European legal systems will have to search the unification in all the aspects of the access to markets of the financial services companies, leading them to a new juridical framework in where all the existing barriers were suppressed until the achievement of a single payments area according with the Single Market Principle (that, in reality, though the introduction of the Euro still does not exist), that covers all the national and cross border payments, with the same juridical dispositions. All of this has to be done, without forgetting in any moment to
search the protection of the vulnerable European consumer, a concept
that would also should be interpreted and orientated to an extensive
conception that allows to welcome diverse type of collectives that
are unprotected by the restrictive interpretation that is currently
in force in the European legislation. |
|
| This project is being sponsored by the DG SANCO of the European Commission and the National Institute of Consumption of Spain | |
 |
 |
