Think You Can Use Smartphones In-Store? Read The Contract First

Written by Mark Rasch
May 11th, 2011

Attorney Mark D. Rasch is the former head of the U.S. Justice Department’s computer crime unit and today serves as Director of Cybersecurity and Privacy Consulting at CSC in Virginia.

With many retailers contemplating the use of iPhones or other smartphones for mobile payments or as in-store selling aids, overly restrictive contract terms aren’t going to fly. But that is exactly what a typical smartphone wireless contract is full of. For example, apps that use data or stream video so an iPhone can work as an in-store sales aid may be a contract violation. And on the customer side, mobile-payment apps violate contract terms, too.

It’s bad enough for retailers that smartphones can’t be locked down against software changes. But terms like these (which are becoming the norm) mean payment-card transactions and many types of data that retailers may want to use would violate a mobile operator’s contract—and could make smartphones practically unusable for in-store purposes. This assumes, of course, that the telcos opt to enforce these clauses, which were probably crafted with little thought about the likely mobile-payment world of 2012.

How bad are these terms? Have you read your wireless contract lately? Not your hundred page bill, but your contract. You might be surprised. For example, if you are an AT&T iPhone customer, you will find that it is a violation of your contract to download and use Web applications (apps) that use data. Or to use Skype or streaming video services. Or to “tether” your phone to another computer to, for example, enable you to view Flash content.

In this case, that’s because if AT&T determines—at its own discretion and without providing any notice—it thinks a customer has done anything that violates his or her contract, AT&T may terminate service unilaterally or change the customer to a different plan. What’s worse, AT&T can also read customers’ E-mails, monitor their network traffic, analyze their usage and, yes, listen in on their voice calls (even those to their lawyer) if it believes these actions will help AT&T protect its rights.

Oh, and that part in the contract that requires all disputes between the customer and AT&T to be submitted to arbitration? That doesn’t apply to AT&T’s disputes with the customer. The mobile operator asserts that it can unilaterally change the terms of the contract, or terminate service without notice, without providing any evidence of breach and without arbitration or judgment. It also can make the consumer keep paying for the terminated service and, if the customer doesn’t, AT&T can go to a collection agency and sue the customer without arbitration.


3 Comments | Read Think You Can Use Smartphones In-Store? Read The Contract First

  1. Fredrik Nyman Says:

    Are the contract terms actually enforceable, or would a court hold them unconscionable? (Would a court actually adjudicate that question, given that AT&T claims that all contract disputes are subject to binding arbitration?)

  2. Mark Rasch Says:

    A court (if it ever got to a court) would ask the question, “can a consumer of wireless services agree not to use those services for certain things?” Why would a contract limiting HOW you can use the service be unconscionable? It is spelled out in the agreement. I think the contract is unfair and outrageous (and unread) and that it is NOT AT&T’s intention to prevent all other services, but that is what the agreement says, non?

  3. Michael Hicks Says:

    Mr. Rasch brings to light some draconian aspects of the AT&T Wireless agreement that are disturbing. Still, this is not going to stop the trend. Most retailers exploring this space will undoubtedly offer wifi access, bypassing the AT&T network entirely.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.