NCRC Calls on CFPB to Prioritize Needs of Consumers and Small Businesses Above Big Tech


December 21, 2021

Rohit Chopra
Consumer Financial Protection Bureau
1700 “G” St. NW
Washington, DC 20552

Docket No. CFPB-2021-0017: Notice and Request for Comment Regarding the CFPB’s Inquiry into Big Tech Payment Platforms

Dear Director Chopra:

The National Community Reinvestment Coalition (NCRC) is an association of more than 600 community-based organizations that work to promote access to basic banking services including credit and savings.  Our members, including community reinvestment organizations, community development corporations, local and state government agencies, faith-based institutions, community organizing and civil rights groups, and minority and women-owned business associations help create and sustain affordable housing, job development and vibrant communities for America’s working families.

I. The processing of payments inside Big Tech platforms prompts concerns about the protections that will be accorded to consumers when they make payments. We commend the Bureau for its recent FAQ on how EFTA covers irrevocable payments, but the Bureau should do more to incent payments providers to make these systems safer.

II. The Bureau should hold stablecoin issuers accountable to provide truthful representations of the safety of their assets

III. The collection of payment data prompts concerns about privacy. The platforms have not been truthful to consumers about why they collect data.

IV. Payment records and other data collected by Big Tech platforms will be used to evaluate the creditworthiness of consumers for financial products. The Bureau should update Regulation V to identify Big Tech platforms as credit furnishers and service providers when they apply their analytics to estimate the suitability of a consumer for a financial product.

V. The cost of advertising on a Big Tech platform is having a harmful effect on small businesses and may be contributing to the general decline in the success rates of new and small-sized firms.


I. The processing of payments inside Big Tech platforms prompts concerns about the protections that will be accorded to consumers when they make payments. We commend the Bureau for its recent FAQ on how EFTA covers irrevocable payments, but the Bureau should do more to incent payments providers to make these systems safer.

Secular market changes, lessons to be drawn from payments innovation in other countries, and the pandemic should create the grounds for regulators to update important consumer protections. Regulation E provides consumers with disclosure, error resolution, and cancellation rights on electronic funds transfers and remittances.[1]

While solution providers suggest that end-users should only use a faster payment service to send funds to “friends and family” or “people you know,” these claims are specious and self-serving. Recent research reveals that the set of use cases for faster payments is diversifying and that adoption is significant in terms of transactions ordered and dollars sent.[2] Large payroll companies now use faster payments to disburse paychecks and disbursements, merchants are bypassing card networks to collect funds at the point-of-sale,[3] and businesses are submitting and paying b2b invoices.[4] The Clearing House says it has honored over 100 million real-time payments orders from government payors in the last six months.

The mature faster payments market in the United Kingdom shows that faster payments apps can become vectors for fraud in the payments system. Assigning liability to banks will compel them to invest in tools that protect consumers.

UK Finance reported that 96 percent of authorized push payments frauds involved a faster payment in 2020. The average amount of a loss was more than £1,400. Thirty-six percent of victims of APP informed their FI within a week; more than twenty percent did not notice within one month.[5]

A telling outcome – and one that underscores the need to incent financial institutions to act by applying a liability for fraud – fraudsters came to recognize that banks were more vulnerable to fraud on RTGS transfers,[6] perhaps because those banks felt less concerned when they were not expected to resolve errors and were not liable to make good on unauthorized payments.

In the United States, many examples exist to show that financial institutions will devote resources to stopping fraud when they have a financial motivation to do so. Many fraud schemes involved the use of MoneyPaks. In its 2014 testimony to the Senate Committee on Aging, Green Dot Corporation stated that it had spent millions of dollars to combat victim-assisted fraud, including developing methods to track the flow of funds across all of its accounts after being notified of a scam, blocking international ATM cash withdrawals on Green Dot issued prepaid debit cards, and developing technology to block the use of a PIN when there is reason to suspect that an account is experiencing nefarious activity.[7] Due to pressure from regulators, Green Dot pulled its MoneyPak service from the market in 2015.[8]

The Bureau should host a tech sprint to encourage payments app providers to create “confirmation of payee” tools.

The UK required its largest banks to create a Confirmation of Payee (CoP) tool that helped senders to match the identity of the person they intended to send money to against the name of the holder of the receiving account. By June 2020, less than a year into implementation, more than 1 million CoP requests were being made every day.[9] To the positive, banks implementing CoP saw declines in the rates of sender-authorized fraud. Unfortunately, the rates of fraud at banks that did not participate increased.[10]

However, voluntary programs are not adequate. Fraudsters still committed fraud, as if to underscore the value of the service, but many consumers were still harmed, which demonstrated the shortcomings of a partial application.

The Bureau could host a tech sprint to develop examples of their own confirmation of payee models that payments companies could build into their consumer-facing apps.

We applaud the Bureau for clarifying that banks may not waive EFTA protections and call on the Bureau to, if necessary, use its enforcement powers to ensure that consumers have full rights to protect their accounts from fraud sender-authorized fraud.

Consumers may mistakenly enter the wrong email address or phone number associated with the account of the intended recipient of a payment. All payments apps, but most notably those operating on real-time gross settlement platforms, are vulnerable to sender-authorized fraud.

On December 13th, the Bureau issued an important FAQ regarding private network rules for irrevocable payments.

Some payment apps had stated that they were not liable for lost funds resulting from instances where consumers mistakenly sent a payment to the wrong recipient. These network rules left consumers vulnerable to sender-authorized fraud, also known as “fraud in the inducement.” In the US market, all faster payments solutions currently use “credit push” rails.

The new FAQ said that if a payment met the Regulation E definition of an unauthorized electronic funds transfer, then a private network could not reduce the protections accorded to consumers against liability for unauthorized transactions.[11] It also affirmed that no agreement between a consumer and any other person can waive a right granted by EFTA. 15 USC 1693I.

The CFPB previously stated that an electronic fund transfer initiated by a fraudster who has misled a consumer into giving him their account credentials is an error under EFTA and Reg E for which the consumer receives no benefit. 12 CFR 1005.2(m) and 15 U.S.C. §1693f(f)(7).

We call on the Bureau to enforce the new provisions in this FAQ.

Additionally, the Bureau should issue or rule or write an interpretive letter that defines fraudulently-induced payments as EFTA-qualifying “errors.”

The CFPB should insist that the Federal Reserve FedNow service raises the bar for consumer protections in faster payments.

If the Federal Reserve goes forward with the ruleset outlined in its notice of proposed updates of Regulation J (Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire), it will set the grounds for the expansion of faster payments through a payment rail that is not safe for consumers and small businesses.

The FedNow service should be improved to protect consumers in two critical ways: it should protect consumers against fraud and sender errors.

By relying on Regulation E to protect consumers from loss without addressing its inadequate protections for consumer-initiated push-payment systems like FedNow, the Proposed Reg J provides completely inadequate protections for small users. The proposed Reg J establishes rules for the transfers of funds between the banks of the sender and the recipient of the transferred funds but provides insufficient protections for the users sending and receiving the funds.

The CFPB should apply pressure to the Federal Reserve to ensure that FedNow rules incorporate strong protections against fraud and errors.

The CFPB can protect consumers by using its joint rulemaking for Regulation CC to empower banks to verify that payees are the rightful recipients of funds

Even though the Federal Reserve’s focus centered on the responsibilities of banks, the proposed approach still lacked needed clarifications. Banks that participate in FedNow and the Clearing House’s Real Time Payments system have expressed a concern that if they delay crediting a payment to a recipient, they will risk violating the terms of Regulation CC, even if their analytics lead them to believe that the recipient may not have a rightful claim to the funds. With artificial intelligence, financial institutions can run fraud checks in thirty seconds, so it is possible to increase safety without compromising end-user needs in a meaningful way. Relatedly, both the sending and the receiving financial institution should be able to review a payment for an alleged error.

UCC Code 4(a) is not the appropriate governing framework for consumer transactions

Critical assumptions for 4(a) do not match the context of how consumers use real-time payments. UCC Code 4(a) is designed to apply to large-dollar transactions made between parties that have equivalent negotiating power over the terms of the transfer. In neither case do these conditions apply to p2p transactions.

Consumers using these apps do so under “take it or leave it” terms and conditions.

Currently, private payments networks have rules that broadly state when Regulation E is applicable and when UCC Code 4(a) applies, but the Bureau should provide an interpretive letter that clarifies that a credit-push payment, characterized as irrevocable by the payment service, but nonetheless used by consumers for “personal, family, or household purposes” (15 U.S.C. § 1693 a(2).) is covered by EFTA and Regulation E, and similarly, that if the interpretation is unclear, then Regulation E becomes the prevailing regulatory framework.

II.The Bureau should hold stablecoin issuers accountable to provide truthful representations of the safety of their assets

Consumers use stablecoins for a variety of purposes. Most often, however, stablecoins are used to provide immediate settlement on cryptocurrency trades. Issuers of stablecoins promise that the value of the coins will always track with the value of the associated fiat currency and that they will be redeemable on a 24-7-365 basis.

Stablecoins create risks to consumers and the payments system

Stablecoins could be subject to “run risk.” Stablecoins trade at unusually high volumes compared to most assets. On a typical day, the trading volume of USDT is equivalent to one-third to two-thirds of the total outstanding supply.[12] Because of well-grounded concerns over how stablecoins are collateralized and their intensive use, it is possible that a situation could develop where consumers could not redeem their stablecoins on demand.

Additionally, some stablecoin issuers have failed to adequately collateralize against issued stablecoins with risk-free fiat currency and other riskless assets. For example, until 2019, cash and cash equivalents constituted only 79 percent of issued Tether stablecoins. The remainder was either not collateralized or secured by risky assets such as commercial paper.[13] Even today, the two largest stablecoins (Tether and USDC) are backed primarily by commercial debt. Moreover, the commercial debt in those portfolios includes below investment-grade assets.[14] Because issuers sometimes hold cash deposits in time deposits accounts, the collateralized assets are not immediately redeemable. That characteristic makes such stablecoins subject to run risks.

Pressing questions concerning the governance of stablecoins remain unanswered.

The definition of a stablecoin is itself fungible; currently, there are four primary categories of stablecoins: fiat-backed, commodity-backed, crypto-backed, and algorithmic.[15]Similarly, it remains an open question as to how stablecoins will be defined – as payments instruments, securities, or commodities.

In 2020, the Office of the Comptroller of the Currency (OCC) clarified that all federally-chartered banks and thrifts can hold digital assets in custody.[16] In January, the OCC issued an interpretive letter addressing how banks may use stablecoins and blockchain technology to facilitate payments activities and other “bank-permissible functions.” [17] In August 2021, the Chair of the Securities and Exchange Commission (SEC) proposed to define certain stablecoins and other cryptocurrencies as securities.[18] Last month, the President’s Working Group on Financial Markets said that stablecoins should be held by insured depository institutions (IDIs), that stablecoin issuers should be generally regulated in a manner similar to banks, but did not clarify if funds held by those IDIs would be insured.[19]

Lessons from China show that payments can circumvent the traditional banking system.

In China, the rise of mobile non-bank payments offers a forewarning about the possibility of tech platforms to circumvent the traditional retail banking system. Most mobile payments are not made through a bank using funds held as bank deposits or credit lines, but instead through non-bank apps that hold funds in digital wallets. Change has been swift. In 2015, 35 percent of consumer payments were made using non-bank wallets. In 2021, the share exceeds 75 percent. ?A shift has occurred in payments, where end-users are less likely to use traditional financial institutions and instead rely on big tech platforms. Ninety percent of mobile payments in China [20]?

Regulatory parity should apply to payment systems even if they operate inside “closed loops.”  Guidance should specify how regulators would supervise a stablecoin that could only be utilized inside the tech platform of its issuer.

Big Tech payment platforms are poised to offer closed-loop stablecoins. They intend to offer digital wallets, issue non-fiat currency, and provide funds transfer services inside their platforms. In the United States, Facebook/Meta proposed to issue the Libra stablecoin in 2019 and to participate in the Diem Association project in 2020.[21]  The coins would by US dollar-reserved stablecoin and allow for real-time settlement.[22] Some analysts believe that Facebook/Meta will attempt to use Diem to settle payments inside Facebook marketplace. Also, the Diem could be used as a source of payment for businesses that advertise on Facebook and Instagram.[23] To the extent that platforms can become a nexus for commerce, however, those closed-loop stablecoins could become a widely-used currency.

Absent that action, a regulatory gap could emerge, leading to the potential for an uneven regulatory playing field and the exposure of many consumers to risky transactions. These assets are described as currencies but do not have the same security that consumers have come to expect with payments products.

Some tech platforms have invested heavily in cryptocurrencies. For example, many of Square’s accountholders hold and trade Bitcoin. Revenue from crypto was responsible for forty-eight percent of all revenues across all of Square’s ecosystem,[24] an output that hints at the opportunity for Square to expand its presence in wallets that hold other cryptocurrencies or stablecoin.  Disclosures made by Square underscore the lack of security in these assets. For example, in its 2021 Annual Report, under “Operational Risks,” Square stated that any loss of private keys relating to or hack or other compromises of digital wallets used by third parties to store bitcoins or other cryptocurrencies could have negative reputational effects on us and harm customer trust in us and our products.[25]  As the number of customers who use our bitcoin product has increased and the value of [the] bitcoins we hold on behalf of such customers has grown significantly, the risks and consequences of such adverse events have increased and could materially and adversely affect our business.[26]

Because of the aforementioned exposure that companies have to stablecoins, the Bureau should investigate the validity of claims made by stablecoin issuers to consumers regarding the safety of the collateral held against issued stablecoins

Some states have begun to hold stablecoin issuers accountable for their attestations. The Office of the Attorney General of New York State fined Tether and its corporate parent for falsely describing the assets that backed their issued coins.[27] In November, the report issued by the President’s Working Group on Financial Markets noted that the CFPB could apply its supervisory authority over payments systems to address consumer protections.[28]

The Bureau should apply its supervisory authority for Unfair Deceptive Acts and Abusive Practices (UDAAP) to inspect the assets held against stablecoins regularly and to use enforcement actions when reserving practices differ from the expectations given by issuers to consumers.

III. The collection of payment data prompts concerns about privacy. The platforms have not been truthful to consumers about why they collect the data.

The current state of play regarding data collection by Big Tech platforms is a result of decisions made not by regulators but instead by the leadership of Big Tech firms. Google was founded in 1991, but it was not until 2000 that it began to sell data to third parties. It introduced cost-per-click pricing in 2002. From the moment that Google shifted to selling advertisements, it no longer considers search users as its primary customers.[29] This decision was one of the first instances where it implemented a major product change without regulatory approval, but it was not the last time.

Big Tech frequently contend that their services collect data to improve “user experiences” and sometimes warn that without providing consent to unlimited data surveillance, a consumer will not receive the full benefit of the service. We accept the principle that a business is justified to collect consumer information when it does so to improve the utility of its product, usually with the proviso that the exchange will return benefits of equivalent value to the consumer.

Increasingly, this “quid pro quo” no longer applies. Big Tech firms capture data from many different places, sometimes with consent but often without the permission of the consumer.  The claim made to consumers – that the data is used to improve the utility consumes can derive from their services – is a half-truth. The full truth is that data is collected to provide value to third-parties. These extractive firms have realized economies of scale and now control significant power in the market. Each additional source of data enhances the value of existing data sets with the primary goal of predicting human behavior.[30]

Consumers may not be aware of the information collected by Big Tech firms. Requiring consumers to share payment information in “negative choice” structures is an unfair business practice.

Payment apps installed on browsers or on mobile devices collect private information. Many personal financial management tools allow consumers to sign up using a platform sign-on tool, such as the Amazon Web Services Single Sign-On or Google Sign-In services.

Consumers are not aware of the implications that these practices portend for the use of their personal information. As a result, most are effectively unable to prevent the surveillance from occurring.

Many tech platforms provide consumers with a “take it or leave it” option. They can use a service but only if they consent to extensive surveillance, collection, storage, and dissemination of their personal data. While the degree of [extortionate] pressure varies from platform to platform, all deploy a coercive form of “negative choice marketing.” The Federal Trade Commission has noted that these structures are widespread in Internet-based services, a fixture of online advertising, and can pose financial risks to consumers.[31]

For example, the Google Play app is preinstalled on all Android phones. It is programmed to continuously check a user’s location and is designed to transfer location information to third-party apps. An Android phone that does not access the Google Play app store is substantially constrained. No person would logically pay the additional cost to buy a smart phone and to subscribe to a data plan without the ability to use apps.

The problem of “ghost” data

Increasingly, financial apps use screen-scraping or permissioned tokenization to access bank account information. Industry-led efforts (Financial Data Exchange) to establish voluntary standards for data sharing are providing benefits to consumers, but there are still many threats to the control that consumers have over their personal information that will not be addressed by those workstreams. One problem experienced by many consumers is that many personal financial management (PFM) apps have short operating lifespans, reflecting how the interests of consumers are often compromised by the short-sighted investment horizons of the private equity investors that capitalize these apps. It is unclear what happens to data that has been collected by PFMs when either the source of the data (a fintech bank account) or the collector of the data (the PFM) ceases to exist. The data may be held by a third-party data aggregator.

The platforms want payments data because it increases the power of their models

Search advertisers covet payment data because it will help them to do a better job of assessing the value of searchers for their advertising clients. Specifically, positive payment data will augment their existing efforts to estimate the lifetime value of customers (CLV) and their ability to afford new credit. The inferential power provided by payment information necessarily enhances the ability of a platform to advise its advertising clients about the suitability of a person for a financial product.

Through partnerships with Plaid, Google Pay and Apple Pay gain access to consumer bank account data. Google acknowledges that it uses the linkage between credit cards and Google Pay to review payment due dates, balances, payment amounts, and transaction history.[32]

Google can also track spending through other modes. For example, Gmail is programmed to scan inboxes and photo libraries for receipts. Most likely, big tech platforms may use the privilege granted to access a consumer’s camera to track spending when consumers use QR codes in request for payment functions.

Already, Google collects consumer information to provide leads for credit products. Of note, the loans are characterized as “pre-approved.” Consumers can discover if they are pre-approved from “Money/Loans/Offers” in the Google Pay app.[33]

The Bureau should state that Big Tech platforms are identified as “service providers” as defined in the Consumer Financial Protection Act. 12 U.S. Code § 5481 (26)a

The Bureau should use its authority over participants in the payments market, under Section 1022(c)(4) of the CFPA, to monitor the activities of these platforms regarding the risks posed to consumers. The Bureau should determine if the use of payments data, including payments data shared with data brokers, is consistent with the expectations of consumers.

We are also concerned by the potential vulnerability created with a service such as Google allows a consumer to download the information that the service has collected about them. Google permits downloads through the “My Activity” portion of its platform. While this sounds like a benefit to consumers, it may not be. Fraudsters have the ability to hijack email accounts and smart phones. With the right combination of compromises, a fraudster could access the entire search history of a victim.

IV. Payment records and other data collected by Big Tech platforms will be used to evaluate the creditworthiness of consumers for financial products. The Bureau should update Regulation V to identify Big Tech platforms as credit furnishers and service providers when they apply their analytics to estimate the suitability of a consumer for a financial product.

Platforms play the role of data furnishers, but they fall out of definitional scope of coverage in the current framework of Regulation V. The Bureau should update Regulation V to cover instances where their data is used by financial institutions to market financial products.

Platforms have the ability to narrow where they deliver their ads to only the consumers most likely to “convert.” Platform data is useful to a financial institution both for its utility in assessing the interest of an individual consumer in a product but also the likelihood that those consumers will meet underwriting standards.

For example, a platform whose browser tracks online purchasing can ascertain how a consumer has used credit in the past. A platform with a digital wallet can track when a consumer incurs overdrafts.  The capabilities afforded by the investments these platforms have made in artificial intelligence make it a certainty that their inferential power is driven by more information and thus capable of creating models with great predictive power.

In fact, the algorithms built from a platform that collects financial and non-financial information to predict future credit needs may have more predictive power than the models currently offered by the major credit bureaus. In the earlier example of receipt records inside an email account, consider that a payment processor cannot, with the exception of transactions using a corporate or government card run on select terminals, capture itemized information (“Level 3 data”) from transactions that are run across the Discover, MasterCard, and VISA card networks.[34] The data platforms have a better view of consumer purchasing history. If the consumer asks for an email receipt, then the platform can verify to any third party that not only did a person spend $60 at on non-related online retailer, but can also disclose the itemized shopping list.[35]

The data to be drawn from the processing of payments and the activity inside bank accounts is a missing category with great value. The firm that can attain payments data will be able to improve how well its algorithms can predict consumer purchasing behavior. It could also help an advertiser to determine not just which consumers are interested in a product or service, but also which ones have the ability-to-pay for it.

Platforms perform all of the analogous steps to assessing creditworthiness for the purposes of Regulation V’s implementation of the Fair Credit Reporting Act (FRCA).

a) search engines sell information to third parties: In 2000, Google made the decision to sell the data they collect on individuals to third parties.[36]Google recorded $104.1 billion in revenue from search advertisements in 2020.[37] Microsoft’s Bing and Edge services captured $8.5 billion from search in 2020.[38] In November, Microsoft added a function that observes when a consumer is about to make a purchase through its Edge browser. If the purchase meets the criteria for credit established by the Zip buy-now-pay-later lender, a window pops up to alert the site visitor that the item can be purchased in installments.[39] The function demonstrates how a tech platform can surveil consumers even when they go to a third-party website and how their market power can create pathways of least resistance that will ultimately influence competition in the marketplace.

b) price is a function of conversion:Google auctions ads based on its own internal estimation of customer intent. The online history of a consumer helps Google to assess a search query for the strength of “customer intent.” Google can track query habits across different properties (“remarketing”) – from YouTube to search, for example. It can add certainty to its estimate of intent if a person has visited other sites with similar profiles, or if similar queries have been made recently, to determine how far a customer has proceeded on the journey from intent to research to product differentiation to decision. Recent activity is combined with the “User Profile Information” collected by Google on its browser and from all of its related properties from the initial moment of use by the search writer. Because financial institutions can calculate their return on advertising, and the only returns come conversions, they pay more for queries that are known to lead to conversions. Moreover, the market signals the value, which can be seen from inside Google AdWords and Google Keyword Planner. Google provides a suggested bid for each search query term and the suggestion is factored by the desired goal (click, phone call, conversion) for each term.

c) Google can help advertisers to track online and offline activity all the way through to the closing of a sale.Using the conversion tracking function in Google Tag Manager, advertisers can tell Google how to know when a consumer has clicked through from a Google Ad to the advertiser’s website.[40] While it requires more sophistication on the part of the advertiser, Google’s services can be configured to help advertisers track subsequent offline activity.[41] With the appropriate technical analysis of this data, an advertiser could track activities that led to an offline sales closing, to the number of subsequent purchases made by a customer who was originally introduced to the advertiser through the initial click, and even if the close took place months from the original action. Google offers a tool that can be integrated with Salesforce to help advertisers track online and offline revenues.[42]

d) When serving advertisers who market financial services, Google’s suite of tools can be utilized to assess creditworthiness and customer lifetime value.Unlike most firms that purchase digital advertising, financial institutions market their products on a conditional basis: anyone can buy a book, but a bank must approve a consumer before providing them with a loan or a bank account. The ability to track a customer’s journey from the first click all the way to account approval – whether it is done online or offline – aligns Google’s business goals with those of its customer advertisers, because of the higher price it can earn from high-intent search queries. Similarly, Google’s knowledge of consumer shopping behavior is easily estimated through data gained by monitoring shopping behavior on Google properties or on non-affiliated online websites that Google tracks.

Generally speaking, the price of a search term is a product of customer intent and lifetime profitability. Using empirical data from prior searches, which are often informed by cookies that track a customer’s follow-through to purchase, Google can ascertain the likely intent of a particular search term and the interest of an individual consumer. The latter is not a factor of the search term, but of insights drawn from the searcher’s other online activity.

To demonstrate how an advertiser’s expectation of customer lifetime value (CLV) can drive the willingness to pay for clicks, consider the example of how much colleges and universities spend on digital advertising to generate applications for admission. Universities and insurance companies are willing to pay some of the highest per-click rates because the marginal profit on each new student is so high. The revenue derived from a single student by a for-profit college can exceed $100,000.[43] That return explains how the average digital customer acquisition cost (CAC) of a newly-admitted student has exceeded $1,000 since 2014[44] and the cost of a single admissions-related click could exceed $100.[45]

Like services should be regulated in the same manner. The scope of their data collection makes it a possibility that their inferential power to estimate creditworthiness could soon exceed that of traditional credit scoring tools built using data from traditional credit bureaus.

Platforms are not classified as data furnishers under Regulation V unless they transmit their data to a credit bureau, [46] even though financial institutions may refer to platform data to inform the same decisions as the ones for which they refer to a credit bureau. Although financial institutions may rely on Google to deliver clicks from consumers most likely to be approved for a product, they are not regulated as furnishers in most cases. To the extent that this gap reflects a shortcoming now, it may become more of a problem in the future.

With the depth of information at their disposal, the breadth of its scope, and the immediacy of its availability, their value proposition may exceed that offered by legacy credit bureaus. For the moment, most credit scores are built on aspects of credit utilization. Some have begun to include “positive payment” information. The big tech platforms will have far more information and will be able to make it available on an as-needed basis, in real-time, at the moment when a consumer is ready to choose a financial product. A FICO score cannot convey information needed to build a “customer lifetime value” model. The CFPB should act expeditiously given the likelihood that big tech platforms may develop analytics whose value exceeds the predictive power of traditional models built from credit bureaus.

As a result, to address an emerging gap in the marketplace, Regulation V should be amended to cover big tech platforms as furnishers when they sell their data to third-party financial institutions who intend to use the information for the purpose of evaluating a consumer for a banking, insurance, or other product category currently covered under FCRA.

Additionally, when the advertising functions of Big Tech platforms serve financial institutions, should be defined as “service providers” [47] because they knowingly transmit and process financial data. The scope of their services – which can be valuable to a financial institution through the entire journey to a credit decision – exceed the activity that would otherwise qualify for an exception to the definition of a service provider in 12 U.S. Code § 5481 (26)(B)(ii) which provides an exemption for advertisers that provide “time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media.”

The Bureau should also clarify if a big tech platform that sells information to third parties is a consumer reporting agency as defined in Regulation V if the content includes information that it collected from an external source. Platforms could base their recommendation on the suitability of a search request based only on platform information – such as search histories – but it might also combine internally-collected search query histories with bank account records sourced via a wallet or browser visits to outside sites collected from an add-on. The Bureau should clarify if the latter activity creates a basis to say that the platform is not just a furnisher of its information or if it is also an integrator of data from other providers.

V. The cost of advertising on a Big Tech platform is having a harmful effect on small businesses and may be contributing to the general decline in the success rates of new and small-sized firms.

Even though economic development policy increasingly focuses on how a region can be friendly to startups and in spite of the fact that young MBAs put a great deal of value in the opportunity to work for a startup,[48] the economy is becoming less and less friendly to new business development. Entrepreneurialism has declined in the last fifteen years. Census data shows that the rate of startups by businesses with employees declined after the Great Recession, rose only slowly afterward, and has never attained the rate observed prior to 2006. By 2018, the rate of new startups with employees remained 24 percentage points lower than it had been prior to 2006.[49]

With their dominant market shares in certain important industries, Big Tech platforms may be undermining competition. Google controls more than 80 percent of the domestic US market for search, and as a result, the “general search services” market bears many attributes of oligopoly.[50] More than forty percent of digital retail commerce occurs on Amazon; the combined activity of the next ten largest e-commerce venues hold less than 26 percent.[51] More than 99 percent of the nation’s mobile phones use either the Android or the iOS operating systems.[52]

Small businesses feel coerced into participating in payment platforms. Developing an online advertising campaign requires specialized technical skills and can be expensive. With their scale and oligopolistic hold on advertising markets, tech platforms may be extracting “rents” on market participants.

Many businesses feel compelled to place advertisements on Google, Facebook, or Instagram. They feel that these platforms provide the only meaningful way to interact with customers at the moment when they are about to make a purchasing decision. The basis for that is due to the secular shift among consumers to search for goods and services online. Big Tech platforms are gatekeepers.

Many smaller firms may not have the technical sophistication that is necessary to mount a cost-efficient digital advertising campaign. Businesses must go to great efforts, and at great expense, to learn how to make ads for online CPC platforms. The platforms are constantly updating their algorithms.

The ongoing reinvestment is an inefficient use of capital. Most small businesses cannot afford to hire the specialized services required to use Google AdWords, Instagram, or Facebook Ads. Still, to find customers, many resort to hiring a web page designer who understands the algorithmic preferences of the large search engines, using an inbound marketing service to create the blogs and videos preferred by Google’s algorithms, and more consultants to evaluate and update other elements of their digital marketing.

Without expertise, buying Facebook Ads, Instagram posts, or Google AdWords is expensive and risky. As a result, smaller-sized firms – defined as those spending less than $3,000 per month on Google AdWords – have the lowest return on their advertising (ROA) budget. Among those small firms, ROA is 1.5 – meaning that they generate $1.50 in new revenue for every dollar paid to Google.[53]

The process is referred to “user acquisition.” Businesses model these expenses under the frame of customer acquisition costs (CACs). In the Google AdWords model, businesses may pay for “cost per click” (CPC) on search results or display advertisements.

It is very possible that the cost of using search to find a new customer could exceed the profit on the first service call. Since many clicks do not result in a sale, the CAC is always greater than the CPC. For example, if the clearing price of a bid for a search phrase is two dollars (an approximate average CPC in 2020)[54] [55], and five percent of those paid clicks lead to a completed transaction, the CAC is forty dollars. Unfortunately, many consumers will visit many sites to research a purchase, and businesses may pay for clicks made by consumers that have no intention to make a purchase or contract for a service.

Very few small business sectors are immune to the problem. For example, a review of Google Keyword Planner suggests that an independent plumbing contractor could pay between five and forty dollars per click for common plumbing-related search terms.[56] They will pay for clicks even if the visitor is only researching a purchase.

The market power of these platforms is undermining competition and free enterprise.

The net effect is that businesses are forced to pay a “ransom” to one of the tech platforms. In an annual letter to his investors, the CEO of a venture capital firm discussed the problems posed by these platforms on the overall efficiency of the startup ecosystem.

“The hardest thing for most startups today is the path to market: first finding product-market fit and a way to reach customers, and then building a ruthless machine to acquire, monetize, and retain them. Because of this, when the VC [venture capital] industry invests capital into fast-growing startups today, the plurality, if not the majority, of invested capital will go into user acquisition and ad spending, for better or worse (usually worse). We’ve reached a point today with ad spend in tech that feels metaphorically similar. Startups spend almost 40 cents of every venture capital dollar on Google, Facebook, and Amazon. We don’t necessarily know which channels they will choose or the particularities of how they will spend money on user acquisition, but we do know more or less what’s going to happen. Advertising spend in tech has become an arms race: fresh tactics go stale in months, and customer acquisition costs keep rising.[57]

If large digital platforms capture forty percent of venture capital funds in aggregate, it stands to reason that newer firms pay an even higher share of their capital during the period when they are establishing their brand.

Google makes frequent updates to its algorithms and rewards new forms of content with higher rankings. For example, two years ago Google decided to place an emphasis on FAQs that appeared at the top of search rankings in the form of accordion-style “structured snippets.” To maintain first-page rankings, many businesses hire Google AdWords consultants.

If a small business chooses to uses the “optimize” option on AdWords, Google will recommend keywords that have been determined to be most efficient to other advertisers. If a single advertiser optimized, there would be a benefit. If many similarly-focused firms optimize, then their narrowed bidding leads to higher-cost auctions.[58]

The cost of advertising, the complexity associated with making the advertisements, and the frequency of updates to the algorithms that govern page rankings all contribute to a substantial burden on the growth of small businesses.

Large tech platforms may use their power to enter markets and compete against their own customers.

In 2017, the European Union found Google guilty of antitrust violations that stated that the company’s Universal Search Algorithm gave preferential ranking to Google’s products.[59] The US Department of Justice has filed a complaint against Google alleging that its practice of paying Apple and other cell phone manufacturers to install its search engine by default constitutes an unlawful practice that maintains a monopoly.[60]

Amazon can observe supply and demand of goods sold on its platform. It can exert influence on sellers to provide lower prices. In some cases, Amazon has used its vantage point on markets to identify opportunities to enter markets with in-house alternatives.[61]

Our comments in this section provide an affirmative answer to the questions posed by the Bureau concerning the interference of tech platforms on “fair, transparent, and competitive markets.” We believe that the effects are most harmful to small businesses and startups. To remain competitive, small businesses now devote financial resources to hiring consultants for web page design, inbound marketing, AdWords campaigning, search engine optimization, and A/B testing. These costs were not standard when small businesses could merely purchase an advertisement in the yellow pages, local print media, or radio. In each of those cases, advertising design came with the purchase of the ad. Similarly, digital startups must use a tech platform to establish their brand.


We applaud the Bureau for its decision to call for comments on the impact of Big Tech platforms. Our comment explains the concerns we have consumer protections of payments, data privacy, stablecoins, and the deleterious effect that digital advertising has on the competitiveness of small businesses.

Please reach out to me or to Adam Rust (arust@ncrc.org) if we can answer more questions or provide clarifications on our current statement.

Jesse Van Tol
National Community Reinvestment Coalition


[1] Consumer Financial Protection Bureau. “Electronic Fund Transfers (Regulation E); Amendments.” Final Rules, June 5, 2020. https://www.consumerfinance.gov/rules-policy/final-rules/electronic-fund-transfers-regulation-e/.

[2] Federal Reserve Bank. “What’s Trending in the World of Faster and Instant Payments?” FedNow Service. Accessed September 24, 2021. https://www.frbservices.org/financial-services/fednow/instant-payments-education/trending-world-faster-instant-payments.html.

[3] Federal Reserve FedPayments Improvement. “Businesses Look to the Future with Faster Payments.” Market Readiness Brief, September 1, 2021. https://fedpaymentsimprovement.org/wp-content/uploads/pandemic-spurs-faster-payments-demand.pdf.

[4] Reed Luhtanen, Keith Gray, and Mark Ranta. “A Look Ahead: Faster Payments in 2021.” ABA Banking Journal (blog), March 31, 2021. https://bankingjournal.aba.com/2021/03/a-look-ahead-faster-payments-in-2021/.

[5] UK Finance. “Fraud – The Facts 2021: The Definitive Overview of Payment Industry Fraud.” London, 2021. https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf.

[6] UK Finance. “Fraud – The Facts 2021: The Definitive Overview of Payment Industry Fraud.” London, 2021. https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf.

[7] Steve Streit. “Written Statement of Green Dot Corporation.” Hearing, US Senate Committee on Aging, November 19, 2014. https://www.aging.senate.gov/imo/media/doc/Streit_%2011_19_14.pdf.

[8] Angel Abcede. “Green Dot Pulling MoneyPak.” CSP Daily News, August 22, 2014. https://cspdailynews.com/general-merchandise/green-dot-pulling-moneypak.

[9] UK Finance. “Fraud – The Facts 2021: The Definitive Overview of Payment Industry Fraud.” London, 2021. https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf.

[10] UK Payment Systems Regulator. “Confirmation of Payee: Response to Our Call for Views CP21/6.” Response Paper. London, England: Payment Systems Regulator, October 2021. https://www.psr.org.uk/media/ktonkca3/psr-rp21-1-confirmation-of-payee-response-paper-oct-2021.pdf.

[11] Consumer Financial Protection Bureau. Electronic Fund Transfers FAQs, 15 USC 1693g(e) § (2021). https://www.consumerfinance.gov/compliance/compliance-resources/deposit-accounts-resources/electronic-fund-transfers/electronic-fund-transfers-faqs/.

[12] Messari. “Tether (USDT) Live Stats: Market Cap, Supply, Volume.” Accessed December 15, 2021. https://messari.io.

[13] Kelly, Jemima. “Tether Says Its Reserves Are Backed by Cash to the Tune of…2.9%.” Financial Times. May 14, 2021, sec. Opinion. https://www.ft.com/content/529eb4e6-796a-4e81-8064-5967bbe3b4d9.

[14] Bill Nelson. “Stablecoins Are Backed by ‘Reserves’? Give Us a Break.” American Banker. BankThink (blog), December 10, 2021. https://www.americanbanker.com/opinion/ststablecoins-are-backed-by-reserves-give-us-a-break.

[15] Financial Industry Regulatory Authority (FINRA). “3 Things to Know About Stablecoins.” Investor Insights, April 17, 2020. https://www.finra.org/investors/insights/3-things-stablecoins.

[16] Office of the Comptroller of the Currency. “Federally Chartered Banks and Thrifts May Provide Custody Services for Crypto Assets.” News Release 2020-98, July 22, 2020.  https://www.occ.gov/news-issuances/news-releases/2020/nr-occ-2020-98.html.

[17] Office of the Comptroller of the Currency. Interpretive Letter. “OCC Chief Counsel’s Interpretation on National Bank and Federal Savings Association Authority to Use Independent Node Verification Networks and Stablecoins for Payment Activities.” Interpretive Letter, January 4, 2021. https://www.occ.gov/news-issuances/news-releases/2021/nr-occ-2021-2a.pdf.

[18] Gary Gensler. “Remarks Before the Aspen Security Forum,” August 3, 2021. https://www.sec.gov/news/public-statement/gensler-aspen-security-forum-2021-08-03.

[19] President’s Working Group on Financial Markets, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency. “Report on Stablecoins.” Washington, D.C.: US Department of the Treasury, November 1, 2021. https://home.treasury.gov/news/press-releases/jy0454.

[20] John Engen. “Lessons from a Mobile Payment Revolution: Why China’s Mobile Payments Revolution Matters for U.S. Bankers.” American Banker, April 29, 2018. https://www.americanbanker.com/news/why-chinas-mobile-payments-revolution-matters-for-us-bankers.

[21] The Diem Association. “White Paper,” April 2020. https://www.diem.com/en-us/white-paper/.

[22] Wilson, Tom, and Pete Schroeder. “Facebook-Backed Crypto Project Diem to Launch U.S. Stablecoin in Major Shift.” Reuters, May 12, 2021, sec. Technology. https://www.reuters.com/technology/facebook-backed-crypto-project-diem-launch-us-stablecoin-major-shift-2021-05-12/.

[23] Seeking Alpha. “Facebook Diem: Catalyst for FB Stock No One Is Talking About (NASDAQ: FB),” June 23, 2021. https://seekingalpha.com/article/4436274-fb-catalyst-no-one-is-talking-about.

[24] Square. “Square Inc., 2021 Annual Report.” 10-K. San Francisco, California, February 23, 2021. https://d18rn0p25nwr6d.cloudfront.net/CIK-0001512673/c7b05bfa-5bb8-43b7-9580-9de362ef1e83.pdf.

[25] Square. “Square Inc., 2021 Annual Report.” 10-K. San Francisco, California, February 23, 2021. https://d18rn0p25nwr6d.cloudfront.net/CIK-0001512673/c7b05bfa-5bb8-43b7-9580-9de362ef1e83.pdf.

[26] Square. “Square Inc., 2021 Annual Report.” 10-K. San Francisco, California, February 23, 2021. https://d18rn0p25nwr6d.cloudfront.net/CIK-0001512673/c7b05bfa-5bb8-43b7-9580-9de362ef1e83.pdf.

[27] Yogita Khatri. “BitFinex, Tether Settle with New York’s Attorney General for $18.5 Million.” The Block (blog), February 23, 2021. https://www.theblockcrypto.com/post/95207/bitfinex-tether-new-york-ag-settlement-lawsuit.

[28] President’s Working Group on Financial Markets, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency. “Report on Stablecoins.” Washington, D.C.: US Department of the Treasury, November 1, 2021. https://home.treasury.gov/news/press-releases/jy0454.

[29] Scott Karp. “Google AdWords: A Brief History of Online Advertising Innovation.” Publishing 2.0, May 27, 2008. https://publishing2.scottkarp.ai/2008/05/27/google-adwords-a-brief-history-of-online-advertising-innovation/.

[30] Shoshan Zuboff. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. Public Affairs Books, 2017. https://www.publicaffairsbooks.com/titles/shoshana-zuboff/the-age-of-surveillance-capitalism/9781610395694/.

[31] Federal Trade Commission Division of Enforcement. “Negative Options.” Washington, D.C., January 2009. https://www.ftc.gov/sites/default/files/documents/reports/negative-options-federal-trade-commission-workshop-analyzing-negative-option-marketing-report-staff/p064202negativeoptionreport.pdf.

[32] Google Pay Help. “Common Questions about Plaid.” What Data Do Google and Plaid Use? Accessed December 15, 2021. https://support.google.com/googlepay/answer/10193349?

[33] Google Pay Help. “Get a Personal Loan with Google Pay.” Accessed December 2, 2021. https://support.google.com/pay/india/answer/9076219?hl=en#zippy=%2Cpre-qualified-loans-with-dmi-financeidfc-first-bank%2Cwhy-is-my-loan-application-rejected%2Cpre-approved-loans-from-federal-bank.

[34] Intuit. “What Merchants Need to Know about Level 3 Data Processing.” QuickBooks Help, July 16, 2021. https://quickbooks.intuit.com/learn-support/en-us/help-article/merchant-services/merchants-need-know-level-3-data-processing/L1LOqVeky_US_en_US.

[35] Todd Haselton and Megan Graham. “Google Uses Gmail to Track a History of Things You Buy — and It’s Hard to Delete.” CNBC, May 17, 2019. https://www.cnbc.com/2019/05/17/google-gmail-tracks-purchase-history-how-to-delete-it.html.

[36] Shoshan Zuboff. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. Public Affairs Books, 2017. https://www.publicaffairsbooks.com/titles/shoshana-zuboff/the-age-of-surveillance-capitalism/9781610395694/.

[37] Alphabet. “Annual Report for the Year Ending December 31, 2020.” 10-K. Mountain View, California, January 30, 2021. https://www.sec.gov/Archives/edgar/data/1652044/000165204421000010/goog-20201231.htm.

[38] Microsoft. “Microsoft 2021 Annual Report.” 10-k. Redmond, Washington, July 29, 2021. https://www.microsoft.com/investor/reports/ar21/index.html.

[39] Microsoft. “Introducing Buy Now, Pay Later in Microsoft Edge.” Microsoft Tech Community, November 15, 2021. https://techcommunity.microsoft.com/t5/articles/introducing-buy-now-pay-later-in-microsoft-edge/td-p/2967030.

[40] Google. “About Conversion Tracking – Google Ads Help.” Accessed December 2, 2021. https://support.google.com/google-ads/answer/1722022?hl=en.

[41] Google. “About Offline Conversion Imports – Google Ads Help.” Accessed December 2, 2021. https://support.google.com/google-ads/answer/2998031.

[43] David O. Lucca, Taylor Nadauld, and Karen Shen. “Credit Supply and the Rise in College Tuition: Evidence from the Expansion in Federal Student Aid Programs.” Staff Reports. Federal Reserve Bank of New York, February 2017. https://www.newyorkfed.org/medialibrary/media/research/staff_reports/sr733.pdf

[44] Lindsey McKenzie. “Marketing for a Massive Online University.” Inside Higher Ed, October 8, 2019. https://www.insidehighered.com/news/2019/10/08/how-marketing-helped-southern-new-hampshire-university-make-it-big-online.

[45] Amanda Sellers. “150 of The Most Expensive Keywords on Google (By Industry).” Hubspot Marketing (blog), 2020. https://blog.hubspot.com/marketing/most-expensive-keywords-google.

[46] Consumer Data Industry Association. “Overview-For Furnishers of Data.” CDIA (blog). Accessed December 1, 2021. https://www.cdiaonline.org/resources/furnishers-of-data-overview/.

[47] 12 U.S. Code § 5481 (26)(A)(ii)

[48] Nathan Allen. “Study: 85% Of MBAs Interested in Entrepreneurship.” Poets & Quants, January 29, 2021. https://poetsandquants.com/2021/01/28/study-85-of-mbas-interested-in-entrepreneurship/?pq-category=business-school-news.

[49] Dinlersoz, Emin, Timothy Dunne, John Haltiwanger, and Veronika Penciakova. “Business Formation: A Tale of Two Recessions.” AEA Papers and Proceedings 111 (May 1, 2021): 253–57. https://doi.org/10.1257/pandp.20211055.

[50] United States v. Google LLC (United States District Court for the District of Columbia October 10, 2020).

[51] Statista. “U.S. Leading e-Retailers by Market Share 2021.” Statista, 2021. https://www.statista.com/statistics/274255/market-share-of-the-leading-retailers-in-us-e-commerce/.

[52] Statista. “Mobile OS Market Share 2021,” July 2021. https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/.

[53] Tony Wright. “Google Ads Is Not for Small Business Anymore. Here’s Why.” Search Engine Journal (blog), August 17, 2021. https://www.searchenginejournal.com/google-ads-small-business-woes/416050/.

[54] Valve and Meter. “2020 PPC Statistics – A Comprehensive List of Pay-Per-Click Stats,” 2021. https://valveandmeter.com/pay-per-click-statistics/.

[55] Ryan Maake. “How Much Does Google Ads Cost? | 2021 Google Ads Pricing.” WebFX, December 12, 2020. https://www.webfx.com/blog/marketing/much-cost-advertise-google-adwords/.

[56] Haydon Churchill. “Top 31 Best Plumber AdWords Keywords in 2020.” Serp Wars, August 10, 2019. https://serpwars.com/top-31-best-plumber-adwords-ppc-keywords/.

[57] Chamath Palihapitiya. “Social Capital Interim Annual Letter,” October 31, 2018. https://www.socialcapital.com/annual-letters/2018.pdf.

[58] Judy Shapiro. “Top Ways Digital Ad Platforms Hurt Small Businesses More than They Help.” The Trust Web Times (blog), July 14, 2021. https://trustwebtimes.com/top-ways-digital-ad-platforms-hurt-small-businesses-more-than-they-help/.

[59] Mark Scott. “Google Fined Record $2.7 Billion in E.U. Antitrust Ruling.” The New York Times, June 27, 2017. https://www.nytimes.com/2017/06/27/technology/eu-google-fine.html.

[60] US Department of Justice. “Justice Department Sues Monopolist Google For Violating Antitrust Laws.” Office of Public Affairs, October 20, 2020. https://www.justice.gov/opa/pr/justice-department-sues-monopolist-google-violating-antitrust-laws.

[61] Mattioli, Dana. “Amazon Scooped Up Data from Its Own Sellers to Launch Competing Products.” Wall Street Journal, April 24, 2020, sec. Tech. https://www.wsj.com/articles/amazon-scooped-up-data-from-its-own-sellers-to-launch-competing-products-11587650015.

Print Friendly, PDF & Email
Scroll to Top