From sex to free speech, what goes online is increasingly up to financial companies WHO SHOULD police the internet? For some time now the question has tied companies, regulators and campaigners in knots. Social networks spend billions moderating content posted on their platforms, but are still criticised either for not removing enough toxic material or for stifling free speech. They are not the only ones to grapple with the problem. Banks and credit-card companies too are finding themselves playing a bigger role in what is said and done in the public square—to their, and their customers’, discomfort. The boundary of censorship is now being extended further, into the pornography business. From October 15th adult websites worldwide will have to verify the age and identity of anyone featured in a picture or video, as well as the ID of the person uploading it. They will need to operate a fast complaints process, and must review all content before publication. These rules are being imposed not by regulators but by Mastercard, a credit-card giant. Websites can choose not to work with Mastercard. But, as the company handles about 30% of all card payments made outside China, to do so would be costly. Visa, which manages 60% of payments, is also taking a firmer line on adult sites. The trend goes beyond porn. In the shadier corners of the web, and in areas where the law is unclear or out of date, financial firms are acting as de facto regulators. Since the turn of the century, “payments have become a tool of domestic and international policy,” says Aaron Klein of the Brookings Institution, a think-tank. After the 9/11 attacks of 2001 America introduced new anti-money-laundering rules and more targeted sanctions. Financial firms must block payments to the people on a list that today runs to 1,604 pages. Governments also began to tap banks for help at home. A craze for online poker prompted America’s Unlawful Internet Gambling Enforcement Act of 2006, which handed responsibility for blocking transactions not to the internet service providers that allowed access to poker sites, but to the companies that enabled the payments. As most American states legalised the cannabis industry in some form, its growth was nipped in the bud by federal laws that dissuade banks from dealing with marijuana moguls. Handing enforcement duties to companies relieves the taxpayer of some of the cost. It is not unusual for big banks, such as HSBC or JPMorgan Chase, to employ more than 20,000 specialists in risk and compliance. In 2017 Accenture, a consultancy, reckoned that tech firms employed around 100,000 content moderators. The effect is also to relieve politicians of making tough decisions. “Policymaking involves…achieving societal consensus on difficult issues. That has become harder in America,” says Mr Klein. When banks decline to deal with a customer because of “reputational risk”, it sometimes means “a bank regulator [has been] whispering to them, ‘We don’t like your being in this business’,” says Greg Baer of the Bank Policy Institute, an industry body in America. Activists have also been applying pressure, causing firms to drop unpopular clients. In January, following outcry over a riot at the US Capitol, Deutsche Bank and Signature Bank ended their dealings with Donald Trump, then the president, whom Signature called on to resign. Mr Trump has presumably found other banks willing to work with him. But in some industries, enough banks have turned up their noses that it can be a problem. In August OnlyFans, a site known for its adult content, said it would no longer allow explicit material owing to pressure from partners including BNY Mellon, Metro Bank and JPMorgan (none of which commented). In the end the ban was reversed, after outraged pro-porn activists turned out to be even noisier than the antis. Visa and Mastercard’s near-duopoly makes the firms prime targets for protesters. In 2019 SumOfUs, a left-wing pressure group, tabled a proposal at Mastercard’s annual meeting meant to stop payments to far-right groups. (The proposal was defeated.) Thirty-four women are suing Visa along with the owners of Pornhub, an adult site which they say hosted unconsenting footage of them. Illegal-porn sites “care a lot more about their finances than they do about the law”, says Laila Mickelwait, whose Justice Defence Fund helps sex-abuse victims litigate. And, she adds, when financial firms change their policies it applies globally. Last year Visa and Mastercard cut off Pornhub over its hosting of potentially unlawful material. Payment companies face a philosophical dilemma. “On one hand they try to be very open, accepting, willing to facilitate payments for whomever. They’re not taking any sort of political or moral stance,” says Lisa Ellis of MoffettNathanson, a research firm. “But on the other hand, they also feel like they have a very strong responsibility in making sure that they’re not aiding and abetting any sort of crime.” Visa and Mastercard both say that, as global companies, their guiding principle is local legality. But things are not always black and white. In 2017, after a far-right march in Charlottesville, Virginia, Mastercard shut down the use of its cards on websites that had made “specific threats or incite[d] violence”, but kept dealing with others labelled hate-groups. “Our standard is whether a merchant’s activity is lawful, even when we disagree with what they say or do,” the company said at the time. In grey areas they have reason to err on the side of caution. Payment networks’ risk of liability tends to be low, since they operate at one remove from the merchants. But being named in a sex-trafficking complaint does not look good. In working with a borderline adult site, for instance, there’s “not a lot of upside and a lot of downside”, says Ms Ellis. And in legally tricky areas it can be cheaper to issue a blanket ban than pick through every difficult case. In policy areas where the law has yet to catch up, financial firms can end up writing regulations themselves. Some cases are innocuous: in 2019 Mastercard introduced rules for companies offering free trials, requiring that they alert customers before payments begin. But other policies involve real trade-offs between values like free speech and safety. Mastercard’s requirement that adult sites screen content before publication ought to help stamp out illegal material, but will probably mean less of the legal sort too. The company suggests that it will cut off sites that use artificial intelligence to “nudify” clothed images, something which in most countries is not against the law. An executive at another firm wonders if such rules ought instead to be made by governments. “Where it’s grey, who would you rather make the decisions?” he asks. For as long as legislation lags behind, financial institutions will be left in a difficult position: accused either of being the “moral police”, as one executive puts it, or of enabling wrongdoing. As Richard Haythornthwaite, then Mastercard’s chairman, told the protesters at the firm’s annual meeting in 2019: “If it is lawful, then we need to respect that transaction. If it is something that is swimming against the tide of society, it’s for the society to rise up and change the law.” ■
