May Lawyers Use Apps Like Venmo, Zelle, or PayPal?
As with so many tech decisions lawyers face, the answer is yes, as long as any associated ethical issues are identified and responsibly addressed. One side comment, however. While online payment apps are convenient and certainly a go to method of payment for so many of us, there will always be a group of clients who will not feel comfortable using these apps. Concerns might include not wanting to pay any associated transaction costs, not wanting to share bank account information, or worried over how secure the app really is. In light of this, you should always offer several payment options regardless of any preferred method you’d like clients to use.
What are the associated ethical issues with third party payment apps?
Competency underlies the big three, which are that client confidentiality must be maintained, that all obligations that arise under your jurisdiction’s version of ABA Model Rule 1.15 Safekeeping Property must be complied with, and that all clients must be fully informed about the terms of the transaction.
Start by reading and making sure you understand the terms of service of any app under consideration. At a minimum, you will need to know how, when, and where funds are transferred, what any associated costs will be, and what level of security and privacy the service provider has in place.
The how, when, and where funds are transferred concern cuts to the heart of your safekeeping property obligations. For example, remember that online payment app providers process payments. The accounts you set up with them are not true bank accounts. In addition, unearned funds, client funds, and funds belonging to third persons can’t be commingled with funds that are yours, meaning such funds can’t be placed in your operating account. Further compounding the matter is that many banks will not permit linking an IOLTA account with a payment-processing service. See the problem? If unearned funds can’t be directly deposited into your IOLTA account, how do you avoid the commingling problem?
If permissible in your jurisdiction, one solution would be to establish two accounts that can be linked to your payment processing service. One of these accounts might be your operating account, which will be used for directly transferring funds that have been earned. The other will be used solely for the receipt of funds that have yet to be earned or belong to the client or a third person. Once unearned funds come into that account, they will need to be promptly swept into your IOLTA account. If your IOLTA account can be linked to a payment-processing service, you will also need to make sure that no chargeback can ever be taken out of this account and that the service provider will never freeze this account in the event of a payment dispute.
Because online payment apps typically take a small cut of every payment they process, in addition to taking a small per transaction fee, the issue of who covers these costs should also be addressed. While some states permit passing these associated costs along to the client if the client so agrees in advance, others don’t allow it under any circumstance. Since there is no uniformity among the states on this topic, not only will you need to understand what these costs will be with any app under consideration, you will need to research any relevant ethics opinions in your jurisdiction. Pay particular attention to opinions that might have addressed this issue in the context of accepting credit card payments. Of course, a call to your state’s ethics hotline or reaching out to Bar Counsel in your jurisdiction might prove useful as well.
Responsibly addressing the security and privacy issue is more than just a competency concern. Under your jurisdiction’s version of ABA Model Rule 1.6 Confidentiality of Information you have a fundamental duty to preserve and maintain client confidences. Here again, you need to know what the associated risks are with any online payment app under consideration. Venmo is a great example due to the social media nature of the app. Depending upon the privacy settings of each party involved in a transaction, others app users may view the details of that transaction and even comment on it. Unintentionally having a transaction description of “$10,000 retainer for divorce attorney” become public knowledge could quickly turn into a serious problem.
Clearly a thorough understanding of how these apps work is essential. Each payment app will have its own unique privacy settings. Know what they are and learn how to properly use them. In addition, because you will be the one making the app available for client use, you would be well advised to make sure any clients who choose to use it know what steps they need to take to avoid an unintended disclosure of information. One way to do so would be to add a short advisory statement regarding the use of online payment apps to your billing statements.
Unfortunately, your duty to maintain client confidences doesn’t stop here. You will also need to ensure that the service provider has put in place adequate encryption and other customary security features that are necessary to protect the financial information of both you and your clients. For example, a service provider that is PCI compliant will be more secure than one which isn’t. And finally, don’t minimize the importance of making sure that the operating systems of all firm computers and mobile devices that might be used to access an online payment app are current in terms of patches and updates.
A final step to keep in mind is due to the consequences of the fact that the pace of change in the tech sector is fast. Since there are no indications that this pace of change will slow down anytime soon, you should periodically review the tech and apps you have or will deploy in your practice to make sure you stay abreast of the changes that will occur. In short, you want to make sure the effects of any change aren’t impacting your ability to use the tech in a responsible and ethically compliant manner.
Authored by: Mark Bassingthwaighte Risk Manager
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 550 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.