Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • 6th Circuit: Merchant indemnified against card breach costs

    Courts

    On June 7, the U.S. Court of Appeals for the 6th Circuit affirmed a lower court’s ruling that an agreement between a Texas-based merchant and a payment processor did not require the merchant to pay millions of dollars in damage-control costs related to two card system data breaches. After the data breaches, the payment processor withheld routine payment card transaction proceeds from the merchant, asserting that the merchant was responsible for reimbursing the amount that the issuing banks paid to cardholders affected by the breaches. However, the merchant refused to pay the payment processor, relying on a “consequential damages waiver” contained in the agreement.

    The payment processor argued that, under the agreement’s indemnification clause and provision covering third-party fees and charges, the merchant retained liability for assessments passed down from the card brands’ acquiring bank. The district court, however, granted summary judgment to the merchant, finding that the merchant was not liable for the card brands’ assessments. The court further ruled that the payment processor materially breached the agreement when it diverted funds to reimburse itself.

    On review, the 6th Circuit agreed with the lower court that the assessments “constituted consequential damages” and that the agreement exempted consequential damages from liability under a “conspicuous limitation” to the indemnification clause. According to the 6th Circuit, the “data breaches, resulting reimbursement to cardholders, and levying of assessments, though natural results” of the merchant’s failure to comply with the Payment Card Industry's Data Security Standards, “did not necessarily follow from it.” In addition, the appellate court agreed with the district court’s holding that third-party fees and charges in the contract refer to routine charges associated with card processing services rather than liability for a data breach. The appellate court also concurred that the payment processor’s decision to withhold routine payment card transactions, constituted a material breach of the agreement.

    Courts Sixth Circuit Appellate Payment Processors Credit Cards Data Breach Privacy/Cyber Risk & Data Security Indemnification

    Share page with AddThis
  • Payment processor settles FTC fraud allegations

    Federal Issues

    On May 21, the FTC announced a payment processor, its CEO and owner, and two other officers (collectively, “defendants”) agreed to settle charges that they knowingly processed fraudulent transactions to consumers’ accounts in violation of the FTC Act. According to the FTC’s complaint, the defendants allegedly assisted merchants, who were engaged in fraud, in hiding their activities from banks and credit card networks. The defendants allegedly (i) created fake foreign shell companies to open accounts in their names; (ii) submitted dummy websites and other false information to merchant banks; and (iii) worked to evade card network rules and monitoring designed to prevent fraud. The settlement order against the processing company and its CEO imposes a judgment of over $110 million, which is partially suspended due to the inability to pay. The settlement order against one officer imposes a judgment of over $300,000, which is suspended due to the inability to pay. The settlement order against the second officer, the company’s Chief Operating Officer, imposes a $1 million judgment. Each order imposes a permanent ban on the defendants from, among other things, engaging in payment processing and credit card laundering, whether directly or through an intermediary.

    Federal Issues FTC Payment Processors Settlement Enforcement FTC Act

    Share page with AddThis
  • District Court approves final $7.5 million TCPA class action settlement with payment processor

    Courts

    On April 16, the U.S. District Court for the Northern District of California granted final approval to a $7.5 million class action settlement resolving allegations that a payment processor and its sales representative violated the TCPA by using an autodialer for telemarketing purposes without first obtaining consumers’ prior express consent. The settlement terms also require the defendants to pay roughly $1.8 million in attorneys’ fees. According to the second amended complaint, the sales representative placed pre-recorded calls to potential clients on behalf of the payment processor through the use of an autodialer, including consumers who had not consented to receiving the calls. The plaintiff further alleged that the payment processor also violated the TCPA by sending facsimile advertisements that did not contain a “Compliant Opt Out Notice” to recipients. The parties reached a preliminary settlement last August following discovery and mediation.

    Courts TCPA Payment Processors Class Action Settlement Autodialer

    Share page with AddThis
  • FTC permanently bans payment processor

    Federal Issues

    On April 11, the FTC announced that a payment processing company and its owner agreed to a $1.8 million settlement resolving allegations that the company repeatedly violated a 2009 court order. That order found that the payment processer knowingly or consciously avoided knowing that debit card transactions it processed, on behalf of an allegedly fraudulent enterprise, were not authorized by the consumers. The FTC alleged that the company violated the 2009 order by, among other things, (i) failing to engage in a reasonable investigation of prospective clients before processing payments on their behalf; (ii) failing to monitor clients’ transactions to ensure that clients were not engaged in illegal behavior; and (iii) failing to adhere to administrative requirements of the order, including submitting a written compliance report to the agency. In addition to the monetary penalty, the new settlement permanently bans the company from working as a payment processor and subjects the company to reporting and recordkeeping requirements.

    Federal Issues FTC Payment Processors Settlement UDAP FTC Act Enforcement

    Share page with AddThis
  • West Virginia exempts payment processing from some licensing requirements

    State Issues

    On March 25, the West Virginia governor signed SB 603, which adds exemptions from the currency exchange licensing requirements. Among other things, the bill exempts from the state’s currency exchange licensing requirements a person or persons operating a payment system that provides processing, clearing, or settlement services in connection with wire transfers, debit/credit card transactions, ACH transfers, or similar fund transfers. Additionally, the bill also exempts from licensing requirements a person or persons that facilitate payment for goods or services (not including currency or money transmission) pursuant to a contract and the payment obligation is satisfied or extinguished. The bill is effective June 7.

    State Issues Licensing Money Service / Money Transmitters Payment Processors State Legislation

    Share page with AddThis
  • Additional defendants settle credit card laundering lawsuit

    Federal Issues

    On December 11, the FTC entered into a proposed settlement with an Arizona-based company and its officer (defendants) relating to an allegedly deceptive credit card telemarketing operation. As previously covered by InfoBytes, the FTC alleged that the defendants—as part of a larger group of 12 defendants comprised of an independent sales organization, sales agents, payment processors, and identified principals—violated the FTC Act and the Telemarketing Sales Rule by assisting a telemarketing company in masking its identity by processing the company’s credit card payments and laundering credit card transactions on behalf of multiple fictitious companies. The proposed settlement, among other things, prohibits the defendants from engaging in credit card laundering and bans them from telemarketing, processing payments, or acting as an independent sales organization or sales agent. The order also stipulates a judgment of $5.7 million, which will be suspended unless it is determined that the financial statements submitted by the defendants contain any inaccuracies.

    In March 2018, the FTC reached settlements with two of the other defendants (see InfoBytes coverage here). Litigation continues against the remaining defendants.

    Federal Issues FTC Settlement Anti-Money Laundering Credit Cards FTC Act Telemarketing Sales Rule Payment Processors

    Share page with AddThis
  • FTC testifies before House subcommittees about combating consumer fraud

    Federal Issues

    On July 26, the Director of the FTC’s Bureau of Consumer Protection, Andrew Smith, testified before subcommittees of the U.S. House Committee on Oversight and Government Reform regarding the FTC’s program to combat consumer fraud. The prepared testimony discusses the FTC’s anti-fraud program and highlights the agency’s enforcement actions against illicit companies that pose as government agents, such as the IRS, to convince consumers and small businesses to send them money. The FTC touts the steps taken to spur development of technological solutions to unlawful robocalls, including call-blocking and call-filtering products. The testimony also focuses on the FTC’s efforts to curb payment processors from assisting fraudulent actors in violation of the FTC Act. The FTC notes that the Commission has brought 25 actions against payment processors that failed to comply with requirements to ensure their systems were not being used to process fraudulent merchant transactions. The FTC emphasized that while the “overwhelming majority” of payment processors abide by the law, when certain processors do not, they cause “significant economic harm to consumers and legitimate businesses.”

    Federal Issues Payment Processors Consumer Finance Fraud Robocalls FTC FTC Act U.S. House

    Share page with AddThis
  • District Court denies payment company’s request to set aside judgment

    Courts

    On March 12, the U.S. District Court for the Northern District of California denied a company’s post-trial motions to set aside September 2017 judgments in a lawsuit brought by the CFPB for alleged violations of the Consumer Financial Protection Act (CFPA). Specifically, the bi-weekly payments company requested that the court set aside its injunction and reconsider a $7.93 million penalty in light of “new evidence” that demonstrated the company’s inability to pay the penalty. As previously covered by Infobytes, the CFPB filed the lawsuit in 2015, alleging, among other things, that the company made misrepresentations to consumers about its bi-weekly payment program by overstating the savings provided by the program and creating the impression the company was affiliated with the consumers’ lender. In denying the company’s motion, the court held that the company failed to present new evidence that would justify the relief. Additionally, the court rejected the argument that the permanent injunction placed on the company was overly burdensome, stating “in light of the evidence of defendants[’] prior practices…the limitations of the injunction reflect appropriate safeguards ‘to avoid deception of the consumer.’”

    Courts CFPB Payment Processors UDAAP CFPA

    Share page with AddThis
  • FTC settles credit card laundering lawsuit

    Federal Issues

    On March 9, the FTC entered into a settlement with a credit card merchant and its individual officer (collectively, “defendants”) relating to an allegedly deceptive credit card telemarketing operation. According to the FTC’s amended complaint, the defendants violated the FTC Act and the Telemarketing Sales rule by assisting a telemarketing company in masking its identity by processing the company’s credit card payments through multiple fictitious companies. The FTC previously had banned the telemarketing company from selling fraudulent “work-at-home” opportunities in 2015. The settlement, among other things, prohibits the defendants from processing payments or acting as an independent sales organization. The order also stipulates a judgment of approximately $1.3 million, which will be suspended unless it is determined that the financial statements defendants submitted to the FTC contain any inaccuracies.

    Federal Issues Payment Processors FTC Act Telemarketing Sales Rule FTC Settlement

    Share page with AddThis
  • District Judge Issues Order Against Bi-Weekly Payment Company, Denies Restitution Sought by CFPB

    Courts

    On September 8, a federal judge in the U.S. District Court for the Northern District of California issued an opinion and order against a company after a seven-day bench trial, finding that the company misrepresented its bi-weekly payment program in violation of the Consumer Financial Protection Act (CFPA). As previously covered in InfoBytes, the CFPB filed a complaint in 2015 against the company, its wholly owned subsidiary, and the company’s founder, alleging that the company’s false and misleading marketing practices were abusive and deceptive when it minimized the existence or amount of the program’s setup fee, misled borrowers on the amount of actual savings, and created the impression that the company was affiliated with the lender. The payment program allowed the defendants to contract with borrowers to make their mortgage, credit card, or other loan payments for them. The program automatically debited their accounts every two weeks in an amount equal to one-half of the monthly payment on the loan. This resulted in 26 payments per year, with the extra payments going towards paying down the principal on the loan. The judge granted the $7.9 million civil penalty proposed by the CFPB but denied the restitution of almost $74 million that the CFPB had sought—a full refund of all setup fees—because it found that “the CFPB has not proved that defendants engaged in the type of fraud commonly connoted by the well-worn phrase ‘snake oil salesmen,’” and specifically had “not shown, and could not show, that the [payment] program never provid[ed] a benefit to consumers, or that no fully-informed consumer would ever elect to pay to participate in the program.” The court found that further injunctive relief is warranted but directed the parties to meet and confer to determine the specific terms of the relief. The court noted that the CFPB had only sought civil penalties under the “basic tier” of the CFPA’s civil penalties provision and speculated that the CFPB did not propose higher penalties because it also expected to obtain a large amount of restitution. Nevertheless, the court found that higher penalties for reckless or knowing violations were not warranted because the defendants had taken “affirmative steps such as training, quality control, and seeking legal counsel, in an effort to stay on the right side of the line.”

    Courts CFPB Payment Processors UDAAP Settlement

    Share page with AddThis

Pages

Upcoming Events