Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC, DOJ sue payment processor for tech support scams
On April 17, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for violating the FTC Act and the Telemarketing Sales Rule (TSR) by allegedly engaging in credit card laundering for tech support scams. (See also FTC press release here.) According to the complaint, since at least 2016, the defendants—a payment processing company and several of its subsidiaries, along with the company’s CEO and chief strategy officer—worked with telemarketers who made misrepresentations to consumers about the performance and security of their computers through the use of deceptive pop ups in order to sell technical support scams. Defendants’ involvement included assisting and facilitating the illegal sales and laundering the credit card charges through their own merchant accounts (thus giving the scammers access to the U.S. credit card network) where defendants received a commission for each charge. The complaint maintained that the defendants “engaged in this activity even though it and its officers knew or consciously avoided knowing that its tech support clients were engaged in deceptive telemarketing practices.”
The proposed court orders (see here, here, and here) each impose monetary judgments of $16.5 million and (i) prohibit the defendants from engaging in credit card laundering through merchant accounts; (ii) require the defendants to screen and monitor any high-risk clients and take action if clients should charge consumers without authorization or violate the TSR; and (iii) prohibit the defendants from engaging in payment processing or assisting tech support companies that engage in false or unsubstantiated telemarketing or advertising. According to the DOJ’s announcement the defendants will be required to pay a combined total of $650,000 in consumer redress. This payment will result in the suspension of the total monetary judgment of $49.5 million due to the defendants’ inability to pay.
Massachusetts settles with debt payment processor
On November 7, the Massachusetts attorney general announced a settlement with a payment processing company to resolve claims that it provided substantial assistance to a debt settlement provider engaged in unlawful business practices that charged consumers premature and inflated fees in violation of state and federal law. According to an assurance of discontinuance filed in Suffolk Superior Court, the company processed settlement and fee payments for consumers enrolled in various debt settlement programs, including those offered by a debt settlement provider that was previously fined $1 million by the AG’s office for allegedly harming financially-distressed consumers. (Covered by InfoBytes here.) The newest settlement resolves claims that the company transferred unlawful fee payments to the debt settlement provider despite having knowledge of the alleged misconduct and even after the provider was sued by the AG’s office. Without admitting any facts, liability, or wrongdoing, the company has agreed to pay $600,000 to the Commonwealth, and will, according to the announcement, “make meaningful business practice changes that would prevent it from transferring untimely fees from any Massachusetts consumer account to any debt settlement company.”
CFPB sues payment processor over junk fees and dark patterns
On October 18, the CFPB filed a complaint against a Texas-based payment processing service platform (primarily related to collecting and processing event fees) for allegedly violating the Consumer Financial Protection Act (CFPA) and the EFTA by engaging in deceptive and abusive acts and practices. The Bureau alleged that the defendant enrolled consumers in, and charged them, for discount club memberships without their consent that were largely unrelated to the event the consumers were signing up for. The complaint noted that although the defendant’s memberships had a 30-day free “negative option trial membership,” the memberships automatically begin charging the membership fees at the end of the trial period. The Bureau also alleged that the defendant deployed dark patterns, which “are hidden tricks or trapdoors that companies build into their websites to get consumers to inadvertently click links, sign up for subscriptions, or purchase products or services.” The Bureau further alleged that the defendant violated the EFTA and Regulation E by increasing consumers’ membership fees without sending the consumer written notice of the new amount and the date of the new payment at least 10 days before initiating the new payment, which also constitute violations of the CFPA. The Bureau is seeking permanent injunctive relief, damages, restitution, disgorgement, civil money penalties, and other relief.
According to a statement by CFPB Director Rohit Chopra, the Bureau is “closely watching whether financial services firms are deploying digital dark patterns,” and is “looking at a range of ways to reduce unwanted junk fees.” He also added that the Bureau is “working to ensure our payments system is working safely and fairly” and that it “will continue to look at how payment platforms extract data and fees from their users.”
District Court approves $84 million payment processing settlement
On August 17, the U.S. District Court for the District of Nebraska granted final approval of an $84 million class action settlement resolving allegations that a payment processing company’s billing practices overcharged merchants. Class members retained the company to process credit card payments and claimed that the company allegedly charged fees that did not align with the terms of their contracts. Class members accused the company of Racketeer Influenced and Corrupt Organizations Act violations, breach of contract, and fraudulent concealment related to allegations that the company assessed noncompliance fees, increased contractual credit card discount rates, and shifted credit card transactions from lower-cost rate tiers to higher-cost rate tiers. Under the terms of the settlement, the company will pay up to $84 million into a settlement fund, which will provide cash benefits to class members and cover administrative costs, attorney fees, and other expenses.
FTC brings action against payment processor for misleading small businesses
On July 29, the FTC announced a settlement with a payment processing company and two of its sales affiliates (collectively, “defendants”) to resolve claims that they “trapp[ed] small businesses with hidden terms, surprise exit fees, and zombie charges.” The FTC alleged that the defendants made false claims about fees and cost savings, including “false and baseless claims about their processing services” to lure merchants, many of whom had limited English proficiency. According to the complaint, once merchants were enrolled, the defendants allegedly withdrew funds from their accounts without their consent and made it difficult and expensive for them to cancel the service. The complaint also alleged that the defendants violated the Restore Online Shoppers’ Confidence Act (ROSCA) by failing to disclose material terms, by charging consumers without their express informed consent, and by failing to provide a simple mechanism for consumers to cancel the agreements.
Under the terms of the proposed settlement, the defendants are, among other things, prohibited from making misrepresentations, making unsubstantiated claims, and using unfair debiting practices. The defendants will also be prohibited from making withdrawals from any of their customers’ bank accounts without authorization. The defendants must pay $4.9 million to the FTC, which will be used to provide refunds to affected businesses.
UK's FCA secures £2,000,000 account forfeiture order against fintech start up
On April 21, the UK’s Financial Conduct Authority (FCA) secured a £2,000,000 account forfeiture consent order against a fintech startup that purportedly offers due diligence and underwriting services. The FCA noted that the funds were supposedly an investment received from a software firm, but observed that the fintech company moved the money repeatedly to different bank accounts in several countries in transactions with no legitimate business purpose. The funds, which the FCA had already frozen in October and December 2020, were allegedly “the proceeds of illegal activity connected to criminal proceedings in the United States of America concerning an alleged conspiracy to commit wire fraud against banks, credit card companies and other financial service providers in the USA.” While the FCA is not alleging that the fintech company was involved in the conspiracy, it flagged concerns in response to the company’s application to become a regulated firm. The company has since withdrawn its application to be regulated by the FCA.
FTC fines payment processor $2.3 million for helping online discount clubs bilk consumers
On March 10, the FTC reached a settlement with a payment processing company and two senior officers (collectively, “defendants”) whereby the company would pay $2.3 million in restitution as part of their role in allegedly helping the operators of a group of marketing entities enroll consumers into online discount clubs and debit more than $40 million from consumers’ bank accounts for membership without their authorization. As previously covered by InfoBytes, the FTC’s 2017 complaint claimed that the online discount clubs claimed to offer services to consumers in need of payday, cash advance, or installment loans, but instead enrolled consumers in a coupon service that charged initial fees ranging from $49.89 to $99.49, as well as monthly recurring fees of up to $19.95. However, the FTC’s complaint stated that “99.5 percent of the consumers being illegally charged for the ‘discount clubs’ never accessed any coupons, and that tens of thousands called the defendants to try and cancel the charges, while thousands more disputed the charges directly with their banks.” The FTC accused the defendants of providing “substantial assistance or support” in the way of payment processing services while “knowing or consciously avoiding knowing” that the actions being supported were in violation of the Telemarketing Sales Rule (TSR). The FTC further detailed how defendants ignored several indications of fraudulent activity, including the consistently high return rates generated by the discount club transactions and that a primary client of their services had already been the subject of previous FTC enforcement actions for engaging in similar conduct.
Under the terms of the settlement, which is pending court approval, the defendants are banned from, among other things, (i) processing remotely created payment orders; (ii) processing payments on behalf of clients whose business involves outbound telemarketing, discount clubs, or offers to help consumers with payday loans; (iii) processing payments on behalf of any client that the defendants know or should know is engaging in deceptive or unfair acts or practices or violating the TSR; and (iv) processing payments for any existing or prospective clients without first conducting a reasonable screening to ensure clients are not violating federal law.
DFPI addresses several MTA licensing exemptions
Recently, the California Department of Financial Protection and Innovation (DFPI) released two new opinion letters covering aspects of the California Money Transmission Act (MTA) related to the purchase and sale of digital assets and agent of payee rules. Highlights from the redacted letters include:
- Purchase and Sale of Digital Assets; Payment Processing Services. The redacted opinion letter examines whether the inquiring company’s client is required to be licensed under the MTA. The letter describes two types of transactions proposed to be conducted on the client’s online trading platform: (i) transactions in which customers purchase and sell digital assets from the company in exchange for fiat currency (Direct Purchase Transactions); and (ii) transactions in which merchants use the platform as a payment processor to accept digital assets from customers in exchange for non-fungible tokens (Payment Processing Transactions). DFPI concluded that the Direct Purchase Transactions do not require an MTA license because they do not “involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.” DFPI similarly concluded that the Payment Processing Transactions do not require licensure at this time because DFPI has “not yet determined that payment processing transactions involving digital assets constitute receiving money for transmission[.]” Notwithstanding, DFPI added that it has been “studying the cryptocurrency industry closely” and that “[a]t any time, the Department may determine these activities are subject to regulatory supervision. The Department may also adopt regulations or issue interpretive opinions that significantly restrict [the contemplated] business operations.”
- Agent of Payee. The redacted opinion letter addresses whether the inquiring company’s proposed payment processing activities are exempt from the MTA’s licensing requirements. The letter explains that the company proposes to process payments related to purchases of apps through a virtual marketplace that operates on the company’s point of sale terminals. Through the virtual marketplace, customers (generally small businesses or merchants) may purchase apps that are developed and licensed to customers by third-party developers. Pursuant to a developer agreement, the company is appointed by such third-party developers to act as an “agent” of the developers “to collect and hold all Gross Revenue on [the developers’] behalf and to remit the Remittance Amount to [the developers’] Payment Account.” DFPI concluded that receiving funds from a customer for the purposes of transmitting payments to the developer “constitutes ‘receiving money for transmission.’” However, DFPI noted that these activities also satisfy the “agent of payee” exemption requirements because, pursuant to the developer agreement, the company acts as an agent of the developer, and the company’s receipt of payment satisfies “the customer’s (payor’s) obligation to the Developer for goods or services.” Accordingly, DFPI concluded that while the activities described constitute “money transmission” the company is exempt from the MTA’s licensure requirement.
DFPI reminded the companies that its determinations are limited to the presented facts and circumstances and that any change could lead to different conclusions.
CFPB bans payment processor for alleged fraud
On January 18, the CFPB filed a proposed stipulated judgment and order to resolve a complaint filed last year against an Illinois-based third-party payment processor and its founder and former CEO (collectively, “defendants”) for allegedly engaging in unfair practices in violation of the CFPA and deceptive telemarketing practices in violation of the Telemarketing Act and its implementing rule, the Telemarketing Sales Rule. As previously covered by InfoBytes, the CFPB alleged that the defendants knowingly processed remotely created check (RCC) payments totaling millions of dollars for over 100 merchant-clients claiming to offer technical-support services and products, but that actually deceived consumers—mostly older Americans—into purchasing expensive and unnecessary antivirus software or services. The tech-support clients allegedly used telemarketing to sell their products and services and received payment through RCCs, the Bureau claimed, stating that the defendants continued to process the clients’ RCC payments despite being “aware of nearly a thousand consumer complaints” about the tech-support clients. According to the Bureau, roughly 25 percent of the complaints specifically alleged that the transactions were fraudulent or unauthorized.
If approved by the court, the defendants would be required to pay a $500,000 civil penalty, and would be permanently banned from participating in or assisting others engaging in payment processing, consumer lending, deposit-taking, debt collection, telemarketing, and financial-advisory services. The proposed order also imposes $54 million in redress (representing the total amount of payments processed by the defendants that have not yet been refunded). However, full payment of this amount is suspended due to the defendants’ inability to pay.
FTC permanently bans payment processor from debt relief processing
On November 8, the FTC announced the permanent ban of a payment processor from processing debt relief payments and ordered payment of $500,000 in consumer redress. According to the FTC’s complaint, the payment processor and its owner (collectively, “defendants”) allegedly processed roughly $31 million in consumer payments on behalf of a student loan debt relief operation charged by the FTC in 2019 for allegedly engaging in deceptive practices when marketing and selling their debt relief services. As previously covered by InfoBytes, the FTC claimed the operators (i) charged borrowers illegal advance fees; (ii) falsely claimed they would service and pay down their student loans; and (iii) obtained borrowers’ credentials in order to change consumers’ contact information and prevent communications from loan servicers. The FTC alleged the defendants processed payments from tens of thousands of consumers even though they were aware of numerous issues with the scheme and had received complaints from consumers and banks. The FTC further alleged that the defendants continued to process payments until the FTC took enforcement action against the operation.
Under the terms of the settlement, the defendants are permanently prohibited from processing payments for debt relief services and student loan entities and are banned from processing payments for any merchant unless there is a signed, written contract. The defendants are also required to screen prospective high-risk clients to determine whether such clients are, or are likely to be, engaging in deceptive or unfair activities. In addition, the settlement imposes a $27.5 million judgment against the defendants, which is largely suspended following the payment of $500,000, due to the defendants’ inability to pay the full amount.