InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Court permanently bans companies and officer from payment processing
On January 22, the U.S. District Court for the District of Arizona entered judgments (available here and here) prohibiting two companies and one officer from engaging in payment processing services, credit card laundering, and telemarketing as a result of their involvement in a credit card laundering scheme. As previously covered by InfoBytes, in July 2017, the FTC filed a complaint against 12 defendants, comprised of an independent sales organization (ISO), sales agents, payment processors, and identified principals, for allegedly violating the FTC Act and the Telemarketing Sales Rule by laundering credit card transactions on behalf of a “telemarketing scam” operation through fictitious merchant accounts. The defendants purportedly (i) underwrote and approved the operation’s fictitious companies; (ii) set up merchant accounts with its acquirer for the fictitious companies; (iii) used sales agents to market processing services to merchants; (iv) processed nearly $6 million through credit card networks; and (v) transferred sales revenue from the transactions to companies controlled by the defendants. In addition to the permanent injunctions, the court entered into an over $4.6 million suspended judgment against the companies and an over $460,000 suspended judgment against the officer. However, the judgments can be lifted should the court find that the officer failed to disclose material assets or the accurate value of material assets.
National bank settles merchant processing fee class action for $40 million
On January 12, a national bank’s merchant services division agreed to pay up to $40 million to settle a class action alleging that the bank overcharged for payment processing services. According to the November 2017 amended complaint filed in the U.S. District Court for the Eastern District of New York, six small businesses alleged that the bank fraudulently induced merchant customers to enter into contracts by failing to properly disclose rates and charges that applied to their accounts. Specifically, the plaintiffs alleged that the bank induced merchants to retain its card payment processing services by promising low card processing fees at the time of enrollment but then charged higher rates and surcharges for the “vast majority of transactions.” Plaintiffs also alleged that the bank used an “upcharge” method, in which customers contract for “fixed” processing fees, but that the vast majority of transactions are ultimately deemed “non-qualified” and charged at higher rates than disclosed. Additionally, the bank allegedly told potential merchant customers that they could “cancel at any time without penalty,” when merchant customers that canceled prior to the expiration of the contract term were charged an “early termination fee [] of several hundred dollars.”
Under the proposed settlement, the bank will pay up to $40 million—and no less than $27 million—to class members and cover attorneys’ fees and expenses, service awards, and settlement administration costs. Additionally, the bank, among other things, has agreed to (i) continue to allow customers to switch, penalty-free to a newer standard pricing plan from the fixed pricing plan; and (ii) modify contract terms to allow customers to leave without termination fees within 45 days of being assessed new or increased fees.
FTC settles with payment processor for fraud
On December 10, the FTC announced a settlement with a payment processor and its former CEO (collectively, “defendants”) for allegedly processing consumer credit card payments for certain entities “when they knew or should have known that the schemes were defrauding consumers,” in violation of the FTC Act. According to the complaint, the defendants allegedly arranged for merchants engaged in fraud to obtain merchant accounts with acquiring banks in order to process “unlawful credit and debit card payments through the card networks” totaling more than $93 million in consumer charges. The FTC alleges the defendants knew or should have known that the merchant accounts were being used by third parties that the defendants had not underwritten or being used by merchants to sell products that the defendants had not underwritten. Specifically, the FTC argues that the defendants ignored “clear red flags” that the merchants were operating fraudulent schemes, including high rates of consumer chargebacks and the use of multiple accounts to artificially reduce the number of chargebacks. The FTC notes that a number of the merchants the defendants contracted with were shut down by federal law enforcement.
The proposed order requires the defendants to pay $1.5 million to provide redress to affected consumers, and permanently bans the defendants from (i) acting as a payment processor for any companies providing free trial offers for nutraceutical products; (ii) engaging in credit card laundering; and (iii) assisting companies in the evasion of financial institutions’ fraud monitoring. Additionally, the defendants must conduct enhanced screening and monitoring of merchant clients.
FTC, Ohio AG reach $8.6 million settlement with payment processor
On June 9, the FTC and the Ohio attorney general announced a settlement with a payment processor and its owners (collectively, “defendants”) for allegedly facilitating payments for multiple scam operations. The FTC’s 2019 complaint claimed that the defendants, among other things, generated and processed remotely created payment orders or remotely created checks (RCPOs) that allowed third-party merchants—including deceptive telemarketing schemes—the ability to withdraw money from consumers’ bank accounts (covered by InfoBytes here). According to the FTC, even though the FTC’s Telemarketing Sales Rule (TSR) prohibits sellers and telemarketers from using RCPOs in connection with telemarketing sales, the defendants allegedly marketed their RCPO payment processing services to telemarketers and other merchants considered “high risk” by financial institutions and card networks, and used RCPOs to process millions of dollars for credit card interest reduction and student loan debt relief telemarketing schemes. Under the terms of the settlement, the defendants are permanently banned from participating in any payment processing activities and are prohibited from violating the TSR and the Ohio Consumer Sales Practice Act. The settlement also imposes a monetary judgment of over $8.6 million, which is mostly suspended due to the defendants’ inability to pay.
FTC reaches settlement with payment processor
On June 1, the FTC announced a settlement with a payment processor that the FTC alleged had engaged in unfair acts or practices in violation of the FTC Act by ignoring warnings that its client was operating a scheme through which it persuaded consumers to pay thousands of dollars each for worthless business coaching and investment mentoring services. (See InfoBytes coverage on the affiliate marketer settlements here.) The FTC’s complaint provides that the company’s processing data, which showed a large number of charges and associated refunds and chargebacks, immediately raised red flags regarding the client’s business model. According to the FTC, the company failed to adequately investigate why the client “greatly exceeded its approved processing volumes and accrued significant chargebacks,” and that while some of the client’s accounts were terminated, the company continued to provide processing services for five other accounts. In addition, the FTC states that the company failed to monitor both the products sold and claims made by the client. The settlement imposes a monetary judgment of over $46.7 million, which is suspended due to the company’s inability to pay. The company is also required to surrender any claims to the client’s assets, which are being held in receivership in a separate action.
FTC announces $40 million settlement with payment processor in credit card laundering case
On May 19, the FTC filed a complaint against a large payment processing company and its former executive for allegedly participating in deceptive or unfair acts or practices in violation of the FTC Act and the Telemarketing Sales Rule (TSR) by processing payments and laundering, or assisting in the laundering of, credit card transactions targeting hundreds of thousands of consumers. The FTC’s complaint alleges, among other things, that the payment processing company received and ignored repeated “warnings and direct evidence” dating back to 2012 showing that the former executive was using his company to open hundreds of fake merchant accounts and shell companies, and allowed him to continue to open merchant accounts until 2014. According to the FTC, the “schemes included, but were not limited to, a debt relief scam that used deceptive telemarketing, business opportunity scams that used deceptive websites, and a criminal enterprise that used stolen credit card data to bill consumers without their consent” in which the both defendants received fees for processing the scheme’s payments. The FTC also claims that the payment processing company violated its own anti-fraud policies by failing to adequately underwrite, monitor, or review its sales agents and their risk management processes, and failed to timely terminate the merchant accounts involved in the scheme.
The payment processing company’s proposed settlement imposes a $40 million monetary judgment and prohibits the company from assisting or facilitating TSR and FTC Act violations related to payment processing. Additionally, the company will be required to (i) screen and monitor prospective restricted clients; (ii) establish and implement a written oversight program to monitor its wholesale independent sales organizations (ISO); and (iii) hire an independent assessor to monitor the company’s compliance with the settlement’s ISO oversight program.
The former executive’s proposed settlement imposes a $270,373.70 monetary judgment, and bans him from payment processing or acting as an ISO for certain categories of high-risk merchants. He is also prohibited from credit card laundering activities, making or assisting others in making false or misleading statements, and assisting or facilitating violations of the FTC Act or TSR.
Neither defendant admitted or denied the allegations, except as specifically stated within the proposed settlements.
CFPB partially grants confidentiality request and modifies CID’s notification of purpose
On April 13, the CFPB released a Supplemental Decision and Order partially granting a payment technology company’s request for confidential treatment of its petition that sought to set aside a 2019 CID seeking information related to, among other things, the company’s payment processing activities. The CFPB noted in its supplemental decision and order that while the company’s initial confidentiality arguments were rejected, it provided the company an opportunity to make an additional submission following a U.S. Supreme Court decision that clarified the standard for determining what information may be withheld under Exemption 4 of FOIA. The Bureau ultimately granted the company’s confidentiality request with respect to its payment processor information only.
The supplemental decision and order is related to the company’s now-published original petition to set aside the CID, in which it asserted that it is not a covered person under the Consumer Financial Protection Act because even though it sells various products and services, it does not provide payment processing services. The company also argued that it is not a service provider because it does not offer or provide consumer financial products or services, nor does it provide services to a covered person. Furthermore, because it is not a financial institution, the company claimed that the CFPB has no EFTA authority over it. The original petition requested that the CID be set aside because it exceeds the Bureau’s jurisdictional authority. The Bureau responded that the company’s arguments did not warrant setting aside the CID because the investigation was “not patently outside” its authority, but it partially modified the CID’s Notification of Purpose to provide greater detail about the conduct the Bureau was investigating. The Bureau also contended that the fact that the company is not a financial institution does not affect whether the Bureau can conduct an investigation into potential violations of section 1005.10(b) of Regulation E (EFTA), which “applies to any person.”
Credit card launderer settles FTC charges for $6.75 million
On April 22, the FTC filed a complaint against a Canadian company and its CEO (defendants) for allegedly participating in deceptive and unfair acts or practices in violation of the FTC Act and the Telemarketing Sales Rule (TSR) by, among other things, laundering credit card payments for two tech support scams that were sued by the FTC in 2014. The FTC alleges in its complaint that the defendants entered into contracts with payment processors to obtain merchant accounts to process credit card charges. While these contracts prohibited the defendants from submitting third-party sales through its merchant accounts, the FTC claims that the defendants used the accounts to process millions of dollars of consumer credit card charges on behalf of the two tech support operators and also processed charges for lead generators that directed consumers to the tech support scam. The FTC alleges that the defendants were aware of the unlawful conduct of at least one of the two operators and attempted to hide these charges from the payment processors.
Under the proposed settlement, the defendants neither admitted nor denied the allegations, except as specifically stated within the settlement, and (i) will pay $6.75 million in equitable monetary relief; (ii) are permanently enjoined from engaging in any further payment laundering or violations of the TSR; and (iii) will screen and monitor prospective high risk clients.
Louisiana regulator provides guidance on business continuity plans
On April 1, the Louisiana Office of Financial Institutions issued a bulletin urging financial institutions to review their disaster recovery/business continuity plans and update them as needed to ensure that all interdependent operations are considered. The guidance includes a list of considerations, including, among other things: supplying staff with protective equipment and training; updated contact information for third party services and consideration of third party services that might become impaired in an incident; contingency communication process; remote work possibilities; identification of critical operations, including as examples, core processing systems, ATM processing and replenishment, online banking systems, payment processing, and wire processing; cross-training for continuity; and liquidity and cash considerations.
District Court: FTC allegations against credit card processor can proceed
On August 28, the U.S. District Court for the District of Arizona denied motions to dismiss an enforcement action brought by the FTC against a group of individuals and entities that allegedly facilitated a telemarketing scheme that previously resulted in the principal actors in the scheme settling with the FTC and later pleading guilty to state criminal charges. The alleged scheme involved “credit card laundering”—the creation of fictitious entities to process customer credit card transactions so that the actual entity receiving the funds would not be identified. The defendants in the current matter are an Independent Sales Organization and several of its officers allegedly involved in that effort (prior Info Bytes coverage here). The defendants first argued that the relevant part of the FTC Act only permits injunctive relief and that the FTC’s requests for restitution and disgorgement were improper because those forms of relief are penalties, not equitable relief, under Kokesh v. Securities and Exchange Commission. The court noted, however, that the Supreme Court in Kokesh expressly limited the holding to the question of the statute of limitations applicable to the SEC, and that the Ninth Circuit has subsequently approved decisions granting restitution and disgorgement under the FTC Act. The defendants also argued that injunctive relief was not warranted where the unlawful conduct in question ceased in 2013, but the court ruled that the FTC need only show that it has “reason to believe” that a defendant is violating or is about to violate the law. The court declined to address the FTC’s argument that its “reason to believe” decision is unreviewable, but it found that the FTC had pled sufficient facts to establish that it has reason to believe that the defendants would violate the statute. In particular, the court noted that a “court’s power to grant injunctive relief survives the discontinuance of illegal conduct,” that “an inference arises from illegal past conduct that future violations may occur,” and that “courts should be wary of a defendant’s termination of illegal conduct when a defendant voluntarily ceases unlawful conduct in anticipation of formal intervention.” Those factors were all present, along with the fact that the defendants “remain in the same professional occupation.”