InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC, Ohio AG halt payment processor and credit card interest-reduction telemarketing operations
On July 29, the FTC and the Ohio attorney general announced temporary restraining orders and asset freezes issued by the U.S. District Court for the Western District of Texas against a payment processor and a credit card interest-reduction telemarketing operation (see here and here). According to the FTC, the payment processor defendants allegedly violated the FTC Act, the Telemarketing Sales Rule (TSR), and various Ohio laws by, among other things, generating and processing remotely created payment orders or checks that allowed merchants—including deceptive telemarketing schemes—the ability to withdraw money from consumers’ bank accounts. The FTC asserted that the credit card interest-reduction defendants deceptively promised consumers significant credit card interest rate reductions, along with “a 100 percent money back guarantee if the promised rate reduction failed to materialize or the consumers were otherwise dissatisfied with the service.” However, the FTC claimed that most customers never received the promised rate reduction, were refused refund requests, and often received collection or lawsuit threats. Additionally, the credit card interest-reduction defendants allegedly violated the TSR by charging advance fees, failing to properly identify the service in telemarketing calls, and failing to pay to access the FTC’s National Do Not Call Registry.
6th Circuit: Merchant indemnified against card breach costs
On June 7, the U.S. Court of Appeals for the 6th Circuit affirmed a lower court’s ruling that an agreement between a Texas-based merchant and a payment processor did not require the merchant to pay millions of dollars in damage-control costs related to two card system data breaches. After the data breaches, the payment processor withheld routine payment card transaction proceeds from the merchant, asserting that the merchant was responsible for reimbursing the amount that the issuing banks paid to cardholders affected by the breaches. However, the merchant refused to pay the payment processor, relying on a “consequential damages waiver” contained in the agreement.
The payment processor argued that, under the agreement’s indemnification clause and provision covering third-party fees and charges, the merchant retained liability for assessments passed down from the card brands’ acquiring bank. The district court, however, granted summary judgment to the merchant, finding that the merchant was not liable for the card brands’ assessments. The court further ruled that the payment processor materially breached the agreement when it diverted funds to reimburse itself.
On review, the 6th Circuit agreed with the lower court that the assessments “constituted consequential damages” and that the agreement exempted consequential damages from liability under a “conspicuous limitation” to the indemnification clause. According to the 6th Circuit, the “data breaches, resulting reimbursement to cardholders, and levying of assessments, though natural results” of the merchant’s failure to comply with the Payment Card Industry's Data Security Standards, “did not necessarily follow from it.” In addition, the appellate court agreed with the district court’s holding that third-party fees and charges in the contract refer to routine charges associated with card processing services rather than liability for a data breach. The appellate court also concurred that the payment processor’s decision to withhold routine payment card transactions, constituted a material breach of the agreement.
Payment processor settles FTC fraud allegations
On May 21, the FTC announced a payment processor, its CEO and owner, and two other officers (collectively, “defendants”) agreed to settle charges that they knowingly processed fraudulent transactions to consumers’ accounts in violation of the FTC Act. According to the FTC’s complaint, the defendants allegedly assisted merchants, who were engaged in fraud, in hiding their activities from banks and credit card networks. The defendants allegedly (i) created fake foreign shell companies to open accounts in their names; (ii) submitted dummy websites and other false information to merchant banks; and (iii) worked to evade card network rules and monitoring designed to prevent fraud. The settlement order against the processing company and its CEO imposes a judgment of over $110 million, which is partially suspended due to the inability to pay. The settlement order against one officer imposes a judgment of over $300,000, which is suspended due to the inability to pay. The settlement order against the second officer, the company’s Chief Operating Officer, imposes a $1 million judgment. Each order imposes a permanent ban on the defendants from, among other things, engaging in payment processing and credit card laundering, whether directly or through an intermediary.
District Court approves final $7.5 million TCPA class action settlement with payment processor
On April 16, the U.S. District Court for the Northern District of California granted final approval to a $7.5 million class action settlement resolving allegations that a payment processor and its sales representative violated the TCPA by using an autodialer for telemarketing purposes without first obtaining consumers’ prior express consent. The settlement terms also require the defendants to pay roughly $1.8 million in attorneys’ fees. According to the second amended complaint, the sales representative placed pre-recorded calls to potential clients on behalf of the payment processor through the use of an autodialer, including consumers who had not consented to receiving the calls. The plaintiff further alleged that the payment processor also violated the TCPA by sending facsimile advertisements that did not contain a “Compliant Opt Out Notice” to recipients. The parties reached a preliminary settlement last August following discovery and mediation.
FTC permanently bans payment processor
On April 11, the FTC announced that a payment processing company and its owner agreed to a $1.8 million settlement resolving allegations that the company repeatedly violated a 2009 court order. That order found that the payment processer knowingly or consciously avoided knowing that debit card transactions it processed, on behalf of an allegedly fraudulent enterprise, were not authorized by the consumers. The FTC alleged that the company violated the 2009 order by, among other things, (i) failing to engage in a reasonable investigation of prospective clients before processing payments on their behalf; (ii) failing to monitor clients’ transactions to ensure that clients were not engaged in illegal behavior; and (iii) failing to adhere to administrative requirements of the order, including submitting a written compliance report to the agency. In addition to the monetary penalty, the new settlement permanently bans the company from working as a payment processor and subjects the company to reporting and recordkeeping requirements.
West Virginia exempts payment processing from some licensing requirements
On March 25, the West Virginia governor signed SB 603, which adds exemptions from the currency exchange licensing requirements. Among other things, the bill exempts from the state’s currency exchange licensing requirements a person or persons operating a payment system that provides processing, clearing, or settlement services in connection with wire transfers, debit/credit card transactions, ACH transfers, or similar fund transfers. Additionally, the bill also exempts from licensing requirements a person or persons that facilitate payment for goods or services (not including currency or money transmission) pursuant to a contract and the payment obligation is satisfied or extinguished. The bill is effective June 7.
Additional defendants settle credit card laundering lawsuit
On December 11, the FTC entered into a proposed settlement with an Arizona-based company and its officer (defendants) relating to an allegedly deceptive credit card telemarketing operation. As previously covered by InfoBytes, the FTC alleged that the defendants—as part of a larger group of 12 defendants comprised of an independent sales organization, sales agents, payment processors, and identified principals—violated the FTC Act and the Telemarketing Sales Rule by assisting a telemarketing company in masking its identity by processing the company’s credit card payments and laundering credit card transactions on behalf of multiple fictitious companies. The proposed settlement, among other things, prohibits the defendants from engaging in credit card laundering and bans them from telemarketing, processing payments, or acting as an independent sales organization or sales agent. The order also stipulates a judgment of $5.7 million, which will be suspended unless it is determined that the financial statements submitted by the defendants contain any inaccuracies.
In March 2018, the FTC reached settlements with two of the other defendants (see InfoBytes coverage here). Litigation continues against the remaining defendants.
FTC testifies before House subcommittees about combating consumer fraud
On July 26, the Director of the FTC’s Bureau of Consumer Protection, Andrew Smith, testified before subcommittees of the U.S. House Committee on Oversight and Government Reform regarding the FTC’s program to combat consumer fraud. The prepared testimony discusses the FTC’s anti-fraud program and highlights the agency’s enforcement actions against illicit companies that pose as government agents, such as the IRS, to convince consumers and small businesses to send them money. The FTC touts the steps taken to spur development of technological solutions to unlawful robocalls, including call-blocking and call-filtering products. The testimony also focuses on the FTC’s efforts to curb payment processors from assisting fraudulent actors in violation of the FTC Act. The FTC notes that the Commission has brought 25 actions against payment processors that failed to comply with requirements to ensure their systems were not being used to process fraudulent merchant transactions. The FTC emphasized that while the “overwhelming majority” of payment processors abide by the law, when certain processors do not, they cause “significant economic harm to consumers and legitimate businesses.”
District Court denies payment company’s request to set aside judgment
On March 12, the U.S. District Court for the Northern District of California denied a company’s post-trial motions to set aside September 2017 judgments in a lawsuit brought by the CFPB for alleged violations of the Consumer Financial Protection Act (CFPA). Specifically, the bi-weekly payments company requested that the court set aside its injunction and reconsider a $7.93 million penalty in light of “new evidence” that demonstrated the company’s inability to pay the penalty. As previously covered by Infobytes, the CFPB filed the lawsuit in 2015, alleging, among other things, that the company made misrepresentations to consumers about its bi-weekly payment program by overstating the savings provided by the program and creating the impression the company was affiliated with the consumers’ lender. In denying the company’s motion, the court held that the company failed to present new evidence that would justify the relief. Additionally, the court rejected the argument that the permanent injunction placed on the company was overly burdensome, stating “in light of the evidence of defendants[’] prior practices…the limitations of the injunction reflect appropriate safeguards ‘to avoid deception of the consumer.’”
FTC settles credit card laundering lawsuit
On March 9, the FTC entered into a settlement with a credit card merchant and its individual officer (collectively, “defendants”) relating to an allegedly deceptive credit card telemarketing operation. According to the FTC’s amended complaint, the defendants violated the FTC Act and the Telemarketing Sales rule by assisting a telemarketing company in masking its identity by processing the company’s credit card payments through multiple fictitious companies. The FTC previously had banned the telemarketing company from selling fraudulent “work-at-home” opportunities in 2015. The settlement, among other things, prohibits the defendants from processing payments or acting as an independent sales organization. The order also stipulates a judgment of approximately $1.3 million, which will be suspended unless it is determined that the financial statements defendants submitted to the FTC contain any inaccuracies.