Whether or not other states follow the Keystone State’s lead, this decision will have devastating consequences for emerging payment companies, especially those who do not have the resources of traditional old line processors. Many may well be faced with the prospect of either banning Pennsylvania consumers or leaving the nonprofit and religious processing space.

On September 29, 2015, the Pennsylvania Department of Banking and Securities issued an advisory that its money transmitter regulations are violated when payment facilitators or ISOs collect money from consumers and forward it to nonprofits and religious organizations. In fact, the advisory, according to its plain language, would ban all traditional payment processing for nonprofits and religious organizations by any company that is not licensed as a money transmitter. (The state also issued a news release defending its decision.)

Although the Department directed the advisory to Pennsylvania’s nonprofit and religious organizations to warn about the risks of using unlicensed electronic payment service providers to collect charitable donations, it is the payment facilitators and ISOs operating within the state that are going to feel its impact. For instance, the advisory does not distinguish between a payment entity that settles the money into its own account and one that transmits funds directly from the acquiring bank to a non-profit/religious institution.

This another example of the continuing technological innovation in the payments sphere leading to uncertainty in the law and conflicting regulatory approaches between federal and state regulators as to the legal status of various money services businesses.

One key issue that is very much in flux is what types of business activities qualify as “money transmission” activities requiring federal registration and/or state licensing as a money transmitter. Depending on how and where a payment facilitator is doing business, it may be subject to federal registration requirements with the Financial Crimes Enforcement Network (“FinCEN”) pursuant to the Bank Secrecy Act (“BSA”), without being subject to state licensure requirements. Or it may be subject to licensure requirements in some states, but not in other states or under federal law.

This presents particular challenges to young emerging payments companies, which often lack experienced legal teams to track the frequent changes in the law. Those businesses may also lack the resources to undertake the costly and time-consuming process of getting licensed as a money transmitter in every state where they operate.

The advisory admonishes that any person selling services to “non-profits, religious organizations, charities and political campaigns (“third-party recipient”) for the movement of money from a donor’s bank account or credit card to the account of a third-party recipient” must be licensed as a money transmitter under Pennsylvania law, regardless of whether the transmission is executed by the service provider through its own banking institution, or forwarded to a payment processor for processing through the ACH system. All persons subject to licensure as a money transmitter in Pennsylvania are also subject to the additional statutory requirements that they carry a $1 million liability bond and have a minimum net worth of at least $500,000. (7 P.S. §6102).

Significantly, the advisory said that payment processors and ISOs must be licensed to perform such money transmission activities. This is in direct contrast to federal law, which expressly excludes payment processors and ISOs from the federal registration requirements for “money transmitter” money services businesses under the BSA, provided they qualify for the “payment processor exemption” by satisfying four mandatory conditions:

• The entity must facilitate the purchase of goods or services, or the payment of bills for goods or services (other than money transmission itself)
• The entity must operate through clearance and settlement systems that admit only BSA-regulated financial institutions (such as the ACH) or are themselves regulated institutions (such as operators of credit cards)
• The entity must provide the service pursuant to a formal agreement
• The entity’s agreement must be at a minimum with the seller or creditor that provided the goods or services and receives the funds. (See FIN-2014-R009, “Application of Money Services Business Regulations to a Company Acting as an Independent Sales Organization and Payment Processor”, August 27, 2014.)

The Department emphasized that “the fact that the federal government may have determined that the activity engaged in by [companies fitting within the payment processor exemption] is not money transmission for purposes of federal law is irrelevant to a determination that one is acting as a money transmitter for purposes of state law and the need to comply with state law” because of the distinctly different purposes behind the federal and state statutes in question. The advisory said that the “purpose of the designation of a money transmission under federal law is to further compliance with the Bank Secrecy Act and to prevent the use of the banking system in furtherance of an illegal or criminal activity.”

In contrast, Pennsylvania’s state licensing requirements for companies selling money transmission services to non-profits and charitable organizations aims to provide protection for the donor’s funds through the net worth and bond requirements of the statute. Under the language of the advisory, any religious organization using any payment processing service would be banned unless the service is licensed in the state.

Of course, electronic payment service companies affected by the advisory may avoid the impact of the Department’s decision by simply not doing any business with Pennsylvania consumers. Yet that is a questionable strategy, especially given the likelihood that at least some states will follow Pennsylvania’s example.

Another option is to implement contractual changes and/or vary the structure of their business activities such as offering a good or service to the consumers, to qualify for other exemptions from such licensing requirements. Potential solutions must be evaluated on a case-by-case basis, however, and may satisfy some regulatory licensure schemes but not others. One thing for certain is that the problem is not going away anytime soon.

The post State Money Transmitter Rule Slams PFs, ISOs appeared first on Genco Payments.

Before 2002, the FTC had never sued an ISO. Since then, however, it has filed at least seven lawsuits against payment processors for facilitating merchant fraud. This trend seems to be gaining momentum.
To establish liability, the FTC relied on Section 5 of the 1914 FTC Act and the Telemarketing Sales Rule (TSR), which was enacted in 1995.

Section 5 is the basic federal consumer protection statute that allows the FTC to take action against unfair or deceptive business practices. The TSR protects consumers against businesses that engage in or facilitate fraudulent telemarketing.

The FTC takes aim

In February 2002, the FTC initiated its first lawsuit against an ISO when it sued Certified Merchant Services Ltd. under Section 5. The lawsuit alleged CMS and its third-party sales agents unfairly and deceptively modified customer contracts, debited customer accounts without authorization, failed to disclose charges and fees, and misrepresented various goods and services offered.

CMS agreed to pay $23.5 million to settle the charges. Payment to the FTC came from a forced sale of CMS’ assets.

In July 2003, the FTC filed suit against Electronics Financial Group and its principals. EFG provided a variety of electronic payment services to clients in the United States and Canada, including electronic debits and credits to consumer bank accounts through the automated clearing house (ACH) networks.

The EFG case is striking. Unlike the CMS case, which involved unfair business practices against consumers perpetrated directly by the ISO, EFG’s liability was premised on the unlawful conduct of its merchants. In particular, the FTC alleged EFG violated the law by doing the following:

• Providing assistance to merchants engaged in the deceptive marketing of advance-fee debit cards
• Processing ACH transactions on behalf of merchants engaged in outbound telemarketing to consumers with whom the merchants had no relationship. This activity was unfair in the eyes of the FTC because NACHA – The Electronic Payments Association operating rules (by which all processors are bound) specifically prohibit processing this type of transaction.
• Providing substantial assistance and support to numerous telemarketing clients who EFG knew or should have known were engaged in business practices that violated the TSR.

EFG ultimately paid $3.9 million to settle the suit. The settlement banned EFG from processing any telephone-initiated sales through the ACH network.

The offensive expands

The FTC filed a similar action against First American Payment Processing Inc. in January 2004. Once again, it relied on Section 5 and the TSR. The FTC sought to hold First American liable for processing ACH transactions on behalf of merchants engaged in fraudulent outbound telemarketing, not for any deceptive act vis-à-vis consumers by First American.

First American paid $1,580,739 to settle this case. It also agreed to halt processing payments for outbound telemarketers.

In August 2005, Universal Processing Inc. and its principals were subject to yet another FTC action. It was premised on the unlawful conduct of Universal’s merchants, not on the processor’s actions. The FTC alleged that high return rates should have tipped Universal off that it was processing unauthorized charges even though, in reality, Universal had no way of knowing consumers had not authorized debits.
Universal ultimately entered into an agreement with the FTC to settle the matter. That agreement specified that the settlement did not in any way constitute an admission of guilt on the part of Universal.

More processors hit

The FTC filed two more actions against ISOs in December 2006. The first alleged the payment processing businesses owned and/or controlled by Ira Rubin violated the TSR by aiding at least nine malicious, Canada-based, advance-fee credit card schemes. The subterfuge induced consumers to allow electronic debits from their bank accounts in exchange for unsecured credit cards. Many consumers never even received the cards.

The FTC alleged Rubin and his companies provided processing services despite receiving complaints from consumers, law enforcement and Better Business Bureau chapters concerning the deceptive and abusive business practices of its merchants.

The second action was against InterBill Ltd., a payment processor servicing high-risk merchants, such as online gambling Web sites and MO/TO marketing companies. The FTC alleged InterBill violated the FTC Act by debiting consumer bank accounts despite clear red flags that its merchants were submitting illegal transactions for processing.

It is worth noting the FTC’s claim emphasized that InterBill failed to follow its own merchant guidelines when processing these transactions, such as checking references, collecting information and verifying physical addresses.

Leveled by criminal charges

ISOs and payment processors are also vulnerable to other government actions and investigations, including criminal charges. In February 2006, CardSystems Solutions Inc. agreed to settle FTC charges that alleged the processor failed to take appropriate security measures to protect the sensitive information of tens of millions of consumers.

Also in February 2006, the U.S. government (not the FTC) filed a civil action against Payment Processing Center LLC and its principals. The suit alleged PPC either knew or remained intentionally ignorant of the fact that it was enabling merchants to engage in fraud, because it continued to process transactions for certain accounts with high return rates.

The PPC case was previously discussed in “Are you Big Brother material? The FTC seems to think so,” by Theodore F. Monroe, The Green Sheet, Sept. 11, 2006, issue 06:09:01. It is compelling because the government did not sue any of the 13 PPC merchants specifically alleged to have perpetrated the underlying acts of fraud.

In secret, the government also obtained a restraining order against PPC that barred the company from processing certain types of transactions. In addition, the order contained an immediate asset freeze.

And in January 2007, authorities brought criminal charges against John David Lefebvre and Stephen Eric Lawrence, the principals of a company that processed Internet gambling transactions.

The charges alleged the pair set up an Internet payment services company to help facilitate the transfer of billions of dollars of illegal gambling proceeds from American citizens to overseas Internet gambling companies.

Protective armor for payment processors

Worried? Here are some things you can do to avoid these types of government inquiries and lawsuits:

• Investigate your merchants’ business practices, and verify that they honor all promises they make.
• Carefully adhere to your underwriting guidelines, and look for inconsistencies in merchant applications.
• Halt processing services to merchants that may be violating the law or have unusual or high chargeback ratios.
• Review all marketing materials and telemarketing scripts.
• Obtain written documents demonstrating your merchants’ compliance with card Association and NACHA rules and regulations regarding consumer authorization of debits.
• Never process ACH transactions on behalf of merchants engaged in outbound telemarketing to consumers with whom such merchants have no existing relationship. Remember, this activity constitutes an unfair practice in the eyes of the FTC. And it violates the NACHA rules to which processors are contractually bound.

If you suspect your customers of violations, or if you receive a government inquiry concerning one of your merchant accounts, consult a lawyer with experience in the payments industry.

There are many ways you can be held responsible for your clients’ conduct. An attorney can help ensure that you do everything in your power to comply with the law and avoid a situation where you incur liability for aiding and abetting unlawful conduct.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com

The post Think Chargebacks Are Bad? Look What Uncle Sam Can Do appeared first on Genco Payments.

Who’s knocking at the door?

ISOs may receive requests for information from any number of government agencies and prosecutors. However, the Federal Trade Commission, Internal Revenue Service, U.S. Postal Inspection Service and state attorneys general are among the most likely candidates. The FBI and an array of federal prosecutors follow closely behind.

Government agencies may contact ISOs for information about merchants for any number of reasons. Inquiries could be part of preliminary civil investigations in response to consumer complaints. Inquiries could also stem from prosecutors seeking admissible evidence of criminal conduct and its resulting proceeds.

Types of merchant offenses typically pursued by authorities involve allegations of improper advertising and billing practices; 2003 CAN-SPAM Act and Do-Not-Call Registry violations; and the sale of illegal products or services (such as restricted narcotics or online gaming).

I have also seen several IRS inquiries seeking to determine a merchant’s actual income, as well as a number of Justice Department inquiries trying to discern the amount of wrongful proceeds allegedly generated by an illegal scheme.

Requests you can’t refuse

Depending on the investigating agency and the nature of the alleged offense, the government’s inquiry may come in the form of an informal request for information, such as a letter or phone call, or as a formal demand for information, such as a subpoena to produce documents or to appear as a witness before a grand jury.

Many inquiries – initial inquiries at least – are informal requests from agents or attorneys for answers to a few questions, or some other “voluntary” demonstration of cooperation.

The government can compel cooperation at any time by serving subpoenas or civil investigative demands that require the production of documents, electronic information or other tangible evidence.

Government agencies may also compel company officers and representatives to testify under oath in depositions, grand jury proceedings or at trials.

No rational businessperson wants to be involved in a government investigation. Even the most aboveboard and conscientious among us should be extremely cautious when receiving any type of inquiry from a government agency.

Indeed, an investigation of one of your merchant’s business activities may turn into an investigation of your ISO if authorities come to suspect you have done something wrong. Authorities may even attempt to hold you legally responsible for the illegal or improper acts of your merchants.

For instance, a number of ISOs have faced liability from the FTC or the Justice Department for the processing practices for their merchants, in essence holding the ISOs responsible for merchants’ excessive chargeback or return rates.

Heads out of the sand

The most important first step for any processor, ISO or MLS dealing with any form of information request from a government agency is to promptly retain an experienced lawyer and address the situation directly.
Conversely, the biggest mistake you can make is to delay taking action or simply blow the government agency off.

Even when you have no relevant records and absolutely nothing to hide, you can become vulnerable to serious penalties should you fail to comply in a timely fashion with a government investigation.

Moreover, once you are aware of an investigation, it is imperative that you faithfully preserve all documents and electronic information (including e-mail correspondence) that might prove relevant to the government’s inquiry.

Indeed, destroying documents under such circum-stances could render you subject to civil (and even criminal) liability.

Also, if you learn that one of your merchants is under governmental investigation, conduct your own research to determine whether to terminate the merchant or place the merchant on an increased or 100% reserve.

In devising the best risk-mitigation strategy for you and your bank, be sure to comply with all requirements of your merchant agreement. Otherwise, you may expose yourself to a breach of contract claim by the merchant involved.

A government inquiry can be distressing but need not mean disaster. The key is to deal with it promptly.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post Hop to it When the Government Calls appeared first on Genco Payments.

The first step in responding is figuring out whether the processor is not paying the agent because it cannot, or is choosing to not pay for other reasons.

This in and of itself may prove challenging.

For example, where the processor has taken the action as a result of a civil investigative demand by federal regulatory authorities, the processor may be prohibited from disclosing the fact of the investigation to the agent or its merchants. The processor may offer a pre-textual reason for cutting off revenues in lieu of the real reason. The processor may simply stop responding to phone calls and emails and stop paying the agent without any explanation. Thus, getting to the truth often requires getting lawyers involved to exert pressure on the processor. That may be as simple as a telephone call, or may require the filing of a lawsuit.

On the other hand, the processor may be completely candid about its reasons for not paying.

Perhaps the processor can’t pay because its sponsoring bank or upstream partner has cut off its revenues. This might happen because of an investigation or lawsuit by federal regulators – such as the Federal Trade Commission (“FTC”) or the Consumer Financial Protection Board (“CFPB”) – or other action by the Card Brands regarding the processor itself, or problematic merchants within its portfolio.

In situations like this, the best strategy may be for the agent to step into the processor’s shoes and attempt to take ownership of the problem to eliminate the obstacle blocking the payment stream. Depending on the facts, that may mean funding the defense and settlement of federal regulatory claims against the processor and its upstream partners; advancing payment of Card Brand fines against the acquirer; and/or prosecuting breach of contract, indemnity and guaranty claims against the merchant (or merchants) that caused the problem.

Whether such an approach makes sense usually depends on a careful analysis of the agent’s potential return on investment. Many times, it may not make sense and the best choice may be to take the loss and walk away. This is especially true in cases where the amount at issue is painful–—but not devastating—to the agent’s business. It’s also true when the processor has plainly engaged in wrongdoing and appears to be going “down for the count” no matter what.

Perhaps the processor is choosing to not pay the agent for other reasons.

The processor may blame the agent for referring a bad merchant (or group of merchants) that has caused the processor problems with its upstream partners or federal regulatory authorities. As a result, the processor may have simply chosen to divert the agent’s residual stream to fund the associated legal costs according to its own subjective sense of justice.

Perhaps the agent actively referred merchants in the past and earns significant monthly commissions on those referrals, but has stopped sending new accounts to the processor in favor of a new business relationship. Many processors are quick to discover a contractual pretext for cutting off the revenue stream in “what have you done for me lately” cases, as I like to call them.

In these situations, the best strategy may be filing a lawsuit, subject to several qualifications.

First, the outcome in litigation is usually dictated primarily by leverage rather than by the question of who is right. Even though a contract may favor the agent’s legal position in a dispute so that the agent has a likelihood of prevailing on his claims, it may nonetheless favor the processor’s position with respect to question of leverage and the cost of “winning.”

Does the contract provide for prevailing party attorneys’ fees? If not, then each side will be responsible for paying its own lawyers. Therefore, whether it makes sense to sue may depend on the amount at issue relative to the anticipated time and cost of prosecuting the claim.

Does the contract contain a liability limiting clause capping the amount of any potential recovery, and/or prohibiting any claim for consequential or punitive damages? The contract may limit the amount or type of recoverable damages to such an extent that it’s simply not worth it to file a lawsuit.

Does the contract contain a mandatory arbitration provision?

Arbitration also means no jury and thus, presumably, a more dispassionate and sophisticated decision-maker to resolve the dispute, which is a leverage stick that may lean either way depending on the nature and underlying facts of the claim.

Arbitration often provides a more efficient mechanism for resolving a dispute, but may prove prohibitively expensive depending on the particular terms of the arbitration clause. Does it provide for arbitration before a single arbitrator or a panel of three arbitrators? How does it allocate the arbitration costs between the parties? Does it provide for an award of arbitration costs to the prevailing party? Where is the arbitration to be held and what rules apply?

The answers to these questions are key to a cost-benefit analysis for both sides and hence central to the question of leverage. Thus, even if the agent has the better side of the legal argument, these considerations may weigh against the agent filing suit.

In those situations, that may mean negotiating with the processor to achieve an acceptable compromise, like the agent setting up a separate reserve or receiving a reduced revenue stream for a period of time. Or it may mean that the better choice for the agent is to accept the loss and simply move its merchant portfolio to another processor.
In short, “what to do you when your processor stops paying you” is a multi-faceted question involving numerous practical and strategic considerations that goes far beyond a basic legal analysis and it defies a simple, formulaic answer.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com

The post What to Do When Your Processor Won’t Pay You? It Depends… appeared first on Genco Payments.

Moreover, shifting political tides threaten major policy changes that could reverse prior advances toward a more favorable climate for such FIs. Twenty-five states and the District of Columbia have legalized marijuana in some form. Yet marijuana remains illegal under federal law.

As I discussed on my website, these differing viewpoints led the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and the Department of Justice to issue separate guidance to banks more than two and a half years ago. Those guidelines had the goal of making fintech players more confident about offering financial services to legitimate state-licensed marijuana businesses, without fear of prosecution.

Since then, Visa and Mastercard have taken the position that local acquiring banks are best suited to make determinations regarding the legality of a marijuana-related merchant’s business. That is because the question represents an “evolving legal matter with different standards applicable in different states,” Visa stated.

Enforcement priorities

However, such guidance did not change federal law, but merely reflected a change in the federal government’s law enforcement priorities. Thus, FIs that extend merchant services to legal marijuana-related businesses remain subject to potential criminal and regulatory enforcement actions in the face of ever-shifting political tides and policy changes.

Indeed, the 2014 FinCEN guidance clarified how banks can extend services to marijuana-related businesses consistent with their obligations under the Bank Secrecy Act (BSA). The guidance recommends implementing appropriate anti-money laundering safeguards, including adequate customer due diligence, ongoing monitoring and proper suspicious activity reporting tailored to the marijuana industry.

Yet the concurrently released DOJ guidance emphasized the DOJ’s authority to enforce federal law regardless of state law. Thus, even for FIs that fully comply with the FinCEN guidance, the DOJ offered no safe harbor. Instead, it emphasized its discretion to investigate and prosecute FIs under money-laundering statutes and the BSA, where such action otherwise serves an important federal interest.

Therefore, most acquirers remain reluctant to offer financial services to marijuana-related businesses. Absent a change in federal law, banks that offer such services face the risk of potential criminal charges by the DOJ, or civil monetary penalties, cease and desist orders, fines and lifetime bans against responsible individuals from working in the industry by federal regulators.

Despite encouraging news in the past year, other recent developments suggest that such wariness is warranted. In both 2014 and 2015, Congress enacted amendments prohibiting the DOJ from spending funds to prevent any state from implementing its own laws authorizing the use, distribution, possession or cultivation of medical marijuana.

In August 2016, the Ninth Circuit Court of Appeals extended such protection for marijuana businesses by holding that these same appropriations riders prevent the DOJ from using such funds for the prosecution of individuals engaged in conduct permitted by state medical marijuana laws and who fully complied with such laws regarding use, distribution, possession and cultivation. However, the court emphasized that such protections are only temporary.

Flimsy protections

“Congress currently restricts the government from spending certain funds to prosecute certain individuals,” the court wrote. “But Congress could restore funding tomorrow, a year from now, or four years from now, and the government could then prosecute individuals who committed offenses while the government lacked funding.

Moreover, as of this writing, a presidential election looms and a new administration could shift enforcement priorities to place greater emphasis on prosecuting marijuana offenses. “Those admonitions should be taken seriously. Indeed, in April 2016, the Senate Appropriations Committee approved another amendment for fiscal year 2017 barring use of DOJ funds to investigate and prosecute legal marijuana businesses. Then, in June, the Senate Appropriations Committee approved a separate amendment prohibiting the Treasury Department from using funds to prohibit or penalize financial institutions solely because they provide financial services to state-legal marijuana businesses.

Nonetheless, that same month, House Republicans blocked a floor vote on the bank access amendment, and it appears they may also block a vote on the former amendment. Accordingly, there is uncertainty as to whether such medical marijuana protections will make their way into the final spending bill for fiscal year 2017.

Moreover, many believe New Jersey Governor Chris Christie is likely to be named attorney general in the event of a Trump presidency. Should that happen, many marijuana-related businesses and the banks that process for them may well end up in the federal government’s crosshairs.

The fiscal year ended on Sept. 30. Although existing marijuana protections are likely to be extended along with the current fiscal year’s funding until the Senate and House agree on a final spending package for fiscal year 2017, the future of such protections remains in doubt.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post Pot Shop Processing Remains Risky Business appeared first on Genco Payments.

Federal and state authorities view money transmitters differently, which means that payment facilitators must understand and navigate varying regulations to make sure they are operating within the law, he says.

In this podcast, Monroe provides an overview of what money transmitters are, how they are viewed by different authorities, and some of the issues payment facilitators may want to discuss with their own legal counsel.

The post Podcast: What Should Payment Facilitators Know About Money Transmitters? appeared first on Genco Payments.

McAfee Inc. recently learned this lesson the hard way. The company agreed to pay $80 million to resolve a California district court class action lawsuit that said it charged automatic renewal customers higher prices than it charged other customers who purchased subscriptions to the exact same anti-virus software products. If true, this would have been a violation of its contractual promises and express representations to automatic renewal customers that they would pay the same, then-current price for such products as any other customer purchasing a subscription.

Accuracy, visibility

So how can a business avoid this problem? Beyond the obvious – making sure a company’s advertising claims and other representations to consumers accurately depict its business practices, including the terms of the automatic renewal offer and the customer’s cancellation rights – adhering to the California statute, which happens to be the most stringent in the United States. That way, even if you don’t sell to consumers in California, you will effectively ensure your business complies with the requirements of the Federal Trade Commission Act (FTC Act), the Restore Online Shoppers’ Confidence Act (ROSCA), and individual state laws.

California’s Automatic Renewal Law requires businesses to provide clear and conspicuous notice to consumers regarding the terms and conditions of any automatic renewal offer prior to their completion of the subscription or purchase transaction.

To satisfy this requirement, a business must ensure its contract with the consumer discloses the complete automatic renewal terms and cancellation rights in a more conspicuous manner than the rest of the contract: namely, “in a larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks, in a manner that clearly calls attention to the language.”

Alleged violations

Let’s take a closer look at how McAfee got itself in trouble. According to the lawsuit, any consumer who purchased a one-year McAfee software subscription was automatically enrolled by default in the auto-renewal program, regardless of where he or she bought the product (for example, directly from McAfee’s website or from a retailer such as Amazon).

McAfee was said to induce such participation by telling customers that the cost to automatically renew their McAfee anti-virus software subscriptions would be no more than McAfee’s normal, then-current price charged to other customers for the same products. The renewal fee was then automatically charged to the customer’s payment card on file each year thereafter unless the customer took an affirmative step to cancel his or her enrollment in the automatic renewal program. Rather than charging automatic renewal customers the same price as other customers, however, McAfee was accused of charging those customers more.

For example, the operative complaint alleged that “customers who had their McAfee AntiVirus Plus subscriptions auto-renewed by McAfee on January 1, 2014, would have been charged $49.99 by McAfee for their renewed one-year subscription. To all other customers that day, McAfee offered the same one-year McAfee AntiVirus Plus subscription for just $34.99, whether the customers were purchasing a new subscription or manually renewing an existing subscription, and whether they made their purchase or manual renewal on McAfee’s website or via their McAfee Software.”

The lawsuit further alleges the prices McAfee charges auto-renewal customers are not only higher than the prices McAfee charges other customers, they are also higher than the suggested “list” prices McAfee provides to retailers of McAfee software.

Based on this conduct, plaintiffs sued McAfee for breach of contract, unlawful, unfair, and fraudulent business practices, false advertising and violating California’s Automatic Renewal Law, among other causes of action.

Under the terms of the settlement, McAfee will pay $11.50 (in the form of cash or as credit toward future purchases of McAfee products) to each consumer in the United States who paid for the automatic renewal for McAfee software between January 10, 2010, and February 10, 2015, and whose first auto-renewal charge was greater than the price paid for the initial subscription license. In the aggregate, such payments are estimated to exceed $80 million. The settlement also requires McAfee to change its policy regarding auto-renewal transactions and its advertising of past reference prices.

Prior consent

In addition to the clear and conspicuous disclosure requirements, California’s Automatic Renewal Law requires businesses to obtain the consumer’s affirmative consent to the agreement (for example, scrolling through the text of the agreement, and selecting the “I Agree” button) prior to completing the subscription or purchase transaction, and provide the consumer with an acknowledgement that includes the automatic renewal or continuous service offer terms, and cancellation policy and instructions for canceling, in a manner capable of being retained by the consumer. If the offer contains a free trial, the acknowledgment must also disclose how to cancel to avoid paying for the goods or services.

If there is a material change to the terms of the automatic renewal offer (such as pricing), a business must provide the consumer with prior notice of the change and how to cancel before the change takes effect in a clear, conspicuous manner.

Failure to comply with any of these requirements may result in restitution damages of all of the renewal revenues collected from California customers, regardless of whether they actually wanted and used the service, were actually deceived or suffered any damages.

Best practices

It bears emphasis that California’s Automatic Renewal Law applies to any contract entered into by any consumer in California that provides for automatic renewal by a recurring charge to his or her credit card or bank account, regardless of where the business is located. Again, while state laws vary dramatically, compliance with the California law will effectively ensure your business satisfies the requirements of other state laws, as well as the FTC Act and ROSCA.

In addition to satisfying California’s notice, consent and acknowledgement requirements at the front end of the subscription relationship, we believe the best practice is to send consumers an additional email notice in advance of the automatic renewal date. That notice needs to prominently disclose the renewal price and renewal date, and advise the consumers their subscriptions will be automatically renewed at that price on that date unless they cancel or disable the automatic renewal function beforehand.

Although the practice is not required under California law and may cause businesses to lose some automatic renewal subscriptions, it offers the benefit of further protection against being the subject of a class action lawsuit and paying millions of dollars in restitution damages or settlement.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post Help Merchants Avoid Subscription Legal Headaches appeared first on Genco Payments.

As to the first part of the question, “MATCH” (which stands for Member Alert To Control High Risk) is a database of previously terminated merchants (and their principals) maintained by MasterCard Worldwide, and relied upon by all of the payment brands to screen and regulate merchant access to the payments system.

MasterCard Security Rules and Procedures affirmatively require acquirers to report a merchant for listing on MATCH within 5 calendar days of any decision (by the acquirer or the merchant) to terminate the merchant processing relationship if the acquirer has reason to believe that the merchant has suffered a data breach or failed to comply with PCI DSS; engaged in credit card laundering, fraudulent activity or other illegal transactions; violated MasterCard standards or engaged in conduct that threatens the MasterCard brand and reputation; or exceeded monthly chargeback thresholds (by far the most common reason).

Visa requires US acquirers to add a terminated merchant to the MATCH list (also referred to as the Terminated Merchant File in the Visa Rules) no later than close of business on the day following the date the merchant is notified of the intent to terminate the agreement. Reporting is mandatory if the merchant is terminated for credit or debit card fraud, depositing excessive counterfeit or unauthorized transactions, laundering transactions, or generating excessive chargebacks.

To put it simply, any merchant that gets caught engaging in high risk or illegal activity will quickly land on MATCH.

What is the effect of MATCH and why is it so important?

Under both MasterCard and Visa Rules, acquirers must also check the MATCH list before signing any processing agreement with a merchant. Of course, most acquirers regard a MATCH listing as a “scarlet letter” and will flatly reject any merchant that appears on the MATCH list. In the small remainder of cases where more risk-tolerant acquirers may still be willing to extend processing services to MATCH-listed merchants, such merchants should expect to pay much higher discount rates (up to 5% or more), be subject to greater scrutiny and increased monitoring, and post substantial reserves (meaning delayed access to funds).

How do you get off of MATCH?

Typically, MasterCard will remove a merchant from the MATCH list only where the acquirer reports to MasterCard that it added the merchant in error. Yet acquirers face liability to subsequent acquirers for losses caused by any merchant they should have placed on and improperly removed from, the MATCH list. Accordingly, convincing an acquirer to effectuate a merchant’s removal from MATCH is very challenging indeed.

For starters, you will need to establish that you should not have been placed on MATCH in the first place. If that is the case, ask the acquirer for an investigation to demonstrate that you were placed on the list in error. MasterCard, itself, can also remove a person or business merchant. If that doesn’t work, you can always sue them, but it rarely makes sense to do so based on the cost. The good news is, if you can wait five years, you will automatically roll off the list.

The post Payment Company Compliance Issues: What is a match, and how can I get off of it? appeared first on Genco Payments.

By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the last of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 examined the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud. Part 3 looked at credit card laundering, one of the crimes Johnson was charged with. The last installment describes what a company can expect when it runs afoul of the FTC.

Anatomy of an FTC Action

Most payment processors understand that certain classes of high-risk merchants are popular targets for scrutiny by the FTC and other regulatory authorities. Trial, free-to-pay conversions, recurring billing, onerous return policies, paid testimonials and unsubstantiated advertising claims are just a few of the most common sins that will land a merchant squarely in FTC’s crosshairs. In such cases, the agency will not hesitate to look past the merchant to every entity in the payment chain it deems knowingly or recklessly facilitated the merchant’s access to the payments system in the face of such red flags, or in violation of its own underwriting policies. One need only consider the FTC’s prosecution of Jeremy Johnson and the associated ISOs and sales agents that boarded his straw merchant accounts, or the commission’s more recent pursuit of CardReady in connection with its alleged role for helping to launder credit card transactions in connection with a massive debt relief scam.

Nonetheless, many banks and processors have no idea what an FTC lawsuit looks like until the merchant gets sued and the operating account and merchant reserves are already frozen. So, rather than leaving you to learn the hard way by experience, we offer you this brief primer on the anatomy of an FTC lawsuit.

Civil Investigative Demand

If the FTC has a standard playbook, it usually begins with serving a court-ordered subpoena, known as a Civil Investigative Demand (“CID”), on the acquirer, processor, ISO and even the sales agents. The CID typically demands production of the underwriting file and complete transaction processing history of the merchant(s) or individual(s) under investigation, and generally requires the subpoenaed party to refrain from disclosing the existence of the investigation to the merchant. In addition to furthering its investigation into the subject merchant, the FTC also carefully evaluates whether such materials suggest any wrongdoing by those in the processing chain, such as falsifying merchant applications, circumventing underwriting requirements, setting up multiple MIDs for load-balancing or otherwise helping the merchant to set up straw merchant accounts to factor the merchant’s transactions.

Indeed, the suit against Jeremy Johnson was pending for more than three-and-a-half years before the FTC finally filed a separate suit against the ISOs and sale agents allegedly responsible for knowingly boarding his merchant accounts in violation of their own underwriting policies.

Temporary Restraining Order and Asset Freeze

The agency’s next move usually is to file a civil complaint against the merchant for violations of Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” Typically, the complaint is filed under seal along with an ex parte application for a temporary restraining order (TRO) imposing an asset freeze on all merchant funds. Such papers are filed under seal to prevent the merchant and its principals from diverting or dissipating funds in anticipation of a lawsuit, which means that the merchant has no real chance to defend itself against the TRO. Moreover, the parties processing for the merchant generally have no prior notice of the government action unless previously served with a CID.

The asset freeze typically extends to all third parties in possession or control of funds attributable to the merchant or its principals, including all banks and payment facilitators. While the acquirer and ISO may attempt to argue otherwise, reserve funds are also subject to the asset freeze. Most TROs also appoint a temporary receiver to take control of the merchant’s business and all frozen funds to prevent further consumer fraud, and ensure that such funds are preserved for the purposes of consumer redress (discussed below).

Preliminary Injunction

Once the merchant has been served and its assets frozen, the Court unseals the complaint and the action becomes public. Indeed, often it is publicly touted via press release on the FTC Website alerting consumers to the alleged scam or scheme at issue. The agency then moves for an order of preliminary injunction, prohibiting the merchant from engaging in the challenged conduct, maintaining the asset freeze, and confirming the receiver’s power and authority to control the merchant’s business and funds pending resolution of the action. In order to prevail on a preliminary injunction motion, the FTC must meet a four-part test by proving: (1) a likelihood of success on the merits; (2) a likelihood of irreparable harm in the absence of preliminary relief; (3) that the balance of equities tips in favor of a preliminary injunction; and (4) that an injunction is in the public interest.

To defeat such a motion, the merchant must convince the Court of the FTC’s inability to prove any of these four elements. For example, the merchant may present evidence tending to prove that it did not deceive consumers or engage in unfair business practices; or that the balance of equities weighs against preliminary relief because the merchant has already stopped the challenged business practice and is otherwise engaging in a lawful business with numerous employees that would lose their jobs if the injunction issued. Yet, it is ultimately up to the Court to decide these questions within its own discretion.

Stipulated Permanent Injunction

If the FTC prevails on the preliminary injunction motion, it usually signals a death knell for the merchant because the merchant is often left with no funds to pay its lawyers to defend the action, and, as we all know, lawyers rarely work for free. Thus, at that point, the merchant and its principals often settle the action by stipulating to a permanent injunction banning them for life from engaging in the challenged conduct, requiring them to pay a substantial monetary judgment and requiring them to file annual reports with FTC regarding their future business activities for a period of at least ten years.

On the other hand, if the merchant successfully defeats the motion (in whole or in part) and gains access to sufficient funds or if it has access to friends and family funds, to pay its lawyers to defend against the action, it thereby gains a significant bargaining chip with respect to the ultimate outcome. While most merchants who prevail at this stage still end up stipulating to a permanent injunction in order to settle the action, they may gain tactical leverage by their ability to continue the fight, and thus may find themselves in a far better position to negotiate more favorable settlement terms, such as a more narrowly tailored ban (whether in regard to the scope of the prohibited conduct or the duration of the ban), or a lesser monetary judgment.

Consumer Redress

So what happens to the frozen funds after they are turned over to the receiver? Pursuant to section 13(b) of the FTC Act, the Commission may seek monetary consumer redress only on a strictly equitable basis. This means that the FTC may seek monetary consumer redress in only one of two forms: equitable restitution or disgorgement of a defendant’s ill-gotten gains. Equitable restitution is money or property in the defendant’s possession that is identified as belonging in good conscience to injured consumers and is intended to make them whole. It often is unavailable as a remedy, however, because the defendant has already dissipated or commingled the funds with other assets prior to the action being filed. Thus, in most cases, the FTC must pursue disgorgement of a defendant’s ill-gotten gains as the only available monetary remedy. Notably, the primary purpose of disgorgement is not to compensate the victims of the deceptive advertising, but to deprive the wrongdoer of his ill-gotten gains. Disgorgement is normally measured by the amount of ill-gotten revenues connected to the defendant’s wrongful conduct. Not surprisingly, that inevitably includes all of the gross proceeds of the merchant’s illegal processing activity.

Looking Past the Merchant

As mentioned, the FTC and the receiver invariably will take the position that merchant reserves are proceeds of the merchant’s illegal activities (subject to the asset freeze) and will ultimately seek a transfer order moving the funds into the receiver’s possession. Thus, upon being served with the TRO, the acquirer and ISO must make a strategic decision about whether (and to what extent) to oppose the FTC’s efforts. Where the acquirer has contractual indemnity from the ISO for chargebacks and merchant-related losses, the acquirer will often be loath to join the fray and will instead simply look to the ISO to make it whole.

For this same reason, the ISO may feel it has a strong incentive to challenge the scope of the asset freeze and attempt to obtain a carve-out for the merchant reserves to cover chargebacks and other merchant-related losses. However, by doing so, it may also incur FTC’s ire and invite further scrutiny regarding its business activities. This presents an especially tricky problem for those that may have failed to satisfy applicable underwriting standards in regard to a merchant because they may increase their chances of being added as defendants to the action, or even having a separate action filed against them by FTC. Again, in the case of Jeremy Johnson, FTC waited more than three and a half years after filing suit against him to file suit against the ISOs and sales agents that allegedly boarded him in violation of their own underwriting standards. Whether an ISO has a good argument to carve-out reserves from the asset freeze depends in no small part on the merchant agreement, and most merchant agreements are decidedly not well-drafted in this regard.

Thus, if you are transacting in the high-risk CNP space or providing processing for such merchants, you are well advised to choose your merchants carefully, and put your ducks in a row before the FTC comes knocking.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 4 appeared first on Genco Payments.

Credit card laundering occurs when a merchant uses a straw entity to act as a front, pass-through or aggregator for the merchant’s transactions. Other indicia include, multiple MIDs, multiple corporations and a continuity negative option model.

Almost always, such conduct violates federal civil law, such as Section 5 of the Federal Trade Commission Act and the Telemarketing Sales Rule, as well as federal criminal law, such as 18 U.S.C. § 1029 (factoring), 18 U.S.C. § 371 or § 1029(b)(2) (conspiracy), 18 U.S.C. § 1343 (wire fraud), or 18 U.S.C. § 1344 (bank fraud). Many states also have their own laws against transaction laundering.

Yet except for certain Money Services Businesses (“MSBs”), non-bank Third-Party Organizations such as ISOs/MSPs, Payment Facilitators/Payment Service Providers, data processors and network providers (collectively “TPOs”) generally are not subject to BSA requirements. Thus, it is the acquiring bank’s responsibility to (1) ensure that a TPO’s incident reporting and management program contains clearly documented processes and accountability for identifying, reporting, investigating, and escalating incidents of credit card laundering and other suspicious activity; and (2) monitor TPO compliance and processing information on an ongoing basis to ensure compliance with the acquirer’s SAR obligations.

Generally, when banks rely on TPOs for processing and sales services, they either explicitly or implicitly require the TPO to notify them whenever it becomes aware of certain types of suspicious activity. Particular notification criteria may be stipulated in the contract between the bank and the TPO.

Again, the BSA requires banks and financial institutions to file a SAR for transactions conducted or attempted by, at, or through them and aggregating $5,000 or more, if they know, suspect, or have reason to suspect that the transaction:

• Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity, or is
• Designed to evade the requirements of the BSA, whether through structuring or other means, or
  

• Serves no business or apparent lawful purpose, and the reporting business knows of no reasonable explanation for the transaction after examining all available facts.

Certain MSBs (including money transmitters; and issuers, sellers and redeemers of money orders and traveler’s checks) must file a SAR for any transaction conducted by, through, or at the MSB that is suspicious,and totals $2,000 or more.

In the context of credit card laundering, typical warning signs of suspicious activity include:

• Multiple MIDs for a single merchant, particularly where due diligence or monitoring suggests multiple shell entities with different signers associated by similar address, phone number, websites or relationships.
• Excessive chargebacks/returns across multiple MIDs even though individual MIDs may show an acceptable rate of chargebacks.
• Merchants that maintain merchant accounts with multiple processors, or that move from one processor to another within a short period.

MIDs with historical transaction activity that is substantially different from what would normally be expected for the category of merchant business.
Any other evidence of deposits for transactions involving sales of goods or services generated by another merchant.
When the bank is unable to identify and understand the nature and sources of the transactions processed through an account, the risks to the bank and the likelihood of suspicious activity can increase. Banks and financial institutions that fail to have an adequate program in place to monitor and address the risks associated with their third-party relationships are subject to regulatory intervention.

Moreover, even if the acquirer’s own risk mitigation program is lacking, it is squarely in the TPO’s own best interest to make sure it aggressively monitors, detects and reports suspected credit card laundering and other suspicious activity to the acquirer, including documenting its reporting decisions and maintaining all supporting documentation for a period of at least five years, lest it come under investigation for facilitating suspicious or illegal activity.

The post Acquirer and Third-Party SAR Obligations for Transaction Laundering appeared first on Genco Payments.

]]>