By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the last of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 examined the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud. Part 3 looked at credit card laundering, one of the crimes Johnson was charged with. The last installment describes what a company can expect when it runs afoul of the FTC.

Anatomy of an FTC Action

Most payment processors understand that certain classes of high-risk merchants are popular targets for scrutiny by the FTC and other regulatory authorities. Trial, free-to-pay conversions, recurring billing, onerous return policies, paid testimonials and unsubstantiated advertising claims are just a few of the most common sins that will land a merchant squarely in FTC’s crosshairs. In such cases, the agency will not hesitate to look past the merchant to every entity in the payment chain it deems knowingly or recklessly facilitated the merchant’s access to the payments system in the face of such red flags, or in violation of its own underwriting policies. One need only consider the FTC’s prosecution of Jeremy Johnson and the associated ISOs and sales agents that boarded his straw merchant accounts, or the commission’s more recent pursuit of CardReady in connection with its alleged role for helping to launder credit card transactions in connection with a massive debt relief scam.

Nonetheless, many banks and processors have no idea what an FTC lawsuit looks like until the merchant gets sued and the operating account and merchant reserves are already frozen. So, rather than leaving you to learn the hard way by experience, we offer you this brief primer on the anatomy of an FTC lawsuit.

Civil Investigative Demand

If the FTC has a standard playbook, it usually begins with serving a court-ordered subpoena, known as a Civil Investigative Demand (“CID”), on the acquirer, processor, ISO and even the sales agents. The CID typically demands production of the underwriting file and complete transaction processing history of the merchant(s) or individual(s) under investigation, and generally requires the subpoenaed party to refrain from disclosing the existence of the investigation to the merchant. In addition to furthering its investigation into the subject merchant, the FTC also carefully evaluates whether such materials suggest any wrongdoing by those in the processing chain, such as falsifying merchant applications, circumventing underwriting requirements, setting up multiple MIDs for load-balancing or otherwise helping the merchant to set up straw merchant accounts to factor the merchant’s transactions.

Indeed, the suit against Jeremy Johnson was pending for more than three-and-a-half years before the FTC finally filed a separate suit against the ISOs and sale agents allegedly responsible for knowingly boarding his merchant accounts in violation of their own underwriting policies.

Temporary Restraining Order and Asset Freeze

The agency’s next move usually is to file a civil complaint against the merchant for violations of Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” Typically, the complaint is filed under seal along with an ex parte application for a temporary restraining order (TRO) imposing an asset freeze on all merchant funds. Such papers are filed under seal to prevent the merchant and its principals from diverting or dissipating funds in anticipation of a lawsuit, which means that the merchant has no real chance to defend itself against the TRO. Moreover, the parties processing for the merchant generally have no prior notice of the government action unless previously served with a CID.

The asset freeze typically extends to all third parties in possession or control of funds attributable to the merchant or its principals, including all banks and payment facilitators. While the acquirer and ISO may attempt to argue otherwise, reserve funds are also subject to the asset freeze. Most TROs also appoint a temporary receiver to take control of the merchant’s business and all frozen funds to prevent further consumer fraud, and ensure that such funds are preserved for the purposes of consumer redress (discussed below).

Preliminary Injunction

Once the merchant has been served and its assets frozen, the Court unseals the complaint and the action becomes public. Indeed, often it is publicly touted via press release on the FTC Website alerting consumers to the alleged scam or scheme at issue. The agency then moves for an order of preliminary injunction, prohibiting the merchant from engaging in the challenged conduct, maintaining the asset freeze, and confirming the receiver’s power and authority to control the merchant’s business and funds pending resolution of the action. In order to prevail on a preliminary injunction motion, the FTC must meet a four-part test by proving: (1) a likelihood of success on the merits; (2) a likelihood of irreparable harm in the absence of preliminary relief; (3) that the balance of equities tips in favor of a preliminary injunction; and (4) that an injunction is in the public interest.

To defeat such a motion, the merchant must convince the Court of the FTC’s inability to prove any of these four elements. For example, the merchant may present evidence tending to prove that it did not deceive consumers or engage in unfair business practices; or that the balance of equities weighs against preliminary relief because the merchant has already stopped the challenged business practice and is otherwise engaging in a lawful business with numerous employees that would lose their jobs if the injunction issued. Yet, it is ultimately up to the Court to decide these questions within its own discretion.

Stipulated Permanent Injunction

If the FTC prevails on the preliminary injunction motion, it usually signals a death knell for the merchant because the merchant is often left with no funds to pay its lawyers to defend the action, and, as we all know, lawyers rarely work for free. Thus, at that point, the merchant and its principals often settle the action by stipulating to a permanent injunction banning them for life from engaging in the challenged conduct, requiring them to pay a substantial monetary judgment and requiring them to file annual reports with FTC regarding their future business activities for a period of at least ten years.

On the other hand, if the merchant successfully defeats the motion (in whole or in part) and gains access to sufficient funds or if it has access to friends and family funds, to pay its lawyers to defend against the action, it thereby gains a significant bargaining chip with respect to the ultimate outcome. While most merchants who prevail at this stage still end up stipulating to a permanent injunction in order to settle the action, they may gain tactical leverage by their ability to continue the fight, and thus may find themselves in a far better position to negotiate more favorable settlement terms, such as a more narrowly tailored ban (whether in regard to the scope of the prohibited conduct or the duration of the ban), or a lesser monetary judgment.

Consumer Redress

So what happens to the frozen funds after they are turned over to the receiver? Pursuant to section 13(b) of the FTC Act, the Commission may seek monetary consumer redress only on a strictly equitable basis. This means that the FTC may seek monetary consumer redress in only one of two forms: equitable restitution or disgorgement of a defendant’s ill-gotten gains. Equitable restitution is money or property in the defendant’s possession that is identified as belonging in good conscience to injured consumers and is intended to make them whole. It often is unavailable as a remedy, however, because the defendant has already dissipated or commingled the funds with other assets prior to the action being filed. Thus, in most cases, the FTC must pursue disgorgement of a defendant’s ill-gotten gains as the only available monetary remedy. Notably, the primary purpose of disgorgement is not to compensate the victims of the deceptive advertising, but to deprive the wrongdoer of his ill-gotten gains. Disgorgement is normally measured by the amount of ill-gotten revenues connected to the defendant’s wrongful conduct. Not surprisingly, that inevitably includes all of the gross proceeds of the merchant’s illegal processing activity.

Looking Past the Merchant

As mentioned, the FTC and the receiver invariably will take the position that merchant reserves are proceeds of the merchant’s illegal activities (subject to the asset freeze) and will ultimately seek a transfer order moving the funds into the receiver’s possession. Thus, upon being served with the TRO, the acquirer and ISO must make a strategic decision about whether (and to what extent) to oppose the FTC’s efforts. Where the acquirer has contractual indemnity from the ISO for chargebacks and merchant-related losses, the acquirer will often be loath to join the fray and will instead simply look to the ISO to make it whole.

For this same reason, the ISO may feel it has a strong incentive to challenge the scope of the asset freeze and attempt to obtain a carve-out for the merchant reserves to cover chargebacks and other merchant-related losses. However, by doing so, it may also incur FTC’s ire and invite further scrutiny regarding its business activities. This presents an especially tricky problem for those that may have failed to satisfy applicable underwriting standards in regard to a merchant because they may increase their chances of being added as defendants to the action, or even having a separate action filed against them by FTC. Again, in the case of Jeremy Johnson, FTC waited more than three and a half years after filing suit against him to file suit against the ISOs and sales agents that allegedly boarded him in violation of their own underwriting standards. Whether an ISO has a good argument to carve-out reserves from the asset freeze depends in no small part on the merchant agreement, and most merchant agreements are decidedly not well-drafted in this regard.

Thus, if you are transacting in the high-risk CNP space or providing processing for such merchants, you are well advised to choose your merchants carefully, and put your ducks in a row before the FTC comes knocking.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 4 appeared first on Genco Payments.

Recently, the criminal case against online merchant Jeremy Johnson in Utah that started back in June 2011 finally came to a close. After more than four years of litigation and six weeks of trial, the jury found Johnson guilty of eight counts of making false statements to a bank, but acquitted him on 78 other charges, including bank fraud, wire fraud, conspiracy and money laundering. By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

Credit Card Laundering: Feds Are Cleaning House

The U.S. federal government has declared open season on merchant processors for their involvement in what is called credit card laundering or “factoring,” with a number of high-profile lawsuits involving the practice.

Recently, Utah merchant Jeremy Johnson wasprosecuted for such activity, which resulted in his conviction on eight felony counts of false statements to banks. Prior to the filing of the DOJ’s criminal complaint in January 2011, the FTC filed its own civil action against Johnson, IWorks and the dozens of shell companies they used to carry out the fraud. More than three and a half years later, in July 2014, the FTC sued the ISO CardFlex and the various sales agents allegedly responsible for facilitating more than $26 million in illegal transactions for the IWorks scheme.

The IWorks action provides a good illustration of how ISOs can quickly land themselves in hot water with the FTC right alongside their merchants for allegedly employing, advising or enabling them to employ deceptive tactics to open merchant accounts, and thereby facilitating their access to the payments system. The FTC alleged that IWorks and Johnson submitted fraudulent merchant applications to the acquirer, opening at least 293 accounts in the names of 30 separate “straw” corporations in less than a year. The FTC sued the ISO and agent defendants for engaging in unfair and deceptive practices in violation of Section 5 of the FTC Act by facilitating Johnson’s submission of the applications and opening of the straw merchant accounts, which is the same type of conduct now being actively targeted by the FTC in credit card laundering cases against other merchant processors and ISOs.

The takeaway here is clear: The FTC expects processors and ISOs to actively police the payments system, and will not hesitate to prosecute them for failing to appropriately vet and monitor their merchants, especially where the evidence suggests any possible collusion with a merchant to dupe an acquirer or circumvent card brand rules—credit card laundering and factoring schemes being prime examples.

What is Credit Card Laundering?

Credit card laundering generally occurs in the context of a merchant that can’t open a merchant account in its own name, whether for past sins or the questionable nature of its present business activities. In such cases, the merchant, or the ISO or sales agent seeking to sign up the merchant, may recruit another company (that already has a merchant account, or can readily open one) to act as a front, pass-through or aggregator for the merchant’s transactions. In return, the recruited company typically receives a percentage of the sales, anywhere from a few points to ten percent or more. While it may sound like a simple solution to a business-crippling problem, the simple fact is merchants and ISOs that go this route are engaged in illegal credit card laundering (also known as “factoring”), and may face big civil and criminal liability.

When transactions are being factored, defrauded consumers can’t identify the true source of the transaction (i.e., the real merchant) by the charges that appear on their credit card statements. This confusion makes it easy for unscrupulous merchants to avoid detection by consumers and law enforcement. Furthermore, even if the bank and processors terminate the offending merchant account, they may not learn the identity of the actual company behind the excessive chargebacks. The true culprit is then able to perpetuate the scheme as long as it can recruit other companies to provide access to their merchant accounts. Thus, from the FTC’s perspective, using straw signers to facilitate access to the payments system constitutes an unfair and deceptive business practice that violates Section 5 of the FTC Act and is very much on its radar.

When the merchant at issue is a telemarketer, such conduct also constitutes illegal credit card laundering under the Telemarketing Sales Rule (TSR). Specifically, the TSR prohibits any merchant from presenting (or causing another to present) a telemarketing credit card transaction into the payments system that is not the result of a transaction between the cardholder and the merchant submitting the transaction. The TSR also makes it illegal for any person to employ, solicit or otherwise cause another to submit such a prohibited transaction, or to obtain access to the payments system through the use of a business relationship or an affiliation with a merchant, when such access is not authorized by the merchant agreement or the applicable credit card system. Moreover, the FTC has demonstrated its eagerness to look past the merchant and go after everyone in the payment chain where they play a role in facilitating such schemes.

CardReady and PayBasics Actions

This past December, the FTC filed two separate lawsuits (against CardReady and PayBasics) for alleged credit card laundering and factoring in violation of the TSR. In its complaint against CardReady, FTC alleges that the ISO and its principals solicited at least 26 straw merchants to act as signatories on shell businesses and dummy merchant accounts for a group of merchants running a fraudulent debt relief scam in order to launder their transactions and fraudulently facilitate their access to the payments system. The FTC alleges that CardReady submitted falsified merchant applications to its processor that depicted the shell companies as bona fide businesses by using the signers’ driver’s licenses and bank statements, and the previously signed forms. The FTC made similar claims against PayBasics and its principals, alleging they knowingly helped a group of merchants behind a fraudulent work-at-home scheme to open and maintain merchant accounts used to process credit card payments for sales made by a number of different third-party scammers. The agency alleges that, in some cases, PayBasics’ principals personally vouched for the shell companies behind the bogus merchant accounts so they would be approved, in violation of the TSR.

These cases should prove a cautionary tale to those that would knowingly set up multiple MIDs and straw or funnel accounts to load-balance or launder their credit card transactions and those processors and ISOs that assist them.

Consequences: Lifetime Bans and Money Judgments

And what are the potential consequences to those that fail to heed this warning? Johnson (already incarcerated pursuant to the criminal action) is expected to go to trial in the FTC action later this year. Based on the result in the criminal action, Johnson will likely face a catastrophic monetary judgment and draconian injunctive relief.

In January of this year—less than a month after FTC filed suit against them—PayBasics and its principals agreed to settle FTC’s claims by stipulating to a permanent injunction order prohibiting them from acting as a payment processor, contracting with a payment processor to provide payment processing services, or acting as sales agents for high-risk merchants, and imposing a (partially suspended) monetary judgment of $1.02 million.

The CardReady action remains pending in federal district court in Florida.

Criminal Liability: Prison Time and More Money

Credit card laundering also violates various federal and state criminal laws. Where the practice affects interstate or foreign commerce, the federal courts have jurisdiction. The Department of Justice Financial Crimes Enforcement Network (“FinCEN”) regards such factoring activities as a variation on money laundering, and may pursue merchants and processors alike in appropriate cases. Depending on the particular facts of the credit card laundering scheme, such conduct may variously violate 18 U.S.C. § 1029 (factoring), 18 U.S.C. § 371 or § 1029(b)(2) (conspiracy), 18 U.S.C. § 1343 (wire fraud), or 18 U.S.C. § 1344 (bank fraud). Maximum penalties range from 10 to 30 years in prison, plus up to $1 million per offense.

Many states also have their own laws against factoring. For example, under Washington law, a person is guilty of unlawful factoring of a credit or payment card transaction if the person:

• Presents to or deposits with, or causes another to present to or deposit with, a financial institution for payment a credit or payment card transaction record that is not the result of a credit or payment card transaction between the cardholder and the person
• Employs, solicits, or otherwise causes a merchant or an employee, representative, or agent of a merchant to present to or deposit with a financial institution for payment a credit or payment card transaction record that is not the result of a credit or payment card transaction between the cardholder and the merchant; or
• Employs, solicits, or otherwise causes another to become a merchant for purposes of engaging in such unlawful conduct.

A first offense is a class C felony, which carries a maximum penalty of 5 years in prison and a $10,000 fine, and a second offense is a class B felony, which carries a maximum penalty of 10 years and $20,000. Many other states have similar laws.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 3 appeared first on Genco Payments.

This is the second of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 looks at the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud.

CNP Series: Lessons from a CNP Fraud Scheme – Part 2The CardFlex Side of the Story

We recently reported to you regarding the DOJ’s federal criminal conviction of Jeremy Johnson for making false statements to Wells Fargo for the purpose of opening a myriad of straw merchant accounts. Fallout from the case landed on the processors, ISOs and sales agents that worked with him, including CardFlex, Inc., which found itself squarely in the FTC’s crosshairs because of the matter.

CardFlex’s CEO, Andrew Phillips, contacted us shortly after Part 1 of this series ran to give us his side of the story. We found it riveting and wanted to share it.

To recap, the FTC alleged that CardFlex and its principals provided critical assistance to Johnson by conspiring with him to use shell corporations and third-party signers to board those accounts, providing him with load-balancing software and instructing him along the way.

In turn, CardFlex did what the overwhelming majority of defendants in FTC cases do—it settled those charges by entering a stipulated order for permanent injunction and paying some funds. As Phillips put it, his attorneys made it clear that if he wanted to fight the case, it would take at least $5 million and five years (an estimate that we agree with). According to Phillips, he did not regret the decision but, based upon what came out at Jeremy Johnson’s trial, he now feels he was railroaded by the FTC.

Phillips said Johnson approached him in mid-2009 with a plan to offer a “soup-to-nuts” third-party payment solution for entrepreneurs looking to break into e-commerce. Johnson had already been placed on MATCH (Member Alert to Control High Risk, a black list managed by the card networks containing merchants whose card processing privileges have been revoked). He was having serious chargeback problems and said he wanted to diversify by moving away from the merchant side of the coin to help others launch their own online businesses using iWorks’ proven relationships, systems and technologies, and Johnson’s credit. Johnson said he would personally guarantee the merchant accounts—he was liquid, with more than $30 million cash on hand in the bank—and sold CardFlex on the idea that he was looking to bring legitimate merchants to the game.

Phillips maintains that CardFlex performed substantial due diligence on iWorks and each of the hundreds of merchant accounts it opened, but, in hindsight, Phillips himself acknowledges that CardFlex could have done more to uncover and shut down the scheme earlier than it did had it employed more vigorous merchant monitoring practices.

Phillips contends that the federal government overreached its authority, based on evidence that came out in Johnson’s criminal trial that Johnson developed his multiple MID scheme more than one and a half years before ever approaching CardFlex.

In his defense at trial, Johnson attempted to rely on the FTC’s allegations that CardFlex came up with the idea of using straw entities and third-party signers to create multiple MIDs. That would enable Johnson to claim he could not be guilty of defrauding Wells Fargo because he merely followed the instructions provided to him by CardFlex as Wells Fargo’s agent. An unrelated defense was that the representation was made to CardFlex and not Wells Fargo.

However, by finding Johnson guilty on eight counts of making false statements to a bank, the jury appears to have rejected those arguments, persuaded in no small part by Johnson’s internal emails showing that he had already developed the straw-merchant-multiple-MIDs scheme long before meeting with CardFlex, and even had another ISO on deck for when the CardFlex accounts got shut down. Thus, Phillips maintains, that same evidence should have exonerated CardFlex in the FTC action and proven his own innocence in these matters, at least as far as the allegations surrounding the development, the idea and the technology to support the scheme.

To us, that is probably an overstatement because such evidence does not conclusively prove that CardFlex had no role in aiding Johnson’s scheme. The FTC could reasonably argue that by failing to shut down the merchants’ processing in a timely manner, Cardflex violated the FTC Act. Nonetheless, Phillips believes that the FTC made an example of CardFlex as part of its bigger agenda to turn processors and ISOs into payments cops by holding them strictly liable for their merchants’ bad acts.

Other payment companies and processors would do well to heed this cautionary tale and choose their merchant partners very carefully. Dot all the i’s and cross all the t’s from start to finish by employing ETA best practices in regard to both underwriting and monitoring to keep the FTC and other regulators at bay.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 2 appeared first on Genco Payments.

By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the first of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 describes the case and some of the issues the decision turned on. Subsequent articles will take a closer look at those issues and how they might apply to all sides of the card-not-present ecosystem.

The IWorks Scheme

Johnson masterminded an extremely profitable online marketing scheme known as IWorks. IWorks depended on a huge network of affiliate marketers to target vulnerable consumers with risk-free and free trial offers to receive instructional CDs showing how to win government grant programs to stop foreclosures, pay down debt, purchase real estate, launch businesses, cover medical expenses, and even pay grocery bills and Christmas presents, all in exchange for the consumer’s payment of a nominal shipping and handling fee. Instead, consumers found unauthorized charges by unknown merchants on their monthly card statements, including large onetime charges for “forced upsells,” and recurring monthly charges flowing from their involuntary enrollment in negative option continuity billing programs. These practices enabled IWorks to generate more than $275 million in sales between 2005 and 2010 alone.

The MATCH Problem

But by 2009, Johnson had a real problem: how to maintain his access to the payments system and keep the money taps flowing despite having been placed on the MATCH list by no less than four separate banks. MATCH stands for Merchant Alert To Control High-risk merchants. Of course, the card brands created MATCH to compile information on businesses and their owners when their merchant accounts have been terminated for excessive chargebacks, excessive fraud, credit card laundering, illegal activity, or other violations of card brand standards. In turn, acquiring banks use the list to help screen applicants, and generally reject out-of-hand any merchant that has been added to MATCH as an unacceptable risk.

The Straw Merchant Solution

Like hundreds of other MATCH-listed merchants, Johnson solved his dilemma by enlisting a legion of surrogates (family, friends, employees, etc.) to form more than 60 shell companies to operate in his behalf. Because those surrogates were not listed on MATCH and the newly formed entities had no negative processing history, they had little trouble opening new merchant accounts, and Johnson allegedly used these straw companies to open more than 293 merchant accounts with CardFlex and Wells Fargo in a one year period alone.

This strategy also enabled Johnson to spread transactions across the merchant accounts to avoid detection by the card brands’ excessive chargeback monitoring programs. For example, Visa sets a 1 percent chargeback limit for any merchant that processes 100 or more transactions and 100 a more chargebacks in a given month. Any merchant that exceeds that limit is placed in the merchant chargeback-monitoring program. Thus, by spreading IWorks’ transactions across hundreds of merchant accounts, Johnson was able to keep his transaction numbers below the 100 chargeback mark for each merchant account even though IWorks’ total chargeback activity dramatically exceeded the 1% threshold.

Notably, Johnson ultimately testified that he learned these strategies from CardFlex’s principals, Andrew Phillips and John Blaugrund, and that it was their idea to begin “load balancing” the accounts to avoid triggering chargeback monitoring program minimum-transaction-per-account thresholds, and “obtaining multiple signers for each corporation” rather than using the same five to six “signers” for all of its corporations to avoid detection by Wells Fargo. Nonetheless, Wells Fargo eventually got wise and put the brakes on the operation in June 2010, shutting down the IWorks’ network of merchant accounts and severing all ties with CardFlex.

The Federal Trade Commission

In December 2010, the FTC filed a civil action for unfair and deceptive business practices against Johnson, IWorks, Inc., nine other individual defendants, nine other corporate entities and, ultimately, the more than 60 shell companies they are alleged to have created to carry out the IWorks scheme. Among other things, FTC alleged that Johnson’s websites used misleading testimonials, failed to disclose that consumers would be entered into negative option plans, and failed to disclose that positive articles about the products were created by Johnson and his marketing affiliates.

FTC also alleged that Johnson (in conjunction with CardFlex) knowingly submitted fraudulent merchant applications to Wells Fargo, including concealing the affiliation between the straw merchants and IWorks, and papering the applications with dummy webpages (known as “bank pages”) for underwriting purposes that, unlike the real IWorks’ websites, conspicuously displayed the terms of IWorks’ negative option offers.

The Department of Justice

Less than a month later, in January 2011, the DOJ filed its own separate criminal action against Johnson, IWorks, and four of the other individual defendants (all ex-employees) named in the FTC suit that allegedly conspired with Johnson to carry out the IWorks scheme. DOJ alleged a total of 86 separate criminal counts against Johnson and each of his co-defendants for false statements to banks, wire fraud, bank fraud, money laundering, and conspiracy to commit those crimes.
While the jury acquitted Johnson on 78 of those counts, it found him guilty on eight felony counts of false statements to banks. This is not terribly surprising when one considers that, in order to prove the crime of false statements to a bank, the government must show only that the defendant (1) made a false statement to a bank, (2) knowing it was false, and (3) did so for the purpose of influencing in any way the action of the bank.

Unlike the crime of bank fraud, it is not necessary to prove that the bank was, in fact, influenced or misled, or that the bank was exposed to a risk of loss. Thus, while Johnson repeatedly attempted to introduce evidence that Wells Fargo suffered no damage as a result of any false statement that may have been contained in the merchant applications, the District Court refused to allow such evidence on the ground that it was not a defense to the crime, and therefore irrelevant.

The penalties for false statements to a bank are severe. Sentencing guidelines prescribe a maximum penalty of up to a $1 million dollars in fines and 30 years in prison per count. Sentencing is set for June 20, 2016 and, while it is hard to predict how much time Johnson might get, the District Court may easily sentence him to 10 years in prison, which is what the government was seeking as a pre-trial plea deal.

The CardFlex Action

In July 2014, the FTC also finally got around to suing CardFlex and its principals for their alleged role for facilitating more than $26 million in illegal transactions for the IWorks enterprise. CardFlex and its officers, Phillips and Blaugrund, finally settled FTC’s charges in May 2015 by stipulating to a lifetime ban from acting as a payment processor, ISO, or sales agent on behalf of several categories of merchants, or assisting merchants to avoid chargeback monitoring programs; plus a $3.3 million monetary judgment against CardFlex and Phillips that was partially suspended based on their current financial condition.

Interestingly, Phillips testified in the recent criminal action and denied knowing about Johnson’s scheme, even though he had accepted a personal guarantee from Johnson for each of the corporate merchant accounts.

Nevertheless, given Johnson’s testimony about the CardFlex defendants’ role in eliciting and facilitating the straw merchant applications, the reality is the CardFlex defendants got off relatively easy as such conduct could easily have landed them substantial prison time along with Johnson for aiding and abetting Johnson’s false statements to Wells Fargo.

Conclusion

Card not present processing is inherent with risks. Now the stakes are higher for those in the industry processing for high risk merchants attempting to evade the card brand rules by setting up multiple merchant accounts through multiple signers. Be careful out there.

The post Lessons from a CNP Fraud Scheme – Part 1 appeared first on Genco Payments.