Almost certainly, yes.

Reserve provisions enable processors to keep a portion of funds from a transaction in a separate account, held at an acquiring bank until the risk of trailing liability ends.

Acquiring banks and processors rely on reserves to protect themselves against potential liability from credit card chargebacks and other disputed transactions. Reserve provisions enable processors to keep a portion of funds from a transaction in a separate account, held at an acquiring bank until the risk of trailing liability ends. A merchant agreement not only defines who owns the reserves, but how long they may be held by the acquirer post-termination before distribution to the merchant.

Until recently, banks and processors could feel relatively secure about the protection offered by standard reserve provisions. Yet the recent decision in Federal Trade Commission v. MOBE Ltd., Case No. 6:18-cv-862-Orl-37DCI (M.D. Fl. Aug. 8, 2018) suggests that things may not be as straightforward as they seem when it comes to the question of who owns and control merchant reserves. Qualpay and Synovus Bank learned this the hard way when the Court construed the apparent ambiguity in their merchant agreement regarding this question against them, and held that the merchant owned the reserves.

The recent decision in Federal Trade Commission v. MOBE Ltd., Case No. 6:18-cv-862-Orl-37DCI (M.D. Fl. Aug. 8, 2018) suggests that things may not be as straightforward as they seem when it comes to the question of who owns and control merchant reserves.

This ruling came about after the Federal Trade Commission obtained a temporary restraining order (“TRO”) against MOBE Ltd., an allegedly fraudulent business education program, and other related parties. The Court entered an order enjoining defendants’ unlawful conduct, freezing their assets, and appointing a receiver. The TRO included an asset freeze that covered “reserve funds held by payment processors, credit card processors, merchant banks, acquiring banks, … third party processors, … or other entities[.]”

Even though the processors and banks were not parties to the litigation, the FTC and the court-appointed receiver took the position that the reserve funds being held by them were equally subject to the TRO.

Qualpay and Synovus Bank sought emergency relief from the TRO on the grounds that the reserve funds were their property, under their control, and should therefore be excluded from the asset freeze and turnover order. The Court rejected this position, and held that the reserve funds constituted MOBE’s property and were therefore subject to the TRO.

The FTC and the court-appointed receiver took the position that the reserve funds being held by them were equally subject to the TRO. 

In reaching this conclusion, the Court focused on the parties’ roles relative to the underlying transactions, and found that the payment processor and acquiring bank are “middlemen” service providers without any entitlement to the net transaction proceeds. The Court also concluded that the merchant agreement was ambiguous with respect to ownership of merchant reserves, and construed this language against Qualpay and Synovus as the drafting parties.

It bears emphasis that the merchant agreement employed fairly standard language that is widely used in the industry regarding the character and ownership of reserves. The Court cited this language, including a clause allocating ownership of the reserves to the merchant, and made additional observations about the parties’ relationship, which favored the reserve fund being turned over to the receiver. For example, the Court observed that Qualpay and Synovus performed due diligence both before, and during, the contractual relationship, which suggested that the money at issue was “akin to collateral.” The Court – which obviously lacked a good understanding of how chargebacks operate – also found that over 180 days had passed since termination, so the risk of chargebacks had likely ended, and MOBE’s contingent interest in the reserve funds had therefore materialized; and thus, the receiver should now have control over those funds, even under alternative theories of ownership.

The Court cited a clause allocating ownership of the reserves to the merchant, and made additional observations about the parties’ relationship, which favored the reserve fund being turned over to the receiver.

The Court seized upon the fact that MOBE was the party granting Synovus a security interest in the reserve account, and held that a merchant can only grant a security interest in something that it owns. The Court also referenced provisions that allowed Synovus to deduct funds from the reserve account if there were insufficient funds in the settlement account, which the Court viewed would not be necessary if the bank owned the reserve account; and noted language that described the reserve account as part of the “property held by Bank.”

Based on the foregoing, the Court observed that Qualpay and Synovus were the “contributing authors to their own misfortune,” and held that any ambiguity in the merchant agreement regarding ownership of the reserve funds must be construed against them as the drafters – not MOBE.

After MOBE, reserves are now fair game for seizure by receivers in FTC cases.

This decision should be a wakeup call to acquirers and processors across the board. Based on over 20 years of experience in the payments industry, I can tell you that the vast majority of merchant agreements employ the same or similar language.

After MOBE, reserves are now fair game for seizure by receivers in FTC cases, and the standard reserves and security clauses present in most merchant agreements are vulnerable to attack, and may be ineffective to protect acquiring banks and processors’ valuable interest in these funds.

This decision should be a wakeup call to acquirers and processors across the board. The vast majority of merchant agreements employ the same or similar language.

The post Your Contract Doesn’t Protect You: Recent Decision Should Make You Worry About Your Merchant Reserves appeared first on Genco Payments.

Before 2002, the FTC had never sued an ISO. Since then, however, it has filed at least seven lawsuits against payment processors for facilitating merchant fraud. This trend seems to be gaining momentum.
To establish liability, the FTC relied on Section 5 of the 1914 FTC Act and the Telemarketing Sales Rule (TSR), which was enacted in 1995.

Section 5 is the basic federal consumer protection statute that allows the FTC to take action against unfair or deceptive business practices. The TSR protects consumers against businesses that engage in or facilitate fraudulent telemarketing.

The FTC takes aim

In February 2002, the FTC initiated its first lawsuit against an ISO when it sued Certified Merchant Services Ltd. under Section 5. The lawsuit alleged CMS and its third-party sales agents unfairly and deceptively modified customer contracts, debited customer accounts without authorization, failed to disclose charges and fees, and misrepresented various goods and services offered.

CMS agreed to pay $23.5 million to settle the charges. Payment to the FTC came from a forced sale of CMS’ assets.

In July 2003, the FTC filed suit against Electronics Financial Group and its principals. EFG provided a variety of electronic payment services to clients in the United States and Canada, including electronic debits and credits to consumer bank accounts through the automated clearing house (ACH) networks.

The EFG case is striking. Unlike the CMS case, which involved unfair business practices against consumers perpetrated directly by the ISO, EFG’s liability was premised on the unlawful conduct of its merchants. In particular, the FTC alleged EFG violated the law by doing the following:

• Providing assistance to merchants engaged in the deceptive marketing of advance-fee debit cards
• Processing ACH transactions on behalf of merchants engaged in outbound telemarketing to consumers with whom the merchants had no relationship. This activity was unfair in the eyes of the FTC because NACHA – The Electronic Payments Association operating rules (by which all processors are bound) specifically prohibit processing this type of transaction.
• Providing substantial assistance and support to numerous telemarketing clients who EFG knew or should have known were engaged in business practices that violated the TSR.

EFG ultimately paid $3.9 million to settle the suit. The settlement banned EFG from processing any telephone-initiated sales through the ACH network.

The offensive expands

The FTC filed a similar action against First American Payment Processing Inc. in January 2004. Once again, it relied on Section 5 and the TSR. The FTC sought to hold First American liable for processing ACH transactions on behalf of merchants engaged in fraudulent outbound telemarketing, not for any deceptive act vis-à-vis consumers by First American.

First American paid $1,580,739 to settle this case. It also agreed to halt processing payments for outbound telemarketers.

In August 2005, Universal Processing Inc. and its principals were subject to yet another FTC action. It was premised on the unlawful conduct of Universal’s merchants, not on the processor’s actions. The FTC alleged that high return rates should have tipped Universal off that it was processing unauthorized charges even though, in reality, Universal had no way of knowing consumers had not authorized debits.
Universal ultimately entered into an agreement with the FTC to settle the matter. That agreement specified that the settlement did not in any way constitute an admission of guilt on the part of Universal.

More processors hit

The FTC filed two more actions against ISOs in December 2006. The first alleged the payment processing businesses owned and/or controlled by Ira Rubin violated the TSR by aiding at least nine malicious, Canada-based, advance-fee credit card schemes. The subterfuge induced consumers to allow electronic debits from their bank accounts in exchange for unsecured credit cards. Many consumers never even received the cards.

The FTC alleged Rubin and his companies provided processing services despite receiving complaints from consumers, law enforcement and Better Business Bureau chapters concerning the deceptive and abusive business practices of its merchants.

The second action was against InterBill Ltd., a payment processor servicing high-risk merchants, such as online gambling Web sites and MO/TO marketing companies. The FTC alleged InterBill violated the FTC Act by debiting consumer bank accounts despite clear red flags that its merchants were submitting illegal transactions for processing.

It is worth noting the FTC’s claim emphasized that InterBill failed to follow its own merchant guidelines when processing these transactions, such as checking references, collecting information and verifying physical addresses.

Leveled by criminal charges

ISOs and payment processors are also vulnerable to other government actions and investigations, including criminal charges. In February 2006, CardSystems Solutions Inc. agreed to settle FTC charges that alleged the processor failed to take appropriate security measures to protect the sensitive information of tens of millions of consumers.

Also in February 2006, the U.S. government (not the FTC) filed a civil action against Payment Processing Center LLC and its principals. The suit alleged PPC either knew or remained intentionally ignorant of the fact that it was enabling merchants to engage in fraud, because it continued to process transactions for certain accounts with high return rates.

The PPC case was previously discussed in “Are you Big Brother material? The FTC seems to think so,” by Theodore F. Monroe, The Green Sheet, Sept. 11, 2006, issue 06:09:01. It is compelling because the government did not sue any of the 13 PPC merchants specifically alleged to have perpetrated the underlying acts of fraud.

In secret, the government also obtained a restraining order against PPC that barred the company from processing certain types of transactions. In addition, the order contained an immediate asset freeze.

And in January 2007, authorities brought criminal charges against John David Lefebvre and Stephen Eric Lawrence, the principals of a company that processed Internet gambling transactions.

The charges alleged the pair set up an Internet payment services company to help facilitate the transfer of billions of dollars of illegal gambling proceeds from American citizens to overseas Internet gambling companies.

Protective armor for payment processors

Worried? Here are some things you can do to avoid these types of government inquiries and lawsuits:

• Investigate your merchants’ business practices, and verify that they honor all promises they make.
• Carefully adhere to your underwriting guidelines, and look for inconsistencies in merchant applications.
• Halt processing services to merchants that may be violating the law or have unusual or high chargeback ratios.
• Review all marketing materials and telemarketing scripts.
• Obtain written documents demonstrating your merchants’ compliance with card Association and NACHA rules and regulations regarding consumer authorization of debits.
• Never process ACH transactions on behalf of merchants engaged in outbound telemarketing to consumers with whom such merchants have no existing relationship. Remember, this activity constitutes an unfair practice in the eyes of the FTC. And it violates the NACHA rules to which processors are contractually bound.

If you suspect your customers of violations, or if you receive a government inquiry concerning one of your merchant accounts, consult a lawyer with experience in the payments industry.

There are many ways you can be held responsible for your clients’ conduct. An attorney can help ensure that you do everything in your power to comply with the law and avoid a situation where you incur liability for aiding and abetting unlawful conduct.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com

The post Think Chargebacks Are Bad? Look What Uncle Sam Can Do appeared first on Genco Payments.

Who’s knocking at the door?

ISOs may receive requests for information from any number of government agencies and prosecutors. However, the Federal Trade Commission, Internal Revenue Service, U.S. Postal Inspection Service and state attorneys general are among the most likely candidates. The FBI and an array of federal prosecutors follow closely behind.

Government agencies may contact ISOs for information about merchants for any number of reasons. Inquiries could be part of preliminary civil investigations in response to consumer complaints. Inquiries could also stem from prosecutors seeking admissible evidence of criminal conduct and its resulting proceeds.

Types of merchant offenses typically pursued by authorities involve allegations of improper advertising and billing practices; 2003 CAN-SPAM Act and Do-Not-Call Registry violations; and the sale of illegal products or services (such as restricted narcotics or online gaming).

I have also seen several IRS inquiries seeking to determine a merchant’s actual income, as well as a number of Justice Department inquiries trying to discern the amount of wrongful proceeds allegedly generated by an illegal scheme.

Requests you can’t refuse

Depending on the investigating agency and the nature of the alleged offense, the government’s inquiry may come in the form of an informal request for information, such as a letter or phone call, or as a formal demand for information, such as a subpoena to produce documents or to appear as a witness before a grand jury.

Many inquiries – initial inquiries at least – are informal requests from agents or attorneys for answers to a few questions, or some other “voluntary” demonstration of cooperation.

The government can compel cooperation at any time by serving subpoenas or civil investigative demands that require the production of documents, electronic information or other tangible evidence.

Government agencies may also compel company officers and representatives to testify under oath in depositions, grand jury proceedings or at trials.

No rational businessperson wants to be involved in a government investigation. Even the most aboveboard and conscientious among us should be extremely cautious when receiving any type of inquiry from a government agency.

Indeed, an investigation of one of your merchant’s business activities may turn into an investigation of your ISO if authorities come to suspect you have done something wrong. Authorities may even attempt to hold you legally responsible for the illegal or improper acts of your merchants.

For instance, a number of ISOs have faced liability from the FTC or the Justice Department for the processing practices for their merchants, in essence holding the ISOs responsible for merchants’ excessive chargeback or return rates.

Heads out of the sand

The most important first step for any processor, ISO or MLS dealing with any form of information request from a government agency is to promptly retain an experienced lawyer and address the situation directly.
Conversely, the biggest mistake you can make is to delay taking action or simply blow the government agency off.

Even when you have no relevant records and absolutely nothing to hide, you can become vulnerable to serious penalties should you fail to comply in a timely fashion with a government investigation.

Moreover, once you are aware of an investigation, it is imperative that you faithfully preserve all documents and electronic information (including e-mail correspondence) that might prove relevant to the government’s inquiry.

Indeed, destroying documents under such circum-stances could render you subject to civil (and even criminal) liability.

Also, if you learn that one of your merchants is under governmental investigation, conduct your own research to determine whether to terminate the merchant or place the merchant on an increased or 100% reserve.

In devising the best risk-mitigation strategy for you and your bank, be sure to comply with all requirements of your merchant agreement. Otherwise, you may expose yourself to a breach of contract claim by the merchant involved.

A government inquiry can be distressing but need not mean disaster. The key is to deal with it promptly.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post Hop to it When the Government Calls appeared first on Genco Payments.

McAfee Inc. recently learned this lesson the hard way. The company agreed to pay $80 million to resolve a California district court class action lawsuit that said it charged automatic renewal customers higher prices than it charged other customers who purchased subscriptions to the exact same anti-virus software products. If true, this would have been a violation of its contractual promises and express representations to automatic renewal customers that they would pay the same, then-current price for such products as any other customer purchasing a subscription.

Accuracy, visibility

So how can a business avoid this problem? Beyond the obvious – making sure a company’s advertising claims and other representations to consumers accurately depict its business practices, including the terms of the automatic renewal offer and the customer’s cancellation rights – adhering to the California statute, which happens to be the most stringent in the United States. That way, even if you don’t sell to consumers in California, you will effectively ensure your business complies with the requirements of the Federal Trade Commission Act (FTC Act), the Restore Online Shoppers’ Confidence Act (ROSCA), and individual state laws.

California’s Automatic Renewal Law requires businesses to provide clear and conspicuous notice to consumers regarding the terms and conditions of any automatic renewal offer prior to their completion of the subscription or purchase transaction.

To satisfy this requirement, a business must ensure its contract with the consumer discloses the complete automatic renewal terms and cancellation rights in a more conspicuous manner than the rest of the contract: namely, “in a larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks, in a manner that clearly calls attention to the language.”

Alleged violations

Let’s take a closer look at how McAfee got itself in trouble. According to the lawsuit, any consumer who purchased a one-year McAfee software subscription was automatically enrolled by default in the auto-renewal program, regardless of where he or she bought the product (for example, directly from McAfee’s website or from a retailer such as Amazon).

McAfee was said to induce such participation by telling customers that the cost to automatically renew their McAfee anti-virus software subscriptions would be no more than McAfee’s normal, then-current price charged to other customers for the same products. The renewal fee was then automatically charged to the customer’s payment card on file each year thereafter unless the customer took an affirmative step to cancel his or her enrollment in the automatic renewal program. Rather than charging automatic renewal customers the same price as other customers, however, McAfee was accused of charging those customers more.

For example, the operative complaint alleged that “customers who had their McAfee AntiVirus Plus subscriptions auto-renewed by McAfee on January 1, 2014, would have been charged $49.99 by McAfee for their renewed one-year subscription. To all other customers that day, McAfee offered the same one-year McAfee AntiVirus Plus subscription for just $34.99, whether the customers were purchasing a new subscription or manually renewing an existing subscription, and whether they made their purchase or manual renewal on McAfee’s website or via their McAfee Software.”

The lawsuit further alleges the prices McAfee charges auto-renewal customers are not only higher than the prices McAfee charges other customers, they are also higher than the suggested “list” prices McAfee provides to retailers of McAfee software.

Based on this conduct, plaintiffs sued McAfee for breach of contract, unlawful, unfair, and fraudulent business practices, false advertising and violating California’s Automatic Renewal Law, among other causes of action.

Under the terms of the settlement, McAfee will pay $11.50 (in the form of cash or as credit toward future purchases of McAfee products) to each consumer in the United States who paid for the automatic renewal for McAfee software between January 10, 2010, and February 10, 2015, and whose first auto-renewal charge was greater than the price paid for the initial subscription license. In the aggregate, such payments are estimated to exceed $80 million. The settlement also requires McAfee to change its policy regarding auto-renewal transactions and its advertising of past reference prices.

Prior consent

In addition to the clear and conspicuous disclosure requirements, California’s Automatic Renewal Law requires businesses to obtain the consumer’s affirmative consent to the agreement (for example, scrolling through the text of the agreement, and selecting the “I Agree” button) prior to completing the subscription or purchase transaction, and provide the consumer with an acknowledgement that includes the automatic renewal or continuous service offer terms, and cancellation policy and instructions for canceling, in a manner capable of being retained by the consumer. If the offer contains a free trial, the acknowledgment must also disclose how to cancel to avoid paying for the goods or services.

If there is a material change to the terms of the automatic renewal offer (such as pricing), a business must provide the consumer with prior notice of the change and how to cancel before the change takes effect in a clear, conspicuous manner.

Failure to comply with any of these requirements may result in restitution damages of all of the renewal revenues collected from California customers, regardless of whether they actually wanted and used the service, were actually deceived or suffered any damages.

Best practices

It bears emphasis that California’s Automatic Renewal Law applies to any contract entered into by any consumer in California that provides for automatic renewal by a recurring charge to his or her credit card or bank account, regardless of where the business is located. Again, while state laws vary dramatically, compliance with the California law will effectively ensure your business satisfies the requirements of other state laws, as well as the FTC Act and ROSCA.

In addition to satisfying California’s notice, consent and acknowledgement requirements at the front end of the subscription relationship, we believe the best practice is to send consumers an additional email notice in advance of the automatic renewal date. That notice needs to prominently disclose the renewal price and renewal date, and advise the consumers their subscriptions will be automatically renewed at that price on that date unless they cancel or disable the automatic renewal function beforehand.

Although the practice is not required under California law and may cause businesses to lose some automatic renewal subscriptions, it offers the benefit of further protection against being the subject of a class action lawsuit and paying millions of dollars in restitution damages or settlement.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post Help Merchants Avoid Subscription Legal Headaches appeared first on Genco Payments.

By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the last of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 examined the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud. Part 3 looked at credit card laundering, one of the crimes Johnson was charged with. The last installment describes what a company can expect when it runs afoul of the FTC.

Anatomy of an FTC Action

Most payment processors understand that certain classes of high-risk merchants are popular targets for scrutiny by the FTC and other regulatory authorities. Trial, free-to-pay conversions, recurring billing, onerous return policies, paid testimonials and unsubstantiated advertising claims are just a few of the most common sins that will land a merchant squarely in FTC’s crosshairs. In such cases, the agency will not hesitate to look past the merchant to every entity in the payment chain it deems knowingly or recklessly facilitated the merchant’s access to the payments system in the face of such red flags, or in violation of its own underwriting policies. One need only consider the FTC’s prosecution of Jeremy Johnson and the associated ISOs and sales agents that boarded his straw merchant accounts, or the commission’s more recent pursuit of CardReady in connection with its alleged role for helping to launder credit card transactions in connection with a massive debt relief scam.

Nonetheless, many banks and processors have no idea what an FTC lawsuit looks like until the merchant gets sued and the operating account and merchant reserves are already frozen. So, rather than leaving you to learn the hard way by experience, we offer you this brief primer on the anatomy of an FTC lawsuit.

Civil Investigative Demand

If the FTC has a standard playbook, it usually begins with serving a court-ordered subpoena, known as a Civil Investigative Demand (“CID”), on the acquirer, processor, ISO and even the sales agents. The CID typically demands production of the underwriting file and complete transaction processing history of the merchant(s) or individual(s) under investigation, and generally requires the subpoenaed party to refrain from disclosing the existence of the investigation to the merchant. In addition to furthering its investigation into the subject merchant, the FTC also carefully evaluates whether such materials suggest any wrongdoing by those in the processing chain, such as falsifying merchant applications, circumventing underwriting requirements, setting up multiple MIDs for load-balancing or otherwise helping the merchant to set up straw merchant accounts to factor the merchant’s transactions.

Indeed, the suit against Jeremy Johnson was pending for more than three-and-a-half years before the FTC finally filed a separate suit against the ISOs and sale agents allegedly responsible for knowingly boarding his merchant accounts in violation of their own underwriting policies.

Temporary Restraining Order and Asset Freeze

The agency’s next move usually is to file a civil complaint against the merchant for violations of Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” Typically, the complaint is filed under seal along with an ex parte application for a temporary restraining order (TRO) imposing an asset freeze on all merchant funds. Such papers are filed under seal to prevent the merchant and its principals from diverting or dissipating funds in anticipation of a lawsuit, which means that the merchant has no real chance to defend itself against the TRO. Moreover, the parties processing for the merchant generally have no prior notice of the government action unless previously served with a CID.

The asset freeze typically extends to all third parties in possession or control of funds attributable to the merchant or its principals, including all banks and payment facilitators. While the acquirer and ISO may attempt to argue otherwise, reserve funds are also subject to the asset freeze. Most TROs also appoint a temporary receiver to take control of the merchant’s business and all frozen funds to prevent further consumer fraud, and ensure that such funds are preserved for the purposes of consumer redress (discussed below).

Preliminary Injunction

Once the merchant has been served and its assets frozen, the Court unseals the complaint and the action becomes public. Indeed, often it is publicly touted via press release on the FTC Website alerting consumers to the alleged scam or scheme at issue. The agency then moves for an order of preliminary injunction, prohibiting the merchant from engaging in the challenged conduct, maintaining the asset freeze, and confirming the receiver’s power and authority to control the merchant’s business and funds pending resolution of the action. In order to prevail on a preliminary injunction motion, the FTC must meet a four-part test by proving: (1) a likelihood of success on the merits; (2) a likelihood of irreparable harm in the absence of preliminary relief; (3) that the balance of equities tips in favor of a preliminary injunction; and (4) that an injunction is in the public interest.

To defeat such a motion, the merchant must convince the Court of the FTC’s inability to prove any of these four elements. For example, the merchant may present evidence tending to prove that it did not deceive consumers or engage in unfair business practices; or that the balance of equities weighs against preliminary relief because the merchant has already stopped the challenged business practice and is otherwise engaging in a lawful business with numerous employees that would lose their jobs if the injunction issued. Yet, it is ultimately up to the Court to decide these questions within its own discretion.

Stipulated Permanent Injunction

If the FTC prevails on the preliminary injunction motion, it usually signals a death knell for the merchant because the merchant is often left with no funds to pay its lawyers to defend the action, and, as we all know, lawyers rarely work for free. Thus, at that point, the merchant and its principals often settle the action by stipulating to a permanent injunction banning them for life from engaging in the challenged conduct, requiring them to pay a substantial monetary judgment and requiring them to file annual reports with FTC regarding their future business activities for a period of at least ten years.

On the other hand, if the merchant successfully defeats the motion (in whole or in part) and gains access to sufficient funds or if it has access to friends and family funds, to pay its lawyers to defend against the action, it thereby gains a significant bargaining chip with respect to the ultimate outcome. While most merchants who prevail at this stage still end up stipulating to a permanent injunction in order to settle the action, they may gain tactical leverage by their ability to continue the fight, and thus may find themselves in a far better position to negotiate more favorable settlement terms, such as a more narrowly tailored ban (whether in regard to the scope of the prohibited conduct or the duration of the ban), or a lesser monetary judgment.

Consumer Redress

So what happens to the frozen funds after they are turned over to the receiver? Pursuant to section 13(b) of the FTC Act, the Commission may seek monetary consumer redress only on a strictly equitable basis. This means that the FTC may seek monetary consumer redress in only one of two forms: equitable restitution or disgorgement of a defendant’s ill-gotten gains. Equitable restitution is money or property in the defendant’s possession that is identified as belonging in good conscience to injured consumers and is intended to make them whole. It often is unavailable as a remedy, however, because the defendant has already dissipated or commingled the funds with other assets prior to the action being filed. Thus, in most cases, the FTC must pursue disgorgement of a defendant’s ill-gotten gains as the only available monetary remedy. Notably, the primary purpose of disgorgement is not to compensate the victims of the deceptive advertising, but to deprive the wrongdoer of his ill-gotten gains. Disgorgement is normally measured by the amount of ill-gotten revenues connected to the defendant’s wrongful conduct. Not surprisingly, that inevitably includes all of the gross proceeds of the merchant’s illegal processing activity.

Looking Past the Merchant

As mentioned, the FTC and the receiver invariably will take the position that merchant reserves are proceeds of the merchant’s illegal activities (subject to the asset freeze) and will ultimately seek a transfer order moving the funds into the receiver’s possession. Thus, upon being served with the TRO, the acquirer and ISO must make a strategic decision about whether (and to what extent) to oppose the FTC’s efforts. Where the acquirer has contractual indemnity from the ISO for chargebacks and merchant-related losses, the acquirer will often be loath to join the fray and will instead simply look to the ISO to make it whole.

For this same reason, the ISO may feel it has a strong incentive to challenge the scope of the asset freeze and attempt to obtain a carve-out for the merchant reserves to cover chargebacks and other merchant-related losses. However, by doing so, it may also incur FTC’s ire and invite further scrutiny regarding its business activities. This presents an especially tricky problem for those that may have failed to satisfy applicable underwriting standards in regard to a merchant because they may increase their chances of being added as defendants to the action, or even having a separate action filed against them by FTC. Again, in the case of Jeremy Johnson, FTC waited more than three and a half years after filing suit against him to file suit against the ISOs and sales agents that allegedly boarded him in violation of their own underwriting standards. Whether an ISO has a good argument to carve-out reserves from the asset freeze depends in no small part on the merchant agreement, and most merchant agreements are decidedly not well-drafted in this regard.

Thus, if you are transacting in the high-risk CNP space or providing processing for such merchants, you are well advised to choose your merchants carefully, and put your ducks in a row before the FTC comes knocking.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 4 appeared first on Genco Payments.

Recently, the criminal case against online merchant Jeremy Johnson in Utah that started back in June 2011 finally came to a close. After more than four years of litigation and six weeks of trial, the jury found Johnson guilty of eight counts of making false statements to a bank, but acquitted him on 78 other charges, including bank fraud, wire fraud, conspiracy and money laundering. By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

Credit Card Laundering: Feds Are Cleaning House

The U.S. federal government has declared open season on merchant processors for their involvement in what is called credit card laundering or “factoring,” with a number of high-profile lawsuits involving the practice.

Recently, Utah merchant Jeremy Johnson wasprosecuted for such activity, which resulted in his conviction on eight felony counts of false statements to banks. Prior to the filing of the DOJ’s criminal complaint in January 2011, the FTC filed its own civil action against Johnson, IWorks and the dozens of shell companies they used to carry out the fraud. More than three and a half years later, in July 2014, the FTC sued the ISO CardFlex and the various sales agents allegedly responsible for facilitating more than $26 million in illegal transactions for the IWorks scheme.

The IWorks action provides a good illustration of how ISOs can quickly land themselves in hot water with the FTC right alongside their merchants for allegedly employing, advising or enabling them to employ deceptive tactics to open merchant accounts, and thereby facilitating their access to the payments system. The FTC alleged that IWorks and Johnson submitted fraudulent merchant applications to the acquirer, opening at least 293 accounts in the names of 30 separate “straw” corporations in less than a year. The FTC sued the ISO and agent defendants for engaging in unfair and deceptive practices in violation of Section 5 of the FTC Act by facilitating Johnson’s submission of the applications and opening of the straw merchant accounts, which is the same type of conduct now being actively targeted by the FTC in credit card laundering cases against other merchant processors and ISOs.

The takeaway here is clear: The FTC expects processors and ISOs to actively police the payments system, and will not hesitate to prosecute them for failing to appropriately vet and monitor their merchants, especially where the evidence suggests any possible collusion with a merchant to dupe an acquirer or circumvent card brand rules—credit card laundering and factoring schemes being prime examples.

What is Credit Card Laundering?

Credit card laundering generally occurs in the context of a merchant that can’t open a merchant account in its own name, whether for past sins or the questionable nature of its present business activities. In such cases, the merchant, or the ISO or sales agent seeking to sign up the merchant, may recruit another company (that already has a merchant account, or can readily open one) to act as a front, pass-through or aggregator for the merchant’s transactions. In return, the recruited company typically receives a percentage of the sales, anywhere from a few points to ten percent or more. While it may sound like a simple solution to a business-crippling problem, the simple fact is merchants and ISOs that go this route are engaged in illegal credit card laundering (also known as “factoring”), and may face big civil and criminal liability.

When transactions are being factored, defrauded consumers can’t identify the true source of the transaction (i.e., the real merchant) by the charges that appear on their credit card statements. This confusion makes it easy for unscrupulous merchants to avoid detection by consumers and law enforcement. Furthermore, even if the bank and processors terminate the offending merchant account, they may not learn the identity of the actual company behind the excessive chargebacks. The true culprit is then able to perpetuate the scheme as long as it can recruit other companies to provide access to their merchant accounts. Thus, from the FTC’s perspective, using straw signers to facilitate access to the payments system constitutes an unfair and deceptive business practice that violates Section 5 of the FTC Act and is very much on its radar.

When the merchant at issue is a telemarketer, such conduct also constitutes illegal credit card laundering under the Telemarketing Sales Rule (TSR). Specifically, the TSR prohibits any merchant from presenting (or causing another to present) a telemarketing credit card transaction into the payments system that is not the result of a transaction between the cardholder and the merchant submitting the transaction. The TSR also makes it illegal for any person to employ, solicit or otherwise cause another to submit such a prohibited transaction, or to obtain access to the payments system through the use of a business relationship or an affiliation with a merchant, when such access is not authorized by the merchant agreement or the applicable credit card system. Moreover, the FTC has demonstrated its eagerness to look past the merchant and go after everyone in the payment chain where they play a role in facilitating such schemes.

CardReady and PayBasics Actions

This past December, the FTC filed two separate lawsuits (against CardReady and PayBasics) for alleged credit card laundering and factoring in violation of the TSR. In its complaint against CardReady, FTC alleges that the ISO and its principals solicited at least 26 straw merchants to act as signatories on shell businesses and dummy merchant accounts for a group of merchants running a fraudulent debt relief scam in order to launder their transactions and fraudulently facilitate their access to the payments system. The FTC alleges that CardReady submitted falsified merchant applications to its processor that depicted the shell companies as bona fide businesses by using the signers’ driver’s licenses and bank statements, and the previously signed forms. The FTC made similar claims against PayBasics and its principals, alleging they knowingly helped a group of merchants behind a fraudulent work-at-home scheme to open and maintain merchant accounts used to process credit card payments for sales made by a number of different third-party scammers. The agency alleges that, in some cases, PayBasics’ principals personally vouched for the shell companies behind the bogus merchant accounts so they would be approved, in violation of the TSR.

These cases should prove a cautionary tale to those that would knowingly set up multiple MIDs and straw or funnel accounts to load-balance or launder their credit card transactions and those processors and ISOs that assist them.

Consequences: Lifetime Bans and Money Judgments

And what are the potential consequences to those that fail to heed this warning? Johnson (already incarcerated pursuant to the criminal action) is expected to go to trial in the FTC action later this year. Based on the result in the criminal action, Johnson will likely face a catastrophic monetary judgment and draconian injunctive relief.

In January of this year—less than a month after FTC filed suit against them—PayBasics and its principals agreed to settle FTC’s claims by stipulating to a permanent injunction order prohibiting them from acting as a payment processor, contracting with a payment processor to provide payment processing services, or acting as sales agents for high-risk merchants, and imposing a (partially suspended) monetary judgment of $1.02 million.

The CardReady action remains pending in federal district court in Florida.

Criminal Liability: Prison Time and More Money

Credit card laundering also violates various federal and state criminal laws. Where the practice affects interstate or foreign commerce, the federal courts have jurisdiction. The Department of Justice Financial Crimes Enforcement Network (“FinCEN”) regards such factoring activities as a variation on money laundering, and may pursue merchants and processors alike in appropriate cases. Depending on the particular facts of the credit card laundering scheme, such conduct may variously violate 18 U.S.C. § 1029 (factoring), 18 U.S.C. § 371 or § 1029(b)(2) (conspiracy), 18 U.S.C. § 1343 (wire fraud), or 18 U.S.C. § 1344 (bank fraud). Maximum penalties range from 10 to 30 years in prison, plus up to $1 million per offense.

Many states also have their own laws against factoring. For example, under Washington law, a person is guilty of unlawful factoring of a credit or payment card transaction if the person:

• Presents to or deposits with, or causes another to present to or deposit with, a financial institution for payment a credit or payment card transaction record that is not the result of a credit or payment card transaction between the cardholder and the person
• Employs, solicits, or otherwise causes a merchant or an employee, representative, or agent of a merchant to present to or deposit with a financial institution for payment a credit or payment card transaction record that is not the result of a credit or payment card transaction between the cardholder and the merchant; or
• Employs, solicits, or otherwise causes another to become a merchant for purposes of engaging in such unlawful conduct.

A first offense is a class C felony, which carries a maximum penalty of 5 years in prison and a $10,000 fine, and a second offense is a class B felony, which carries a maximum penalty of 10 years and $20,000. Many other states have similar laws.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 3 appeared first on Genco Payments.

This is the second of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 described the case and some of the issues the decision turned on. Part 2 looks at the involvement of CardFlex, one of the ISOs charged by the FTC of aiding Johnson in his alleged fraud.

CNP Series: Lessons from a CNP Fraud Scheme – Part 2The CardFlex Side of the Story

We recently reported to you regarding the DOJ’s federal criminal conviction of Jeremy Johnson for making false statements to Wells Fargo for the purpose of opening a myriad of straw merchant accounts. Fallout from the case landed on the processors, ISOs and sales agents that worked with him, including CardFlex, Inc., which found itself squarely in the FTC’s crosshairs because of the matter.

CardFlex’s CEO, Andrew Phillips, contacted us shortly after Part 1 of this series ran to give us his side of the story. We found it riveting and wanted to share it.

To recap, the FTC alleged that CardFlex and its principals provided critical assistance to Johnson by conspiring with him to use shell corporations and third-party signers to board those accounts, providing him with load-balancing software and instructing him along the way.

In turn, CardFlex did what the overwhelming majority of defendants in FTC cases do—it settled those charges by entering a stipulated order for permanent injunction and paying some funds. As Phillips put it, his attorneys made it clear that if he wanted to fight the case, it would take at least $5 million and five years (an estimate that we agree with). According to Phillips, he did not regret the decision but, based upon what came out at Jeremy Johnson’s trial, he now feels he was railroaded by the FTC.

Phillips said Johnson approached him in mid-2009 with a plan to offer a “soup-to-nuts” third-party payment solution for entrepreneurs looking to break into e-commerce. Johnson had already been placed on MATCH (Member Alert to Control High Risk, a black list managed by the card networks containing merchants whose card processing privileges have been revoked). He was having serious chargeback problems and said he wanted to diversify by moving away from the merchant side of the coin to help others launch their own online businesses using iWorks’ proven relationships, systems and technologies, and Johnson’s credit. Johnson said he would personally guarantee the merchant accounts—he was liquid, with more than $30 million cash on hand in the bank—and sold CardFlex on the idea that he was looking to bring legitimate merchants to the game.

Phillips maintains that CardFlex performed substantial due diligence on iWorks and each of the hundreds of merchant accounts it opened, but, in hindsight, Phillips himself acknowledges that CardFlex could have done more to uncover and shut down the scheme earlier than it did had it employed more vigorous merchant monitoring practices.

Phillips contends that the federal government overreached its authority, based on evidence that came out in Johnson’s criminal trial that Johnson developed his multiple MID scheme more than one and a half years before ever approaching CardFlex.

In his defense at trial, Johnson attempted to rely on the FTC’s allegations that CardFlex came up with the idea of using straw entities and third-party signers to create multiple MIDs. That would enable Johnson to claim he could not be guilty of defrauding Wells Fargo because he merely followed the instructions provided to him by CardFlex as Wells Fargo’s agent. An unrelated defense was that the representation was made to CardFlex and not Wells Fargo.

However, by finding Johnson guilty on eight counts of making false statements to a bank, the jury appears to have rejected those arguments, persuaded in no small part by Johnson’s internal emails showing that he had already developed the straw-merchant-multiple-MIDs scheme long before meeting with CardFlex, and even had another ISO on deck for when the CardFlex accounts got shut down. Thus, Phillips maintains, that same evidence should have exonerated CardFlex in the FTC action and proven his own innocence in these matters, at least as far as the allegations surrounding the development, the idea and the technology to support the scheme.

To us, that is probably an overstatement because such evidence does not conclusively prove that CardFlex had no role in aiding Johnson’s scheme. The FTC could reasonably argue that by failing to shut down the merchants’ processing in a timely manner, Cardflex violated the FTC Act. Nonetheless, Phillips believes that the FTC made an example of CardFlex as part of its bigger agenda to turn processors and ISOs into payments cops by holding them strictly liable for their merchants’ bad acts.

Other payment companies and processors would do well to heed this cautionary tale and choose their merchant partners very carefully. Dot all the i’s and cross all the t’s from start to finish by employing ETA best practices in regard to both underwriting and monitoring to keep the FTC and other regulators at bay.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at monroe@tfmlaw.com.

The post CNP Series: Lessons from a CNP Fraud Scheme – Part 2 appeared first on Genco Payments.

By far the biggest legal spectacle involving card-not-present high-risk processing in more than a decade, the Johnson case poses a cautionary tale to banks and ISOs inclined to bend the rules in search of profits; and to merchants willing to “bend the truth” to get access to the payments system.

This is the first of four articles that will use the case to examine card-not-present fraud from a legal perspective. Part 1 describes the case and some of the issues the decision turned on. Subsequent articles will take a closer look at those issues and how they might apply to all sides of the card-not-present ecosystem.

The IWorks Scheme

Johnson masterminded an extremely profitable online marketing scheme known as IWorks. IWorks depended on a huge network of affiliate marketers to target vulnerable consumers with risk-free and free trial offers to receive instructional CDs showing how to win government grant programs to stop foreclosures, pay down debt, purchase real estate, launch businesses, cover medical expenses, and even pay grocery bills and Christmas presents, all in exchange for the consumer’s payment of a nominal shipping and handling fee. Instead, consumers found unauthorized charges by unknown merchants on their monthly card statements, including large onetime charges for “forced upsells,” and recurring monthly charges flowing from their involuntary enrollment in negative option continuity billing programs. These practices enabled IWorks to generate more than $275 million in sales between 2005 and 2010 alone.

The MATCH Problem

But by 2009, Johnson had a real problem: how to maintain his access to the payments system and keep the money taps flowing despite having been placed on the MATCH list by no less than four separate banks. MATCH stands for Merchant Alert To Control High-risk merchants. Of course, the card brands created MATCH to compile information on businesses and their owners when their merchant accounts have been terminated for excessive chargebacks, excessive fraud, credit card laundering, illegal activity, or other violations of card brand standards. In turn, acquiring banks use the list to help screen applicants, and generally reject out-of-hand any merchant that has been added to MATCH as an unacceptable risk.

The Straw Merchant Solution

Like hundreds of other MATCH-listed merchants, Johnson solved his dilemma by enlisting a legion of surrogates (family, friends, employees, etc.) to form more than 60 shell companies to operate in his behalf. Because those surrogates were not listed on MATCH and the newly formed entities had no negative processing history, they had little trouble opening new merchant accounts, and Johnson allegedly used these straw companies to open more than 293 merchant accounts with CardFlex and Wells Fargo in a one year period alone.

This strategy also enabled Johnson to spread transactions across the merchant accounts to avoid detection by the card brands’ excessive chargeback monitoring programs. For example, Visa sets a 1 percent chargeback limit for any merchant that processes 100 or more transactions and 100 a more chargebacks in a given month. Any merchant that exceeds that limit is placed in the merchant chargeback-monitoring program. Thus, by spreading IWorks’ transactions across hundreds of merchant accounts, Johnson was able to keep his transaction numbers below the 100 chargeback mark for each merchant account even though IWorks’ total chargeback activity dramatically exceeded the 1% threshold.

Notably, Johnson ultimately testified that he learned these strategies from CardFlex’s principals, Andrew Phillips and John Blaugrund, and that it was their idea to begin “load balancing” the accounts to avoid triggering chargeback monitoring program minimum-transaction-per-account thresholds, and “obtaining multiple signers for each corporation” rather than using the same five to six “signers” for all of its corporations to avoid detection by Wells Fargo. Nonetheless, Wells Fargo eventually got wise and put the brakes on the operation in June 2010, shutting down the IWorks’ network of merchant accounts and severing all ties with CardFlex.

The Federal Trade Commission

In December 2010, the FTC filed a civil action for unfair and deceptive business practices against Johnson, IWorks, Inc., nine other individual defendants, nine other corporate entities and, ultimately, the more than 60 shell companies they are alleged to have created to carry out the IWorks scheme. Among other things, FTC alleged that Johnson’s websites used misleading testimonials, failed to disclose that consumers would be entered into negative option plans, and failed to disclose that positive articles about the products were created by Johnson and his marketing affiliates.

FTC also alleged that Johnson (in conjunction with CardFlex) knowingly submitted fraudulent merchant applications to Wells Fargo, including concealing the affiliation between the straw merchants and IWorks, and papering the applications with dummy webpages (known as “bank pages”) for underwriting purposes that, unlike the real IWorks’ websites, conspicuously displayed the terms of IWorks’ negative option offers.

The Department of Justice

Less than a month later, in January 2011, the DOJ filed its own separate criminal action against Johnson, IWorks, and four of the other individual defendants (all ex-employees) named in the FTC suit that allegedly conspired with Johnson to carry out the IWorks scheme. DOJ alleged a total of 86 separate criminal counts against Johnson and each of his co-defendants for false statements to banks, wire fraud, bank fraud, money laundering, and conspiracy to commit those crimes.
While the jury acquitted Johnson on 78 of those counts, it found him guilty on eight felony counts of false statements to banks. This is not terribly surprising when one considers that, in order to prove the crime of false statements to a bank, the government must show only that the defendant (1) made a false statement to a bank, (2) knowing it was false, and (3) did so for the purpose of influencing in any way the action of the bank.

Unlike the crime of bank fraud, it is not necessary to prove that the bank was, in fact, influenced or misled, or that the bank was exposed to a risk of loss. Thus, while Johnson repeatedly attempted to introduce evidence that Wells Fargo suffered no damage as a result of any false statement that may have been contained in the merchant applications, the District Court refused to allow such evidence on the ground that it was not a defense to the crime, and therefore irrelevant.

The penalties for false statements to a bank are severe. Sentencing guidelines prescribe a maximum penalty of up to a $1 million dollars in fines and 30 years in prison per count. Sentencing is set for June 20, 2016 and, while it is hard to predict how much time Johnson might get, the District Court may easily sentence him to 10 years in prison, which is what the government was seeking as a pre-trial plea deal.

The CardFlex Action

In July 2014, the FTC also finally got around to suing CardFlex and its principals for their alleged role for facilitating more than $26 million in illegal transactions for the IWorks enterprise. CardFlex and its officers, Phillips and Blaugrund, finally settled FTC’s charges in May 2015 by stipulating to a lifetime ban from acting as a payment processor, ISO, or sales agent on behalf of several categories of merchants, or assisting merchants to avoid chargeback monitoring programs; plus a $3.3 million monetary judgment against CardFlex and Phillips that was partially suspended based on their current financial condition.

Interestingly, Phillips testified in the recent criminal action and denied knowing about Johnson’s scheme, even though he had accepted a personal guarantee from Johnson for each of the corporate merchant accounts.

Nevertheless, given Johnson’s testimony about the CardFlex defendants’ role in eliciting and facilitating the straw merchant applications, the reality is the CardFlex defendants got off relatively easy as such conduct could easily have landed them substantial prison time along with Johnson for aiding and abetting Johnson’s false statements to Wells Fargo.

Conclusion

Card not present processing is inherent with risks. Now the stakes are higher for those in the industry processing for high risk merchants attempting to evade the card brand rules by setting up multiple merchant accounts through multiple signers. Be careful out there.

The post Lessons from a CNP Fraud Scheme – Part 1 appeared first on Genco Payments.

The Basics of E&O Insurance

The general purpose of E&O insurance is to protect a company or its management from liability for allegedly wrongful acts performed in the course of their duties. In general, E&O insurance includes any actual or alleged act or omission, error, misstatement, misleading statement, neglect or breach of duty by an insured person in the discharge of his/her duties.

In plain English, an E&O policy will cover errors in judgment, inadequate performance of obligations, and failure to exercise reasonable business judgment.

When a claim comes in, the policy provides the following:

• Defense costs: You are provided with or get to hire lawyers to defend you in litigation.
• Damages awards: Your policy pays out on settlements or awards, up to the limit of the policy.

E&O protection comes at a relatively low cost, but has the potential to save you if you are named in a lawsuit brought by private party and federal agency such as the FTC.

The FTC Is Out to Draw First Blood

There is no avoiding it. The FTC is on a litigious rampage against payment and processing companies, as well as their directors and officers, for deceptive marketing practices and consumer fraud. And the stakes are high. Through civil court action, often in concert with other governmental agencies, the FTC employs a scorched-earth approach to dealing with transgressors. That is, complete, multifaceted annihilation.

The FTC’s ability to sanction is frighteningly unfettered. The FTC can and will typically seek consumer redress damages in the amount of a company’s total sales spanning across the course of its existence. It may also request permanent injunctions to prohibit management from engaging in certain conduct in the future; sometimes enveloping that which is perfectly innocent.

Occasionally, these injunctions go so far as to completely prevent a company or individual from doing business or dealing with consumers ever again. Moreover, the government’s aggressive tactics include pursuing asset freezes that leave companies without the resources to defend themselves.

In cases where it deems the deceptive practices particularly egregious, other law enforcement agencies will get involved. The FBI and other agencies will investigate and prosecute such cases in their criminal capacity. These criminal cases often occur at the same time as the civil suits.

Similarly, the U.S. Department of Justice (DOJ) may also get involved in instances of criminal contempt. An officer or other member who fails to comply with any of the civil court’s judgment or injunction terms can face charges and conviction. Though seemingly a minor offense, one found guilty of criminal contempt could easily face prison time.

The Goal is to Incapacitate You

Not surprisingly, the cost of defending these cases can be daunting. “Daunting” means spending anywhere from hundreds of thousands to several millions of dollars in attorneys’ fees alone. The number fluctuates due to variables such as the complexity of the issues, strength of the evidence, and whether or not the case goes to trial.

State law or contractual obligations may require companies to indemnify their directors and officers in such an event. But the harsh reality is that asset freezes or other expenditures may render the defendant company financially unable to defend or indemnify its senior management.

The resulting incapacitation is no accident either. It is the exact result the government seeks to create through its aggressive tactics. For example, the FTC typically first seeks a court order such as a temporary restraining order (TRO) or preliminary injunction (PI). One key provision of such an order is to freeze a company’s assets and, sometimes, the personal assets of any named employee.

The FTC may also seek a court order which places the company in involuntary receivership or requires that it stop doing business altogether. Even if this is a temporary deprivation of assets, this first strike effectively paralyzes the defendants of their ability to affect a meaningful defense.

You can avoid or mitigate this nightmarish scenario by purchasing errors and omissions insurance. The risk of debilitating sanctions for malfeasance is high; you will want this protection in place to attract and retain quality officers for your board.

Three Things to Look for in an Effective E&O Policy

You should take the following into account when considering your E&O coverage options:

• Choose a policy that imposes a “duty to defend” on the insurer that covers true costs. Some insurers may actually provide inadequate coverage under their “duty to defend” policy by only paying your out-of-pocket costs. But this reimbursement approach rarely covers all the financial losses your company faces when defending a professional liability lawsuit. Moreover, if the FTC freezes your assets, you will be in the same position as if you had no insurance at all—without the funds needed to acquire a legal defense.
• Identify a policy that provides protection in the event of alleged violations of consumer protection laws. Insurers may avoid providing protection in the event of lawsuits brought by government bodies and agencies by stating these lawsuits as particular exclusions. Others may cover defense costs related to violations of consumer protection laws, but will not cover fines or penalties. You should make sure that the policy you choose offers you broad coverage for these claims.
• Pick a policy that allows you to choose your own counsel.Some insurers provide a “choice of counsel” provision that allow you to make the sole decision in which attorney represents you in litigation. Other insurers require a mutual agreement on counsel, while others outright refuse to provide you with a choice. Make sure this provision allows you as much freedom to choose as possible.

It is important to take note of your coverages in the event of a lawsuit that involves intentionally wrongful or illegal conduct. Most E&O insurance policies may provide for defense costs, but not for indemnification. Speak with your insurance agent to review your coverages and arm yourself with the knowledge you require to make smart insurance decisions.

Achieve the Right Victory

Your next step on the road to E&O victory is to find a good insurance broker who can explain your coverage options. That broker can then set you up with that the right policy to protect you. This is key because many polices have gaps in coverage that may make them unsuitable for your needs.

If you already know of a great insurance broker that has focused experience working with payment processing companies, call them today. And always remember to have prospective policies reviewed and negotiated by competent, experienced legal counsel.

The post Why You Need to Buy Insurance appeared first on Genco Payments.

]]> https://gencopay.com/2017/02/12/processing-debt-collectors-means-big-risk-payment-processors-isos/ Sun, 12 Feb 2017 15:53:02 +0000 http://tfmlaw.com/?p=226 In November 2015, the Federal Trade Commission (“FTC”) reported its spearheading of a nationwide crackdown (known as Operation Collection Protection) along with more than 70 federal […]

The post Processing for Debt Collectors Means Big Risk to Payment Processors and ISOs appeared first on Genco Payments.

]]> In November 2015, the Federal Trade Commission (“FTC”) reported its spearheading of a nationwide crackdown (known as Operation Collection Protection) along with more than 70 federal and state law enforcement partners against businesses engaged in deceptive and abusive debt collection practices, which resulted in more than 115 actions being filed against debt collectors in 2015 alone.

According to the FTC, many of these actions have targeted phantom debt schemes, and the failure of some collectors to give consumers legally required disclosures and notices, or to follow state and local licensing requirements.

This should be a wakeup call to those who process payments for debt collectors, particularly in light of the government’s increasing tendency in recent years to sue payment processors alongside bad merchants for enabling consumer fraud by extending them access to the payments system – especially where authorities identify deficient merchant underwriting or monitoring practices.

But what is a “debt collector” and what practices does the law prohibit?

FDCPA Covers Third-Party Debt Collectors Who Collect Consumer Debt

The Fair Debt Collection Practices Act (“FDCPA”) (15 U.S.C. §1692 et seq.) is the primary federal law that regulates the collection activities of debt collectors. The FDCPA broadly defines a “debt collector” as any person who regularly collects “consumer debt” owed to others, or collects its own consumer debts under a different name. Thus, the FDCPA generally covers hired or “third party” collectors, but not “first party” collectors (including company officers and employees) working internally to collect a consumer debt on behalf of an “original creditor.”

“Consumer debt” means personal, family, and household debts, such as money owed by a consumer on a personal credit card account, a car loan, a medical bill, or a mortgage, but does not include debts owned by businesses or by individuals for business purposes.

“Debt collectors” covered by the FDCPA include collection agencies, lawyers who collect third party debts on a regular basis, any company that regularly collects consumer debts for an unrelated company, and companies that buy delinquent debts and then try to collect them.

On the other hand, the FDCPA does not cover banks, credit card issuers, doctors, healthcare service providers, and other parties that collect: their own debts in their own name; debts which they originated and sold but continue to service (such as mortgage and student loan debts); or debts that were not in default when obtained by the purchaser.

FDCPA Prohibits Covered Parties from Using Abusive, Deceptive, and Unfair Practices to Collect Consumer Debt

The FDCPA prohibits debt collectors from engaging in conduct that harasses, oppresses, or abuses the debtor or any third party they contact.

Prohibited activities include threatening arrest, or threatening any other legal action against a debtor (e.g. wage garnishment or property attachment) unless they are permitted by law to take the action and intend to do so; and/or using deceptive means to collect a debt, including but not limited to publishing false credit information about a debtor, using “official-looking” documents to mislead the debtor, or using a false company name.

The FDCPA also prohibits covered parties from collecting “any amount (including any interest, fee, charge, or expense incidental to the principal obligation) unless such amount is expressly authorized by the agreement creating the debt or permitted by law.” (§1692(f)(1).) Most courts read this section to flatly prohibit debt collectors from charging transaction or convenience fees to consumers for accepting debit or credit cards to pay their debt unless expressly permitted under the contract that created the debt, or applicable state law. A number of other states have also enacted their own laws prohibiting debt collectors from charging such transaction fees, including Colorado, Washington and Wyoming among others.

“Original Creditors” Are Now Subject To Many Of The Same Standards Pursuant To The Consumer Financial Protection Act (“CFPA”) And Various State Statutes

The Consumer Financial Protection Bureau (“CFPB”) has also endeavored in recent years to extend many of these same standards to “first-party” debt collectors pursuant to its authority under the CFPA (Title X of the Dodd-Frank Act) to prevent “unlawful, deceptive, and abusive acts and practices” (“UDAAPs”). CFPB has repeatedly taken the position that many of the same types of activities proscribed by the FDCPA often constitute UDAAPs. Moreover, CFPB has plainly stated: “Original creditors and other covered persons and service providers under the Dodd-Frank Act involved in collecting debt related to any consumer financial product or services are subject to the prohibition against UDAAPs in the Dodd-Frank Act.” (CFPB Bulleting 2013-07.) Thus, while the FDCPA does not cover “first-party” collectors, CFPB has interpreted the CFPA’s prohibition against UDAAPs to embrace the same essential standards.

Furthermore, a federal district court in Georgia has recently agreed with CFPB and held that payment processors may be directly liable as service providers under the CFPA for proximately causing consumer injury if they process payments for merchants engaged in fraudulent activity that should have been detected by appropriate underwriting or monitoring practices.

State Law Varies Widely In Its Treatment Of Debt Collection Activities

Of course, the FDCPA’s protection extends to consumers in every state. Yet many states, including California, have also enacted their own consumer protection statutes (e.g. the California Fair Debt Collection Practices Act) extending many of the same prohibitions contained in the FDCPA to “original creditors.” Moreover, each state and U.S. territory has different licensing requirements for collection agencies, attorneys, and debt buyers, further complicating the legal backdrop against which such businesses operate.

Card Brand Rules Are Less Than Clear

MasterCard Rules prohibit a “Merchant from submitting to its Acquirer, or a Customer from submitting to the Interchange System, any Transaction that: 1. Represents the refinancing or transfer of an existing MasterCard Cardholder obligation that is deemed to be uncollectible; or 2. Arises from the dishonor of a MasterCard Cardholder’s personal check.” However, MasterCard Rules permit a Merchant to “submit a transaction with MCC 6051 (Quasi-Cash-Merchant) for the payment of an existing Cardholder obligation owed to the Merchant.” (MasterCard Rules (11 Dec. 2014), Rule 5.9.5 at p.85.)

While MasterCard does not define the phrase, a debt typically is “deemed to be uncollectible” when it has virtually no chance of being paid, and has been written off and/or farmed out to a collections agency by the original creditor. Thus, MasterCard Rules appear to prohibit a Merchant from accepting MasterCard in connection with “third-party” collection activities, but permit a Merchant to accept MasterCard in connection with “first-party” collection activities.

So, for example, it appears fairly clear that a dentist may charge a patient’s card for the past due balance on a root canal, or a lawyer may charge a client’s card for a past due services invoice, without violating MasterCard Rules, provided they use MCC 6051 for the transaction.

The result is murkier under Visa Rules.

Visa Core Rules prohibit a Merchant from accepting its cards to “collect or refinance an existing debt unless either: the Transaction results from the conversion of a Merchant’s existing card program to the Visa Program;” or “the Merchant is a government agency and the Transaction represents a loan payment.” (Visa Rules (Apr. 15, 2015), Rule 1.5.5.4 at p. CR-59.) Yet a standalone paragraph in the same Rule further states that:

At the option of Visa, a Merchant may accept a Visa Card … as payment for an existing debt. A Merchant must not accept a Visa Card … as payment for a debt that is considered uncollectible (for example: payments to a collection agency). This does not apply to a US Merchant.

(Rule 1.5.5.4 at p. CR-59.)

Okay, so what does that mean?

The ambiguous drafting of the latter clause means that Visa may subjectively interpret the Rule to permit or prohibit such transactions at its whim. As drafted, it is unclear whether or not the dentist or lawyer in our foregoing example can accept Visa as payment for an existing patient/client debt, and/or whether or not lawful debt collection agencies or other “third-party” debt collectors that comply with US law are acceptable Visa merchants, or may be under certain circumstances.

American Express identifies “debt collection agencies” as a prohibited merchant category (MCC 7322). But what exactly is the scope of that classification? Again, the lack of an accompanying definition means that American Express may subjectively interpret the term “debt collection agencies” to prohibit a far broader range of merchants than the name of the classification might otherwise imply.

Of course, MasterCard, Visa and American Express all plainly prohibit their acquirers from submitting any illegal or brand-damaging transactions to the payments system. Thus, given the complexity of the legal landscape surrounding collections activities, processing for debt collectors always carries a heightened risk of running afoul of both the law and the card brands, even in the case of “first-party” collections.

Consequences of Deficient Underwriting and Monitoring

In March 2015, the CFPB filed suit in US District Court for the Northern District of Georgia against several individuals and companies (the “Debt Collectors”) for running a fraudulent debt collection scheme using deceptive, abusive and unfair practices to trick consumers into making debit and credit card payments on “phantom debt” (i.e. debt that was not owed) in violation of both the FDCPA and CFPA, in an action styled CFPB v. Universal Debt & Payment Solutions, LLC, et al., Civil Case No.1:15-cv-00859-RWS.

CFPB also sued the payment processor and two of its ISOs (the “Payment Processors”) for boarding Debt Collectors, and allegedly failing to discharge their respective merchant underwriting and monitoring obligations. Notably, CFPB contends Payment Processors are both (1) directly liable for their own unfair practices as “service providers” under the CFPA, and (2) secondarily liable for “substantially assisting” Debt Collectors’ scheme, based on their role in facilitating the Debt Collectors’ access to the payments system by approving and continuing to process for Debt Collectors in plain violation of their own merchant underwriting and monitoring policies.

Among other things, CFPB alleges that Payment Processors approved Debt Collectors as merchants despite the fact they listed home addresses as purported business locations on their merchant applications, faxed their applications from a FedEx Office, listed the same business addresses for different businesses, and had an ex-felon for a CEO, who shared the same home address with another of Debt Collector’s principals who had low income and bad credit; and despite the fact the processor specifically identified “collection agencies” as “prohibited merchants” under its own credit policy.

CFPB further alleges that Payment Processors continued to process payments for Debt Collectors, despite high chargeback rates, detailed chargeback complaints of UDAAP violations and other fraudulent activity, and evidence of factoring, and even after MasterCard issued a MATCH alert for one defendant, Visa prohibited another defendant from using its network, and Discover demanded the termination of another of defendant’s merchant accounts.

Significantly, in September 2015, the district court denied Payment Processors’ motion to dismiss the action, holding that CFPB’s allegations plausibly supported its claims against them. As the district court stated: “[Payment Processors] knew the risks debt collectors pose, had a duty to investigate suspicious activity, and in the face of numerous warning signs of a debt-collection scheme permitted the Debt Collectors to continue to process payments anyway. In this way [Payment Processors] facilitated the Debt Collectors’ unlawful acts by giving them the tools they needed to use bankcard information to draw on consumers’ accounts-predictable consequences of ignoring consumer complaints about unauthorized charges and signs the debt-collection merchants were not legitimate businesses.”

The action is still pending

Yet given the government’s intense focus on the debt collection industry, and avowed eagerness to extend liability to processors who knowingly or recklessly facilitate bad merchants’ access to the payments system, we should certainly expect to see more payment processor and ISO defendants in further actions by the CFPB, FTC and other federal and state regulatory authorities as they continue to move forward with Operation Collection Protection in 2016.

The post Processing for Debt Collectors Means Big Risk to Payment Processors and ISOs appeared first on Genco Payments.

]]>