The Federal Trade Commission and other government agencies have a newfound willingness to hold payment processors liable for the unlawful conduct of their merchants. This is particularly true when the authorities believe processors enabled such conduct by turning a blind eye to high return rates or other indicia of fraud.

Before 2002, the FTC had never sued an ISO. Since then, however, it has filed at least seven lawsuits against payment processors for facilitating merchant fraud. This trend seems to be gaining momentum.
To establish liability, the FTC relied on Section 5 of the 1914 FTC Act and the Telemarketing Sales Rule (TSR), which was enacted in 1995.

Section 5 is the basic federal consumer protection statute that allows the FTC to take action against unfair or deceptive business practices. The TSR protects consumers against businesses that engage in or facilitate fraudulent telemarketing.

The FTC takes aim

In February 2002, the FTC initiated its first lawsuit against an ISO when it sued Certified Merchant Services Ltd. under Section 5. The lawsuit alleged CMS and its third-party sales agents unfairly and deceptively modified customer contracts, debited customer accounts without authorization, failed to disclose charges and fees, and misrepresented various goods and services offered.

CMS agreed to pay $23.5 million to settle the charges. Payment to the FTC came from a forced sale of CMS’ assets.

In July 2003, the FTC filed suit against Electronics Financial Group and its principals. EFG provided a variety of electronic payment services to clients in the United States and Canada, including electronic debits and credits to consumer bank accounts through the automated clearing house (ACH) networks.

The EFG case is striking. Unlike the CMS case, which involved unfair business practices against consumers perpetrated directly by the ISO, EFG’s liability was premised on the unlawful conduct of its merchants. In particular, the FTC alleged EFG violated the law by doing the following:

• Providing assistance to merchants engaged in the deceptive marketing of advance-fee debit cards
• Processing ACH transactions on behalf of merchants engaged in outbound telemarketing to consumers with whom the merchants had no relationship. This activity was unfair in the eyes of the FTC because NACHA – The Electronic Payments Association operating rules (by which all processors are bound) specifically prohibit processing this type of transaction.
• Providing substantial assistance and support to numerous telemarketing clients who EFG knew or should have known were engaged in business practices that violated the TSR.

EFG ultimately paid $3.9 million to settle the suit. The settlement banned EFG from processing any telephone-initiated sales through the ACH network.

The offensive expands

The FTC filed a similar action against First American Payment Processing Inc. in January 2004. Once again, it relied on Section 5 and the TSR. The FTC sought to hold First American liable for processing ACH transactions on behalf of merchants engaged in fraudulent outbound telemarketing, not for any deceptive act vis-à-vis consumers by First American.

First American paid $1,580,739 to settle this case. It also agreed to halt processing payments for outbound telemarketers.

In August 2005, Universal Processing Inc. and its principals were subject to yet another FTC action. It was premised on the unlawful conduct of Universal’s merchants, not on the processor’s actions. The FTC alleged that high return rates should have tipped Universal off that it was processing unauthorized charges even though, in reality, Universal had no way of knowing consumers had not authorized debits.
Universal ultimately entered into an agreement with the FTC to settle the matter. That agreement specified that the settlement did not in any way constitute an admission of guilt on the part of Universal.

More processors hit

The FTC filed two more actions against ISOs in December 2006. The first alleged the payment processing businesses owned and/or controlled by Ira Rubin violated the TSR by aiding at least nine malicious, Canada-based, advance-fee credit card schemes. The subterfuge induced consumers to allow electronic debits from their bank accounts in exchange for unsecured credit cards. Many consumers never even received the cards.

The FTC alleged Rubin and his companies provided processing services despite receiving complaints from consumers, law enforcement and Better Business Bureau chapters concerning the deceptive and abusive business practices of its merchants.

The second action was against InterBill Ltd., a payment processor servicing high-risk merchants, such as online gambling Web sites and MO/TO marketing companies. The FTC alleged InterBill violated the FTC Act by debiting consumer bank accounts despite clear red flags that its merchants were submitting illegal transactions for processing.

It is worth noting the FTC’s claim emphasized that InterBill failed to follow its own merchant guidelines when processing these transactions, such as checking references, collecting information and verifying physical addresses.

Leveled by criminal charges

ISOs and payment processors are also vulnerable to other government actions and investigations, including criminal charges. In February 2006, CardSystems Solutions Inc. agreed to settle FTC charges that alleged the processor failed to take appropriate security measures to protect the sensitive information of tens of millions of consumers.

Also in February 2006, the U.S. government (not the FTC) filed a civil action against Payment Processing Center LLC and its principals. The suit alleged PPC either knew or remained intentionally ignorant of the fact that it was enabling merchants to engage in fraud, because it continued to process transactions for certain accounts with high return rates.

The PPC case was previously discussed in “Are you Big Brother material? The FTC seems to think so,” by Theodore F. Monroe, The Green Sheet, Sept. 11, 2006, issue 06:09:01. It is compelling because the government did not sue any of the 13 PPC merchants specifically alleged to have perpetrated the underlying acts of fraud.

In secret, the government also obtained a restraining order against PPC that barred the company from processing certain types of transactions. In addition, the order contained an immediate asset freeze.

And in January 2007, authorities brought criminal charges against John David Lefebvre and Stephen Eric Lawrence, the principals of a company that processed Internet gambling transactions.

The charges alleged the pair set up an Internet payment services company to help facilitate the transfer of billions of dollars of illegal gambling proceeds from American citizens to overseas Internet gambling companies.

Protective armor for payment processors

Worried? Here are some things you can do to avoid these types of government inquiries and lawsuits:

• Investigate your merchants’ business practices, and verify that they honor all promises they make.
• Carefully adhere to your underwriting guidelines, and look for inconsistencies in merchant applications.
• Halt processing services to merchants that may be violating the law or have unusual or high chargeback ratios.
• Review all marketing materials and telemarketing scripts.
• Obtain written documents demonstrating your merchants’ compliance with card Association and NACHA rules and regulations regarding consumer authorization of debits.
• Never process ACH transactions on behalf of merchants engaged in outbound telemarketing to consumers with whom such merchants have no existing relationship. Remember, this activity constitutes an unfair practice in the eyes of the FTC. And it violates the NACHA rules to which processors are contractually bound.

If you suspect your customers of violations, or if you receive a government inquiry concerning one of your merchant accounts, consult a lawyer with experience in the payments industry.

There are many ways you can be held responsible for your clients’ conduct. An attorney can help ensure that you do everything in your power to comply with the law and avoid a situation where you incur liability for aiding and abetting unlawful conduct.

The information contained in this article is for informational purposes only. Please consult an attorney before relying upon it for your specific legal needs. Theodore F. Monroe is an Attorney whose practice focuses on the electronic payment and direct marketing industries. For more information about this article or any other matter, please e-mail Monroe at [email protected]