We think of the Federal Trade Commission as an anti-deception agency, and it is just that. The vast majority of its cases are brought against deceptive business practices. By statute, however, the FTC is also empowered to prevent practices that are “unfair.” This authority comes in handy when the FTC may not be able to make a deception charge stick. It is a particularly convenient tool to use against third parties who allegedly facilitate deception but are not involved in the deceptive conduct itself and may be able to defeat a deception count on that ground.
As interpreted by the FTC, a business act or practice is unfair if it: (a) causes substantial consumer injury; (b) the injury is not “reasonably avoidable;” and (c) the injury is not outweighed by any benefit to consumers or competition. This standard has been upheld against third party facilitators of consumer deception, including payment processors. In the 2009 case of FTC v. Interbill, Ltd. et al, a federal district court found that a processor engaged in unfair conduct by processing sales that resulted in substantial and unavoidable consumer injury with knowledge that the merchant was billing consumers without authorization. The court ordered redress of $1.7 million and prohibited Interbill from processing unless it first conducted a “reasonable investigation” of a prospective client and instituted a compliance monitoring system.
Since Interbill, the FTC, using its unfairness authority, has obtained more settlements against payment processors for facilitating consumer fraud or deception by their merchant clients. Last month, extending its global reach over the payments industry, it announced a settlement of charges it had brought against a Latvian-based processor, SIA Transact Pro, and its owner, for processing allegedly deceptive and unauthorized free trial negative option offers for dietary supplements and personal care products sold by a U.S. company, Apex Capital Group, which had previously settled with the FTC. In an amended complaint adding the Transact Pro defendants to the case, the FTC alleged that they committed unfair acts by engaging in “credit card laundering” by providing processing for dozens of shell companies fronting for Apex, and by helping Apex evade excessive chargeback monitoring, resulting in substantial and unavoidable consumer injury.
After failing to knock out the complaint on jurisdictional grounds (the court having found sufficient contacts between defendants and the U.S. even though the company is in Latvia and the owner is a Latvian citizen), Transact Pro, to settle, agreed to pay $3.5 million. Equally if not even more significantly, it also agreed to a truly startling set of restrictions on its business – more sweeping and intrusive than in any previous FTC payment processor settlement. They include categorical bans on payment processing for: negative option and free trial offers; several specifically named verticals; and merchants on the MATCH list for excessive chargebacks or fraud. Also imposed are a ban on credit card laundering and numerous merchant account practice prohibitions, including on misrepresentations, use of shells and nominees to obtain processing, and “load balancing”, transaction splitting and “microtransactions” to evade fraud and risk monitoring. Most striking of all, however, are a set of incredibly detailed and prescriptive requirements for screening and monitoring of high risk” and other “covered” merchant clients. A “high-risk” client is one who processes 15% or more “Card Not Present” transactions generating $500,000 or more in revenue. A “covered client” is anyone doing business in one or more of 15 named verticals or who sells through outbound telemarketing.
The screening requirements include obtaining: (1) exact information on clients’ owners and controlling persons; (2) a list of all business and trade names and websites used in marketing; (3) the name of every acquiring bank and payment processor used in the preceding two years, and all merchant identification numbers used; (4) past chargeback rate and total return rate (for ACH or RCPO transactions) for the preceding 3 months and estimates of future rates; (5) trade and bank references; and (6) whether the client has ever been placed in a chargeback monitoring program the preceding 2 years or been the subject of an FTC or other law enforcement agency complaint. Defendants must also take reasonable steps to assess the accuracy of the information, including reviewing: the client’s websites; recent monthly processing statements; and marketing materials. They must reject any client who appears to be engaged in deceptive marketing or billing practices.
The monitoring requirements include: (i) seeing if current clients are “high-risk” and, if so, promptly screening them as required; (ii) regularly reviewing all such clients’ websites, chargeback rates and total return rates; (iii) regularly calculating and updating their chargeback and total return rates; (iv) immediately stopping processing and closing all accounts for any “covered client” whose total return rate exceeds 2.5% and whose total number of returned ACH Debit or RCPO transactions exceeds 50; or whose monthly chargeback rate exceeds 1% and whose total chargebacks exceeds 50 in 2 of the past 6 months; (v) immediately conducting an exhaustive investigation of any “high-risk” client, excluding a covered client, whose total return rate exceeds 2.5% and whose total number of returned ACH Debit or RCPO transactions in any month exceeds 50; or whose monthly chargeback rate exceeds 1% and whose total chargebacks exceed 50 in 2 of the past 6 months; (vi) stopping processing and close all accounts for any such investigated high-risk client within 60 days, unless defendants establish, by clear and convincing evidence, the absence of an FTC violation; (vii) and immediately stopping processing and closing all accounts where defendants know or should know the client is engaged in fraud and risk monitoring evasion.
Transact Pro is the latest but surely not the last reminder that payment processors continue to have a big FTC bullseye on their chests and that those located offshore are not beyond the FTC’s reach. It is also a warning that if they don’t redouble their risk underwriting and monitoring efforts voluntarily, the FTC is more than ready to impose its own set of onerous and laborious due diligence measures, of the type that Transact Pro is now under a federal court order to conduct.