The Federal Trade Commission (FTC) recently announced a settlement with a group of related companies and two of their officers that used a merchant of record (MoR) model to facilitate sales for merchants. According to the FTC, the MoR businesses violated the law by assisting and facilitating fraudulent telemarketing sales of tech support services and laundering credit card charges through the defendants’ own merchant processing accounts.
The MoR model is one of several novel models payments companies and platforms have launched in the marketplace. While numerous compliance questions related to money transmission and unlawful payments aggregation abound, this particular FTC case warns that consumer protection agencies are taking a closer look at risks presented by the MoR model.
What Is a Merchant of Record?
Under the operating frameworks of the major card networks, including Visa and Mastercard, payment processors must process transactions for the entity that is selling goods or services to consumers—i.e., the merchant of record. This principle allows processors, acquiring banks, and card networks to monitor the merchant’s sales activity, chargebacks, refunds, complaints, sales methods, and other activities. When a merchant account is used to process a transaction that is not the result of a sale between the cardholder and the merchant, and the practice is not otherwise allowed by payment network rules, it may be viewed as unlawful payments aggregation.
More specifically, the FTC’s Telemarketing Sales Rule (TSR) deems this practice to be illegal credit card laundering in telephone sales transactions. The TSR provides that, except as expressly permitted by the applicable credit card system, it is a deceptive act or practice and a violation of the TSR for any merchant to deposit into the credit card system for payment a credit card sales draft generated by a telemarketing transaction that is not the result of a telemarketing credit card transaction between the cardholder and the merchant.
In addition to the FTC enforcement risks, a platform or service provider operating as a MoR may be exposed to various other legal and regulatory risks, including allegations of unlicensed money transmission. Money transmitters are regulated under federal anti-money laundering laws and, depending on their activities, may require licenses in 49 states and the District of Columbia.
Money transmission is typically defined as the receipt of funds from one party for the purpose of transferring them to another. Accordingly, when a MoR processes a transaction for a seller, receives settlement funds, and then passes those funds to the actual seller of the goods or services, there is a risk that the MoR has engaged in unlicensed money transmission. Failure to register as a money transmitter can result in federal and state penalties.
Key Facts and Allegations in the FTC’s MoR Case
In its recent law enforcement action, the FTC alleged that the tech support scammers used pop-ups that appeared to freeze consumers’ computers and other mechanisms that prevented consumers from downloading software and directed the consumers to call a toll-free number for assistance. Those consumers were subjected to deceptive and misleading sales pitches about tech support services they should purchase.
According to the FTC, the tech support scammers did not have their own merchant processing accounts, and the charges were processed through a different entity serving as the merchant of record. To pay for the tech support services, consumers entered their card information into an online payment page supported by the MoR, and the MoR charged the consumers for the tech support services under its name.
The FTC’s complaint alleged that the MoR businesses engaged in deceptive and unfair practices and violated the credit card laundering and “substantial assistance” provisions of the TSR. The substantial assistance provision makes it unlawful for a person to provide substantial assistance or support to anyone who the person knows or consciously avoids knowing is in violation the TSR.
The FTC’s complaint included a litany of red flags that the MoR entity was allegedly aware of about the merchants’ TSR violations, including numerous consumer complaints, police reports and inquiries, newspaper articles detailing the fraudulent telemarketing practices, chargebacks and inquiries from Visa and Mastercard, and uses of microtransactions to create bogus small-dollar transactions as a method to water down chargeback rates, among others.
The MoR defendants agreed to resolve the FTC’s complaint through a $16.75 million settlement. Among other things, the stipulated injunctive relief bans the MoR defendants from presenting or depositing into the credit card systems for payment any credit card sales drafts from telemarketing transactions that are not the result of a transaction between the cardholder and the merchant (i.e., credit card laundering). Defendants are also banned from providing payment processing services for any company that sells tech support services through telemarketing, unsubstantiated advertising, or pop-up messages relating to the security or performance of a computer.
Notably, this is not the first time the FTC has directed law enforcement at a company alleged to have engaged in credit card laundering under the Telemarketing Sales Rule. In April 2020, the FTC entered into a $6.75 million settlement with a Canadian-based entity that used its credit card merchant account to submit consumer payments for processing sales from third-party tech support services. The FTC’s complaint in that case described the defendant as a “central hub” of lead generators and tech support call centers.
Is There a Way to Provide MoR Services Lawfully?
Entities providing MoR and sales facilitation services should review their model with legal counsel carefully. The MoR model is not recognized or expressly allowed under card brand rules and presents a host of challenges in areas such as consumer protection, money laundering, and unlicensed money transmission.
From the consumer protection perspective, an entity providing MoR services may take some steps at the point of sale to make it known to the consumer that the MoR is involved in the sale, so that the consumer understands who to contact for disputes about the products or services purchased or the charges to their account.
However, even this level of disclosure may not remedy consumer protection or card laundering concerns. In the recent FTC case, the purchase page included both the names of the tech support company and the MoR entity, the MoR entity sent the purchase confirmation email from its email account, and the charges on the consumers’ card statements included the MoR’s name. Apparently, this was not enough to convince the FTC that the MoR entity was the true merchant of record.
The credit card networks do provide a way for an entity to use a single merchant processing account to process the sale transactions of other merchants, and that way involves becoming a “payment facilitator” under the card brand rules. Payment facilitators must be registered with the card networks and are contractually subject to many of the same types of underwriting, transaction monitoring, and other requirements that payment processors must follow.
Payment facilitators and their associated processors and acquiring banks underwrite and track the “sub-merchants” under the payment facilitator to help prevent bad actor merchants from entering the payment system. And, when structured properly, payment facilitators may be able to provide services without obtaining money transmission licenses by partnering with a sponsor bank or other acquiring partner to manage the receipt and transmission of settlement funds.
