FTC Looks To Ban Payment Methods Susceptible To Fraud

by Manatt, Phelps & Phillips, LLP

In May, the Federal Trade Commission issued a Notice of Proposed Rulemaking concerning possible amendments to the Federal Telemarketing Sales Rule, which would prohibit sellers and telemarketers from accepting remotely created checks or remotely created payment orders. Barrie VanBrackle of Manatt, Phelps & Phillips LLP, explores the FTC’s proposal, the potential consequences for payments innovation and the alternatives.

In the last few months, the Federal Trade Commission ('FTC') has filed actions against several payment card processors, which process payment card transactions for merchants accepting payments using remotely created checks (RCC) or remotely created payment orders (RCPO) (the FTC has also pursued the merchants in these or separate actions). The FTC's recent lawsuits against payment processors generally state that the merchants used these deceptive methods with the assistance and knowing cooperation of their payment processors, or, conversely, the payment processors suggested these payment mechanisms to merchants. The basis for the FTC's actions are that certain consumers of the merchants state that they did not authorise the payments made. The FTC further states that these types of payment methods do not require the consumer's authorisations that are required with usual payment methods such as payment cards and thus these types can more easily result in fraud. Recent examples of actions taken by the FTC against payment processors are those against Landmark Clearing (and its principals) (Case No. 4:11-cv-00826) and Automated Electronic Checking, Inc., (Case 3:13-cv-00056.)

The foregoing actions both settled and included in the settlement that the defendants (the payment processors) would be permanently prohibited from processing payments for any of their merchant customers that they know, or should have known, are violating the FTC Act or the Federal Telemarketing Sales Rule (TSR), although the settlement did not include a ban on the acceptance of RCCs or RCPOs as payment methods. However, in May 2013, the FTC issued a Notice of Proposed Rulemaking (NPRM), and request for public comment on amendments to the TSR that would bar sellers and telemarketers from accepting RCCs, RCPOs and other cash reload mechanisms as payment in inbound or outbound telemarketing transactions and would expand the advance fee ban on recovery services (now limited to recovery of losses in prior telemarketing transactions, to include recovery of losses in any previous transaction). The comment period expires on 8 August 2013. This article focuses on the aspect of the NPRM that would prohibit the use of RCCs, RCPOs and cash reload mechanisms from the perspective of the payment processor.

Under the TSR, the FTC has the authority to promulgate rules that 'prohibit deceptive telemarketing acts or practices, and other abusive telemarketing acts or practices.' (Section 310.3 and 310.4 of the TSR). The NPRM focuses on the FTC's interpretation of the aspect of the TSR which allows the FTC to have rulemaking authority over 'other abusive telemarketing acts or practices' as such 'other abusive telemarketing acts or practices' would include those acts or practices that would be considered 'unfair' to consumers (the NPRM then looks to Section 5 of the FTC Act in determining that 'an act or practice is "unfair" under Section 5 of the FTC Act if it causes or is likely to cause substantial injury to consumers, [or] if the harm is not outweighed by any countervailing benefits to consumers...'). The FTC proposes amending the TSR so as to prevent the foregoing payment methods (which it considers 'novel') in that these payment mechanisms are cleared via methods that provide 'little or no systematic monitoring to detect or deter fraud' (p.9, NPRM). However, what is the impact on the acquiring industry if the FTC prevents 'novel' payment mechanisms when not all of these payment mechanisms are used to perpetrate fraud? Secondly, if the FTC is able to deter 'novel' payment mechanisms, will that action not have a chilling effect on legitimate newcomers to payments? Finally, the NPRM only seeks an amendment to the TSR and does not seek to prevent the use of these payment methods through non-TSR merchants and as such, does the FTC go far enough in the NPRM?

The Landmark and Automated cases revolved around merchants that used RCCs and RCPOs as methods of accepting payments. The FTC discusses in both cases that the payment processors had liability because they should have been monitoring the enormous amount of returns and chargebacks to determine that the merchants were perpetrating a fraud on the public. The FTC also intimated via allegations that the payment methods were so novel, that the merchant could not have come up with this method - it relied on the payment processor to come up with these methods.

No one wants to see fraud perpetrated on the public. But, the acquiring industry and merchants continue to work on payment innovations so that consumers who do not utilise conventional payment methods can still purchase goods and services. The public consumes goods and services online and via telemarketing at an ever-increasing rate. The Census Bureau for the Department of Commerce in May 2013 announced that retail ecommerce sales increased 2.7% from the fourth quarter of 2012. Legitimate providers are seeking to provide payment mechanisms, which allow persons that do not wish to use or cannot access conventional payment methods such as payment cards to pay for goods and services using other methods (which may be more cost efficient for the seller). Not all such payment methods are used for the proliferation of fraud. If the FTC seeks to ban payment methods because of fraud risk, could it chill the proliferation of novel methods? Is there another way to address fraud other than eliminating these payment methods?

The FTC suggested in the Landmark and Automated cases that the merchants (and the processors) ignored the amount of chargebacks and returns, and based on the large number, at least the processor should have realised the fraud. Following those settlements, does it not make more sense to require merchants (and their payment processors and acquiring banks) to closely monitor chargebacks and return rates? Enormous amounts of returns could signal fraud. This monitoring would require three different checks from three parties and so detect issues

Moreover, merchant agreements usually include provisions that require the merchant to with all applicable laws, as well as payment card network rules. The FTC Act and the TSR are both Federal laws with which the merchant would be required to comply, and both currently prohibit 'deceptive or abusive acts or practices.' Deducting unauthorised payments from a consumer's bank account would violate those laws. If the merchant violates either of the foregoing (as well as the numerous consumer protection laws), the merchant would be in breach of its merchant agreement, and arguably, depending on the agreement terms, the payment processor would have the right to terminate the merchant. If a merchant is terminated from payments, its 'lifeblood' would be cut-off and the merchant would be prevented from accessing the payments system. Thus the current merchant agreement should prevent a fraud perpetrated on a consumer, without eliminating payment methods that could be used for legitimate purposes.

Further, the NPRM would only prevent the use of RCCs and RCPOs for merchants. However, a nontelemarketing merchant could still use these payment methods (for legitimate purposes). However the NPRM, as proposed, would require payment processors to confirm that none of their merchants are using the prohibited payment methods. A large processor could sign upwards of 10,000 merchants a month. The amount of monitoring that a payment processor would be required to conduct is already enormous. Requiring a payment processor to further monitor all of the payment methods used by all of its merchants could put the payment processor out of business if the FTC seeks to hold the payment processor liable for the acts of its merchants. Should we not continue with the current methodology of having the payment processor and the bank monitor chargebacks (and the FTC continue to monitor complaints), as opposed to prohibiting a payment method that could be used legitimately? And again, the NPRM would only limit this payment method for particular merchants - telemarketers.

The NPRM seeks comment on the elimination of RCCs RCPOs based on the 'staggering' number of returns and the fact that 'the systemic weakness of the check clearing system make it much more accommodating for [merchants] than the credit card system or ACH network' (p. 26-27 of the NPRM). The FTC is seeking comment that these types of payment methods are 'essential' (NPRM, p. 38), and there are bound to be legitimate uses of these methods. Is there not a better way to deter wrongdoers under current laws from using payment system rather than putting another burden on payment processors, potentially squelching payment innovation?

Legitimate methods of doing nearly anything can have a sinister outcome. Is there a better way of preventing access to bank accounts (i.e., much like in the payment card usage, the merchant will have systems directly connecting to the payment processor). There could be some form of requirement that if a consumer provides its bank account number, an authorisation system can be put in place to require confirmation from the consumer? This may deter fraudulent merchants - and would not just be limited to the telemarketing industry.

This article was previously published in E-Finance & Payments Law & Policy (July 2013).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.