Payment Processor Pays $40.2 Million to Settle Fraudulent Schemes Case

Arent Fox
Contact

Arent Fox

The Federal Trade Commission (FTC) recently announced a settlement with First Data Merchant Services, LLC (First Data) and Chi “Vincent” Ko, one of its executives, for a little over $40.2 million after allegations that First Data facilitated at least four fraudulent scams. First Data is one of the largest global payment processors, and it processes over $2 trillion a year.

The FTC Allegations

The FTC complaint alleges that First Data assisted and facilitated payments for companies engaged in fraudulent schemes and illegal activities. One scheme involved a debt relief telemarketing scam that took over $20 million from consumers. Another fraudulent scheme utilized First Data payment services to exploit consumer’s stolen credit card data, which were used to place $28 million in unauthorized charges on bills through First Data merchant accounts.

According to the complaint, a 2015 audit found that First Data had “no controls” on how it managed high-risk merchants. In addition to ignoring other red-flags, the lack of controls made it possible for Ko to open accounts under false names, provide deceptive information to open the accounts and ignore evidence that his clients were engaged in fraud. Of the warning signs, many of the merchant account applications approved by First Data omitted key information about the applicant’s business, had no merchant category code, contained no employee information, and included no information about the goods or services the merchant offered to consumers.

The $40.2 million settlement funds will be used to refund consumers harmed by the fraudulent schemes. First Data is also required to hire an independent assessor to oversee compliance with the settlement’s oversight program for three years. The FTC’s complaint against First Data Merchant Services can be found here, and the settlement press release can be found here.

The Takeaway

Payment processors should take care to implement proper screening for account applications. Screening should include safeguards aimed at detecting potential fraudulent applications, as well as ongoing screening for illegal transactions. Additionally, companies engaging payment processors should take care to vet the companies with which they work and to require reasonable security controls in the processing of payments.

All companies engaging third party payment processors should be aware of this settlement, take steps to review their internal vendor vetting processes, and confirm that appropriate security measures, including the Payment Card Industry Data Security Standards, are contractually required.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Arent Fox | Attorney Advertising

Written by:

Arent Fox
Contact
more
less

Arent Fox on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.