- CFPB Fires Another Warning Shot for Processors to Be Aware of Their Merchants’ Activities
- June 14, 2016 | Authors: Brian G. Barrett; Brian M. Murphy; Robert J. Pile; Lewis S. Wiener
- Law Firms: Eversheds Sutherland (US) LLP - New York Office; Eversheds Sutherland (US) LLP - Atlanta Office; Eversheds Sutherland (US) LLP - Washington Office
In a recent line of enforcement actions, the Consumer Financial Protection Bureau (CFPB) has signaled that it will hold payment processors liable if the CFPB believes the processors know or should have known that transactions processed for their processing customers are fraudulent or illegal. The most recent of these enforcement actions was filed on June 6 against Intercept Corporation, an Automated Clearing House (ACH) payment processor, and its owners for allegedly enabling its customers to make fraudulent and illegal ACH debits against consumer accounts in violation of the prohibition on unfair, deceptive, or abusive acts or practices under the Consumer Financial Protection Act.1
The CFPB alleged that Intercept’s clients (which include debt collectors, payday lenders, auto title lenders and sales finance corporations) were initiating large numbers of unauthorized, fraudulent, and illegal transactions and that Intercept was processing those transactions even though it knew, or consciously avoided knowing, that the transactions were not legitimate. The CFPB alleged that the payment processor failed to conduct adequate due diligence and monitoring of its clients’ activities and ignored numerous red flags, including:
- Repeated consumer complaints regarding unauthorized transactions.
- Numerous warnings and complaints from Intercept’s bank partners regarding high rates of rejected transactions, discrepancies in transaction information, and other suspicious activity. According to the CFPB, if one of these banks terminated its relationship with Intercept, Intercept would find a new bank to continue processing transactions for Intercept’s clients, rather than investigate the suspicious activity.
- Excessively high levels of rejected transactions (some of Intercept’s clients had rejected transactions at more than 25 times the national average).
- Federal and state law enforcement actions against Intercept’s clients regarding illegal business conduct, unauthorized transactions and other activity that could have raised Intercept’s suspicion.
The Intercept enforcement action follows a recent 2015 enforcement action by the CFPB alleging that payment processors facilitated their clients’ large-scale fraud by enabling them to accept credit and debit card payments from consumers when the processors knew or should have known that their clients were engaging in unlawful debt collection practices. The CFPB alleged that the processors did not follow their own credit and underwriting policies, failed to perform adequate diligence on their debt collector clients, failed to investigate red flags, and ignored numerous indicators that the merchants were conducting fraud.
Based on this line of CFPB enforcement actions, the CFPB is sending a clear message to processors that it expects them to actively monitor for, and take action with respect to, red flags and other suspicious activities related to the transactions they process, and that the CFPB will seek regulatory enforcement against processors that turn a blind eye to indications of fraudulent and illegal transactions.
112 U.S.C. §§ 5531(a) and 5536(a)(1)(B).