CFPB Enforces Payment Processors' Obligations to Identify Fraud


In recent enforcement actions, the Consumer Financial Protection Bureau (CFPB) sued four payment processing companies – not for engaging in illegal debt collection – but rather, for ignoring warning signs in processing payments for debt collectors who were engaged in fraudulent debt collection schemes. The CFPB charged the payment processors with violating 12 U.S.C. § 5536(a)(3), which prohibits “knowingly or recklessly” providing “substantial assistance” to a person engaged in unfair, deceptive, or abusive acts. The CFPB alleged that the payment processors assisted in fraud conducted by phony debt collectors in which consumers were threatened and harassed to pay debts they did not owe. The CFPB claimed that the payment processors were necessary for the debt collectors to accept payment by credit and debit cards and, by failing to do adequate due diligence and respond to concerns, they facilitated the debt collectors’ efforts and legitimized the debt collectors’ business to consumers. By these actions, the CFPB made clear that payment processors are expected to monitor their business appropriately, respond to red flags and take steps to identify transactions which may be fraudulent.

In April, the CFPB announced enforcement actions against companies and individuals engaged in a “phantom debt” collection scheme as well as against several payment processors that provided services to those debt collectors. The scheme allegedly employed by the debt collectors involved using aliases and placing automated phone calls to consumers, and then deceiving the consumers into believing that they had to pay debts that they did not owe or did not owe to the company attempting to collect the debt. According to the Complaint, the calls were threatening and harassing, and were achieved through a telemarking company.

The CFPB alleged that the payment processors “knowingly or recklessly” approved merchant applications from debt collectors that contained “indicia of fraud” and ignored other warning signs that their clients were engaged in fraudulent schemes, including consumer disputes that should have informed the payment processors of illegal conduct. Interestingly, the CFPB used the internal policies and procedures of the various payment processors against them. The internal policies and procedures required enhanced scrutiny of debt collector activity and prohibited processing payments on behalf of certain debt collectors altogether. In the Complaint, the CFPB pointed to instances when the payment processors failed to properly scrutinize a transaction or where the payment processors approved account applications for these debt collectors when their own policies counseled against it.

The CFPB also sued Global Connect, LLC, the telemarketing company that placed the automated calls to consumers on behalf of the debt collectors, for its involvement in the scheme. The CFPB alleged that Global Connect knew or should have known that the messages it broadcast on behalf of the debt collectors were unfair and deceptive.

These were not the first actions brought by the CFPB against payment processors and third parties holding them responsible for failing to detect and respond to indications of wrongdoing by others. In August 2014, Global Client Solutions, another payment processor, agreed to pay $7 million to settle a CFPB enforcement action for processing illegal debt-settlement fees on behalf of debt relief companies from all over the country. In December 2014, the CFPB brought an enforcement action against a large telecommunications company for allowing third parties to “cram” unauthorized charges onto customers’ bills through the company’s billing and payment-processing system. That action is pending.

The CFPB, like many other agencies, is enforcing its laws by identifying “choke points” and holding “gatekeepers” at those points responsible if they fail to police the parties with whom they do business. Gatekeepers such as payment processors must be vigilant not only to avoid becoming involved in fraudulent schemes, but also to avoid being the subject of an enforcement action by the CFPB. For companies that provide services to businesses whose activities may be regulated by the CFPB, it is important to:

  • Understand the nature of every customer’s business.
  • Be aware that the CFPB may hold the company accountable for the illegal conduct of a customer if the customer’s business involves activities regulated by the CFPB.
  • Adopt proper due diligence procedures and risk monitoring controls to avoid engaging in or allowing conduct that violates federal consumer financial laws.
  • Follow internal policies and procedures in place and remember that non-compliance could be used against the company as evidence of misconduct.

Proper due diligence and internal controls should minimize the risk of becoming involved in a type of illegal scheme subject to enforcement by the CFPB. This is important as the CFPB likely will continue the trend of holding gatekeepers accountable.

If you have any questions concerning this topic please contact an attorney in Haynes and Boone’s Government Investigations and Litigation group.

Email Disclaimer