chevron-down Created with Sketch Beta.
August 07, 2014 Articles

Operation Choke Point Casts Cloud over Payment Systems Industry

FTC enforcement actions against payment card processors due to deceptive acts of their merchants are on the rise. Following industry guidelines on underwriting and monitoring of merchant risk could help mitigate exposure

by Edward A. Marshall

In an initiative ominously dubbed "Operation Choke Point," the Department of Justice (DOJ), in collaboration with the Federal Trade Commission (FTC) and other federal authorities, has increasingly targeted players within the payment systems industry for the allegedly deceptive trade practices of their merchants.

The reach of the "operation" is sweeping. Indeed, recently released documents reveal that the government has initiated criminal investigations, issued subpoenas, and pursued civil litigation against scores of banks, processors, and independent sales organizations (ISOs), obtaining settlements in some. According to an internal DOJ memorandum, this is just the beginning. These early settlements are designed to send a message to the banking and payment systems community at large.

Nature of FTC Enforcement Proceedings
In the civil litigation context, these legal actions have taken two primary forms. First, the FTC has pursued payment processors and ISOs as codefendants in civil actions against allegedly untoward merchants, asserting that—by virtue of their facilitation of the merchant's payment card transactions—these actors should be held jointly liable for the injury that the merchant's purportedly deceptive practices inflicted on the consuming public. See, e.g., FTC v. WV Universal Mgmt., LLC, No. 6:12-cv-1618 (M.D. Fla. June 18, 2013); FTC v. Innovative Wealth Builders, Inc., No. 8:13-cv-123 (M.D. Fla. June 4, 2013). The argument tends to be that, because the processor had reason to know of unusually high chargeback ratios, high returns, and/or publicly accessible consumer complaints associated with the merchant, it effectively turned a blind eye to "red flags" of alleged consumer fraud. Thus, in the parlance of the FTC, the processors allegedly provided "substantial assistance or support" to the bad actors while "consciously avoid[ing] knowing that the [merchant] is engaged in" deceptive marketing practices, all in violation of the FTC's Telemarketing Sales Rule, 16 C.F.R. § 310.3(b) ("It is a deceptive telemarketing act or practice and a violation of this Rule for a person to provide substantial assistance or support to any seller or telemarketer when that person knows or consciously avoids knowing that the seller or telemarketer is engaged in any act or practice that violates §§ 310.3(a), (c) or (d), or § 310.4 of this Rule.").

Second, the FTC has pursued contempt sanctions against processors and ISOs for continuing to honor consumer-initiated chargebacks following a court-imposed "asset freeze" over a merchant's funds. In such cases, the FTC has argued that once the processor and ISO were put on notice of the asset freeze, it became their responsibility to stop processing chargebacks from reserves associated with the affected merchant. If the processor nevertheless debited the chargebacks from "reserve accounts" linked to the merchant's transactions, the FTC takes the position that the processor and ISO violated the asset-freeze order, subjecting them to sanctions—including turning over the original balance of the reserve account to an FTC receiver. Perhaps to soften judicial resistance to such sanctions, the FTC will often seek to portray the processor and ISO as somehow culpable in bringing about the consumer fraud—e.g., by arguing that the presence of the same "red flags" described above should have alerted them to the merchant's questionable business activities. The theory is that, by continuing to do business with a merchant whose account reflected such potential indicia of untoward business practices, the processor or ISO should bear the risk for the ensuing chargebacks (no matter what contractual protections were built into their merchant services agreement).

Criticism of FTC Enforcement Initiative
Not surprisingly, the FTC's enforcement actions—despite their laudatory goals—have been the subject of certain criticisms, including from lawyers, commentators, and most recently, members of the U.S. House of Representatives.

At a high level, some have argued that the FTC is effectively transferring its regulatory enforcement responsibility to payment processors and ISOs—involuntarily deputizing them as watchdogs of consumer fraud perpetrated by the merchants with which they do business and making them unwilling insurers against merchant fraud. Critics have argued that the standards by which the FTC assigns culpability to actors within the payment systems ecosystem are vague and ill-defined (e.g., at what point do chargebacks become "red flags" of deception versus an indicator of more innocuous consumer frustration?).

There are also certain legal, factual, and policy-based objections to the FTC's approach. For example, the alleged failure to more aggressively detect and respond to high chargeback ratios, returns, and consumer complaints could arguably be more accurately characterized as passive negligence rather than "conscious disregard." And the assignment of culpability in contempt actions (e.g., for continuing to debit consumer chargebacks from reserves) may be jurisdictionally impermissible when the targeted processor or ISO is a nonparty to the underlying merchant litigation. Plus, the FTC's contempt actions arguably misconstrue a processor's reserves as "merchant funds" when they may, by contract, legally belong to the processor, while at the same time ignoring potential rights of recoupment belonging to the processor.

What is more, much of the FTC's apparent ire directed at the payment systems industry seems to be predicated on the factual assumption that chargebacks and returns are necessarily (or at least typically) indicative of deceptive business practices. Often, however, that may not be the case. Chargebacks and returns can arise from any number of circumstances, many of which are either innocuous or, at worst, indicative of problems that do not rise to the level of consumer deception or fraud.

There is also the concern that enforcement actions will have unintended and unwanted consequences that will extend beyond the "bad actors" the FTC should want to see shut down. For example, merchants perceived to be working in "high risk" markets, even legitimate businesses, may be excluded from the payment card market if processors and ISOs are led to conclude that processing for such merchants opens them up to liability. That, in turn, could result in total market exclusion for certain categories of businesses or their migration to payment forms that are far less protective of consumers than credit cards (with their accompanying chargeback rights). And, if high chargebacks and returns are construed as badges of fraud, then it may lead processors and ISOs simply to "drop" merchants (again, even legitimate ones) that experience high chargeback ratios or return rates, which can be the death knell for a merchant that depends on payment card transactions to sustain its business.

The relative nascency of the FTC's enforcement actions makes it difficult to predict how the FTC's theories will ultimately be received by the courts. Given that the FTC may choose to pursue more extreme cases in the initial phases of "Operation Choke Point," early decisions could well produce favorable precedent for the FTC that processors and ISOs will be left to grapple with in actions that present less compelling cases of processor and ISO culpability.

Industry Responds with Underwriting and Risk Monitoring Guidelines
Although continued litigation seems unavoidable, leaders within the payment systems industry have elected to take a proactive approach. For example, in March 2014, the Electronic Transactions Association—a global trade association that represents the payment systems industry—published a 109-page set of "Guidelines on Merchant and ISO Underwriting and Risk Monitoring" that present dynamic best practices designed to "help eliminate prohibited and undesirable merchants from entering into or remaining in the card acceptance ecosystem." Among other things, the Guidelines suggest that members establish carefully considered underwriting and monitoring policies adapted to address various merchant types (including "high risk" merchants) and to document the policies and decision-making processes that lead a processor to initiate and retain relationships with its ISOs and merchants.

While the Guidelines are nonbinding, and recognize the need for flexibility in the industry, they encourage those within the payment systems ecosystem to "strive to ensure that they are not providing payments acceptance for merchants or ISOs that engage in fraudulent acts or practices that harm consumers"—regardless of whether there is any legal mandate that they do so. Counsel are well-advised to alert and inform their payment systems clients on the possible benefits of implementing such Guidelines.

Keywords: deceptive telemarketing practices, deceptive trade practices, electronic transactions, FTC enforcement, ISOs, Operation Choke Point, payment processors, payment systems

Copyright © 2014, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).