Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC Sues Payment Processor for Assisting Allegedly Fraudulent Credit Card Debt Relief Operation

    Fintech

    On June 5, the FTC announced that it has added a payment processor as a defendant in an existing suit against a debt relief firm that the FTC alleges operated a credit card interest rate reduction scam. The FTC claims that the debt relief firm cold-called consumers and charged them up-front fees for promises of credit card interest rate reductions that the firm never obtained. The FTC charges that the payment processor knew, or consciously avoided knowing, the supposedly illegal nature of the operation and facilitated allegedly deceptive and abusive telemarketing acts or practices in violation of the Telemarketing Sales Rule. The FTC also alleges that the processor ignored the “alarmingly high” chargeback rates.

    FTC Payment Systems Enforcement

  • New York AG Obtains Health Care Credit Card Settlement

    Fintech

    On June 3, AG Schneiderman announced an agreement with a credit card issuer to resolve an investigation into alleged consumer protection concerns arising from the offering of credit cards through medical care providers. The AG cited a Health Care Bureau investigation that found the health care provider application process is often rushed and occurs when treatment is set to begin, resulting in consumers feeling pressured into applying for the card and being charged the full amount for treatment in advance of receiving services. The AG claimed that, in many instances, providers failed to inform consumers of the terms of the card and represented that the account had “no interest,” when it carried retroactive interest of 26.99% if not paid in full during a promotional period. Other consumers allegedly thought that they were signing up for an in-house, no-interest payment plan directly with their provider, or a line of credit with 0% interest. Under the agreement, the issuer will establish an appeals fund for certain card holders who disputed a claim and were denied, which could result in refunds or credits of up to $2 million to approximately 1,000 card holders. The issuer also must implement consumer protection and compliance measures, including, among others: (i) offering a three-day “cooling off” period, such that no transaction over $1,000 can be charged within three days of an initial application, (ii) adding a set of “Transparency Principles” to provider contracts to ensure that providers accurately describe card terms, and implementing other health care provider training and oversight measures, (iii) revising promotional interest rate and other disclosures, and (iv) standardizing complaint management procedures.

    Credit Cards Enforcement

  • FDIC Announces Enforcement Action Against Debit Card Issuer, Affiliated Service Provider

    Fintech

    On May 31, the FDIC announced enforcement actions against a California bank and an affiliated service provider for alleged unfair and deceptive practices in the marketing and servicing of a prepaid reloadable MasterCard. According to the FDIC, the service provider’s website contained a number of misrepresentations while omitting other information. Specifically, the FDIC claimed that the firm deceptively advertised free online bill pay, promoted features that were not available to cardholders, and charged fees that were not clearly disclosed. Additionally, the service provider’s ACH error resolution procedures imposed additional, undisclosed requirements on card holders. Neither the bank nor the service provider admitted the allegations, but they agreed to establish a restitution fund of approximately $1.1 million for over 64,000 card holders, and pay civil money penalties of $600,000 and $110,000, respectively. The consent orders (i) direct both entities not to engage in further violations of law, (ii) establish specific corrective actions, and (iii) require enhanced compliance management systems and periodic reporting to the FDIC. The bank is further required to strengthen its oversight of third parties.

    FDIC Prepaid Cards Enforcement

  • Federal District Court Holds Phone Number Provided in Online Account Information Is Consent to Receive Text Messages

    Fintech

    On May 30, the U.S. District Court for the Northern District of California held that a user of an online service consented to receiving text messages from that service by including his mobile number in his online account information. Roberts v. PayPal, Inc., No. 12-622, 2013 WL 2384242 (N.D. Cal. May 30, 2013). In this case, a PayPal user filed a putative class action claiming that the company sent unsolicited advertisements via text messages to users’ mobile phones in violation of the Telephone Consumer Protection Act, which generally prohibits unsolicited calls and messages using automatic dialing or prerecorded voices absent express written consent. The court granted summary judgment to PayPal, holding that, by providing his mobile phone number to PayPal when he added the number to his online account, the user provided express consent for PayPal to send text messages. The court did not resolve PayPal’s alternative argument that the user consented to receiving messages by accepting the terms of PayPal’s user agreement, which included an express consent to receive autodialed calls. That provision was not included in the agreement at the time the user created his PayPal account and accepted the user agreement, but was added several years later without notice to the user. The court expressed skepticism concerning the binding nature of an agreement amendment that is merely posted to a website without other notice to the customer, even if the customer has previously agreed to the terms and that procedure.

    TCPA Privacy/Cyber Risk & Data Security

  • New York Investigates Insurance Companies' Cyber Security

    Fintech

    On May 28, New York Governor Andrew Cuomo announced an inquiry into the measures employed by insurance companies to protect their customers and companies from cyber threats. The state’s Department of Financial Services sent letters to 31 insurers seeking an array of information, including information about (i) any cyber attacks the company has been subject to in the past three years; (ii) the cyber security safeguards the company has put in place; (iii) the company’s information technology management policies; (iv) the amount of funds and other resources dedicated to cyber security at their company; and (v) the company’s governance and internal control policies related to cyber security. The governor explained that the state already is focused on ensuring that banks have appropriate protections in place, but that insurers also should be scrutinized because the “extraordinarily sensitive health, personal, and financial information that New Yorkers entrust to their insurance companies is a virtual treasure trove for hackers.”

    Privacy/Cyber Risk & Data Security

  • Federal Reserve Board Report Finds Interchange Fee Exemption Benefiting Small Issuers

    Fintech

    On May 23, the Federal Reserve Board issued a report showing that the exemption designed to protect small debit card issuers from interchange fee standards applied to large issuers is working as intended. The report indicates that depository institutions with consolidated assets of less than $10 billion, which are exempt from the interchange fee standard in Regulation II, received fee revenue of 43 cents per transaction in 2012 – roughly the same as the average received before Regulation II took effect. While the Dodd-Frank Act exempted small issuers from the interchange fee standard set in the regulation, it did not provide an exemption from the statute’s prohibition on network exclusivity. As a result, Regulation II requires every debit card issuer, regardless of size, to have at least two unaffiliated networks on every debit card. According to the report, most small issuers that responded to a survey about the effect of the network exclusivity provisions of the rule indicated that significant compliance costs were not incurred.

    Federal Reserve Debit Cards

  • FTC Releases Agenda for Mobile Security Forum

    Fintech

    On May 24, the FTC released the agenda for its June 4, 2013 forum on mobile security issues. The forum will address mobile malware, how it spreads, its impact on U.S. consumers, and the role of mobile platforms and others in the mobile ecosystem – from chipmakers to app developers – in securing mobile devices and data.

    FTC Privacy/Cyber Risk & Data Security

  • NACHA Proposes Clarification of Third Parties in ACH Network

    Fintech

    On May 20, NACHA, the organization that manages the ACH Network, requested comment on proposed changes to the NACHA Operating Rules to clarify the definitions, roles, and responsibilities of third parties in the ACH Network. The proposal explains that third parties are performing roles in ACH processing that were not contemplated at the time third parties were first addressed in the rules, and that the line between third parties and originators may sometimes be blurred. The proposal includes specific changes related to related to (i) clear Identification of the originator in consumer debit authorizations; (ii) third parties and receiver authorizations; (iii) definition of third-party sender; (iv) definition of third-party service provider; and (v) third-party sender and third-party service provider audit requirements. Comments on the proposal are due by June 28, 2013.

    NACHA

  • FTC Proposes Ban on Some Payment Methods Used by Telemarketers

    Fintech

    On May 21, the FTC proposed to prohibit the use of certain payment methods it believes are favored by "fraudulent telemarketers." The FTC's proposed rule would amend the Telemarketing Sales Rule (TSR) to prohibit telemarketers from (i) using remotely created unsigned checks and payment orders to directly access consumer bank accounts, and (ii) receiving payment through “cash-to-cash” money transfers and “cash reload” mechanisms. The FTC explained that allegedly fraudulent telemarketers rely on such payment methods because they are largely unmonitored and provide fewer consumer fraud protections. The proposed rule also would (i) expand the TSR's ban on telemarketing "recovery services" in exchange for an advance fee and (ii) clarify various other provisions of the TSR. The FTC is accepting public comments on the proposal through July 29, 2013.

    Fraud FTC

  • Digital Advertising Group Revises Code of Conduct for Interest-Based Advertising

    Fintech

    On May 16, the Network Advertising Initiative (NAI), a self-regulatory body governing over 90 third-party digital advertising companies, released a revised Code of Conduct designed to (i) ensure that NAI member companies continue to implement, honor, and maintain strong standards with respect to the collection and use of data for online advertising, (ii) adapt the code to accommodate all companies in the advertising technology field, and (iii) incorporate changes in the regulatory and self-regulatory landscape, including principles of the FTC's Self­ Regulatory Principles for Online Behavioral Advertising, the FTC's final privacy report, and the White House privacy report.

    FTC Privacy/Cyber Risk & Data Security

Pages

Upcoming Events